• ¡Welcome to Square Theme!
  • This news are in header template.
  • Please ignore this message.
مهمان عزیز خوش‌آمدید. ورود عضــویت


امتیاز موضوع:
  • 31 رای - 2.94 میانگین
  • 1
  • 2
  • 3
  • 4
  • 5
Title: Delphi Anti Virtual PC/VMware
حالت موضوعی
#1
Virtual PC:
Code:
کد:
function running_inside_vpc: boolean; assembler;
asm
push ebp

mov ecx, offset @@exception_handler
mov ebp, esp

push ebx
push ecx
push dword ptr fs:[0]
mov dword ptr fs:[0], esp

mov ebx, 0 // flag
mov eax, 1 // VPC function number

// call VPC
db 00Fh, 03Fh, 007h, 00Bh

mov eax, dword ptr ss:[esp]
mov dword ptr fs:[0], eax
add esp, 8

test ebx, ebx
setz al
lea esp, dword ptr ss:[ebp-4]
mov ebx, dword ptr ss:[esp]
mov ebp, dword ptr ss:[esp+4]
add esp, 8
jmp @@ret
@@exception_handler:
mov ecx, [esp+0Ch]
mov dword ptr [ecx+0A4h], -1 // EBX = -1 -> not running, ebx = 0 -> running
add dword ptr [ecx+0B8h], 4 // -> skip past the detection code
xor eax, eax // exception is handled
ret
@@ret:
end;

Vmware:
Code:
کد:
////////////////////////////////////////////////////////////////////////////////
//
// Simple VMware check on i386
//
// Note: There are plenty ways to detect VMware. This short version bases
// on the fact that VMware intercepts IN instructions to port 0x5658 with
// an magic value of 0x564D5868 in EAX. However, this is *NOT* officially
// documented (used by VMware tools to communicate with the host via VM).
//
// Because this might change in future versions - you should look out for
// additional checks (e.g. hardware device IDs, BIOS informations, etc.).
// Newer VMware BIOS has valid SMBIOS informations (you might use my BIOS
// Helper unit to dump the ROM-BIOS (http://www.bendlins.de/nico/delphi).
//

function IsVMwarePresent(): LongBool; stdcall; // platform;
begin
Result := False;
{$IFDEF CPU386}
try
asm
mov eax, 564D5868h
mov ebx, 00000000h
mov ecx, 0000000Ah
mov edx, 00005658h
in eax, dx
cmp ebx, 564D5868h
jne @@exit
mov Result, True
@@exit:
end;
except
Result := False;
end;
{$ENDIF}
end;
گروه دور همی پارسی کدرز
https://t.me/joinchat/GxVRww3ykLynHFsdCvb7eg
 
پاسخ
  


موضوعات مشابه ...
موضوع نویسنده پاسخ بازدید آخرین ارسال
  [Delphi] Simple Code Virtualization (Virtual Machine / Emulator) Amin_Mansouri 1 3,690 03-15-2013، 01:35 AM
آخرین ارسال: Saeed7007
  Anti Norman Online SandBox Amin_Mansouri 0 2,968 10-18-2011، 03:39 AM
آخرین ارسال: Amin_Mansouri
  [UNIT] SAD (Simple Anti Debug) Magic_h2001 Amin_Mansouri 0 3,169 10-18-2011، 01:25 AM
آخرین ارسال: Amin_Mansouri
  DELPHI OutputDebugStringA Anti Emulator ShellCode Amin_Mansouri 0 3,034 10-17-2011، 11:00 PM
آخرین ارسال: Amin_Mansouri
  [Snip] Another anti debugger procedure Amin_Mansouri 0 2,929 10-17-2011، 08:19 PM
آخرین ارسال: Amin_Mansouri
  [DELPHI]detect debuggers Amin_Mansouri 0 3,060 10-16-2011، 09:25 PM
آخرین ارسال: Amin_Mansouri
  [DELPHI]Anti JoeBox, CwSandbox, Anubis Amin_Mansouri 0 3,110 10-16-2011، 09:25 PM
آخرین ارسال: Amin_Mansouri
  [DELPHI]detect vm by krippler Amin_Mansouri 0 3,125 10-16-2011، 08:23 PM
آخرین ارسال: Amin_Mansouri
  [DELPHI]Anti ThreatExpert Amin_Mansouri 0 2,725 10-16-2011، 08:20 PM
آخرین ارسال: Amin_Mansouri
  AntiEmulators delphi Amin_Mansouri 0 2,844 10-15-2011، 09:57 PM
آخرین ارسال: Amin_Mansouri

پرش به انجمن:


Browsing: 2 مهمان