10-16-2011، 08:23 PM
با سورس زیر متونید شناسایی کنید برنامه شما با virtual pc هست یا vmware
کد:
program IsInVM;
{$APPTYPE CONSOLE}
uses
windows;
function InVMware: Boolean;
asm
XOR EAX, EAX
PUSH OFFSET @@Handler
PUSH DWORD PTR FS:[EAX]
MOV DWORD PTR FS:[EAX], ESP
MOV EAX, 564D5868h
MOV EBX, 3c6cf712h
MOV ECX, 0Ah
MOV DX, 5658h
IN EAX, DX
MOV EAX, True
JMP @@NotHandle
@@Handler:
MOV EAX, [ESP+$C]
MOV TContext(EAX).EIP, OFFSET @@Handled
XOR EAX, EAX
RET
@@Handled:
XOR EAX, EAX
@@NotHandle:
XOR EBX, EBX
POP DWORD PTR FS:[EBX]
ADD ESP, 4
end;
function IsInVPC: boolean; assembler;
asm
push ebp
mov ecx, offset @@exception_handler
mov ebp, esp
push ebx
push ecx
push dword ptr fs:[0]
mov dword ptr fs:[0], esp
mov ebx, 0 // flag
mov eax, 1 // VPC function number
// call VPC
db 00Fh, 03Fh, 007h, 00Bh
mov eax, dword ptr ss:[esp]
mov dword ptr fs:[0], eax
add esp, 8
test ebx, ebx
setz al
lea esp, dword ptr ss:[ebp-4]
mov ebx, dword ptr ss:[esp]
mov ebp, dword ptr ss:[esp+4]
add esp, 8
jmp @@ret
@@exception_handler:
mov ecx, [esp+0Ch]
mov dword ptr [ecx+0A4h], -1
add dword ptr [ecx+0B8h], 4
xor eax, eax
ret
@@ret:
end;
begin
if IsInVPC then writeln('Virtual PC detected') else writeln('Virtual Pc not detected');
if InVMware then writeln('VMWare Machine detected') else writeln('VMWare Machine not detected');
readln;
end.