|
- UID
- 4
- 精華
- 0
- 積分
- 82
- 金錢
- 126
- 奉獻值
- 3
- 閱讀權限
- 200
- 最後登錄
- 2012-2-3
|
[轉貼] DetectingVM
- program DetectingVM;
- {$APPTYPE CONSOLE}
- uses
- SysUtils;
- function IsRunInVirtual:boolean;
- function IsRunningVirtualPC: boolean;
- asm
- push ebp;
- mov ebp, esp;
- mov ecx, offset @exception_handler;
- push ebx;
- push ecx;
- push dword ptr fs:[0];
- mov dword ptr fs:[0], esp;
- mov ebx, 0; // Flag
- mov eax, 1; // VPC function number
- // call VPC
- db $0F, $3F, $07, $0B
- mov eax, dword ptr ss:[esp];
- mov dword ptr fs:[0], eax;
- add esp, 8;
- test ebx, ebx;
- setz al;
- lea esp, dword ptr ss:[ebp-4];
- mov ebx, dword ptr ss:[esp];
- mov ebp, dword ptr ss:[esp+4];
- add esp, 8;
- jmp @ret1;
- @exception_handler:
- mov ecx, [esp+0Ch];
- mov dword ptr [ecx+0A4h], -1; // EBX = -1 ->; not running, ebx = 0 -> running
- add dword ptr [ecx+0B8h], 4; // ->; skip past the call to VPC
- xor eax, eax; // exception is handled
- @ret1:
- end;
- var a, b:cardinal;
- begin
- a:=0;
- try
- asm
- push eax
- push ebx
- push ecx
- push edx
- mov eax, 'VMXh'
- mov ecx, 0Ah
- mov dx, 'VX'
- in eax, dx
- mov a, ebx
- mov b, ecx
- pop edx
- pop ecx
- pop ebx
- pop eax
- end;
- except
- end;
- result:=(a=$564D5868) or IsRunningVirtualPC;
- end;
- begin
- writeln(isRunInVirtual);
- readln;
- { TODO -oUser -cConsole Main : Insert code here }
- end.
|
|
