Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- static VOID VmCheck()
- {
- DWORD nProcessIDs[1024];
- DWORD nProcesses;
- DWORD cb;
- DWORD i;
- HANDLE hProcess;
- CHAR szPath[MAX_PATH + 32];
- BOOLEAN found = FALSE;
- /* Check running process for known Virtual Machine tools */
- if(EnumProcesses(nProcessIDs, sizeof(nProcessIDs), &cb)) {
- nProcesses = cb / sizeof(nProcessIDs[0]);
- for(i = 0; i < nProcesses; i++) {
- hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, nProcessIDs[i]);
- if(!hProcess)
- continue;
- ZeroMemory(szPath, sizeof(szPath));
- if(!GetModuleFileNameEx(hProcess, NULL, szPath, sizeof(szPath)))
- continue;
- if( (strstr(szPath, "VBoxService") != NULL) ||
- (strstr(szPath, "VBoxTray") != NULL) ||
- (strstr(szPath, "VMware") != NULL) ||
- (strstr(szPath, "VirtualPC") != NULL) ||
- (strstr(szPath, "wireshark") != NULL) ) {
- found = TRUE;
- break;
- }
- CloseHandle(hProcess);
- }
- }
- if(found)
- ExitProcess(1);
- /* TODO: VMware sidt check */
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
