Detect VirtualBox (Bios Brand & Bios Version Trick)

1. //http://waleedassar.blogspot.com (@waleedassar)
2. //Reading "SMBiosData" to extract Bios Brand and Bios Version strings from registry.
3. //If the Bios Brand string is "innotek GmbH" or Bios Version is "VirtualBox", then it is a sign that we are running in VirtualBox.
4. //You can also use WMI to extract the same info.
5. #include "stdafx.h"
6. #include "windows.h"
7. #include "stdio.h"
8.  
9.  
10. void AllToUpper(char* str,unsigned long len)
11. {
12.     for(unsigned long c=0;c<len;c++)
13.     {
14.         if(str[c]>='a' && str[c]<='z')
15.         {
16.             str[c]-=32;
17.         }
18.     }
19. }
20.  
21. unsigned char* ScanDataForString(unsigned char* data,unsigned long data_length,unsigned char* string2)
22. {
23.     unsigned long string_length=strlen((char*)string2);
24.     for(unsigned long i=0;i<=(data_length-string_length);i++)
25.     {
26.         if(strncmp((char*)(&data[i]),(char*)string2,string_length)==0) return &data[i];
27.     }
28.     return 0;
29. }
30.  
31. int main(int argc, char* argv[])
32. {
33.     HKEY hk=0;
34.     int ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Services\\mssmbios\\data",0,KEY_ALL_ACCESS,&hk);
35.     if(ret==ERROR_SUCCESS)
36.     {
37.         unsigned long type=0;
38.         unsigned long length=0;
39.         ret=RegQueryValueEx(hk,"SMBiosData",0,&type,0,&length);
40.         if(ret==ERROR_SUCCESS)
41.         {
42.             if(length)
43.             {
44.                 char* p=(char*)LocalAlloc(LMEM_ZEROINIT,length);
45.                 if(p)
46.                 {
47.                     ret=RegQueryValueEx(hk,"SMBiosData",0,&type,(unsigned char*)p,&length);
48.                     if(ret==ERROR_SUCCESS)
49.                     {
50.                           AllToUpper(p,length);
51.                           unsigned char* x1=ScanDataForString((unsigned char*)p,length,(unsigned char*)"INNOTEK GMBH");
52.                           unsigned char* x2=ScanDataForString((unsigned char*)p,length,(unsigned char*)"VIRTUALBOX");
53.                           unsigned char* x3=ScanDataForString((unsigned char*)p,length,(unsigned char*)"SUN MICROSYSTEMS");
54.                           unsigned char* x4=ScanDataForString((unsigned char*)p,length,(unsigned char*)"VIRTUAL MACHINE");
55.                           unsigned char* x5=ScanDataForString((unsigned char*)p,length,(unsigned char*)"VBOXVER");
56.                           if(x1 || x2 || x3 || x4 || x5)
57.                           {
58.                               printf("VirtualBox detected\r\n");
59.                               printf("Some Strings found:\r\n");
60.                               if(x1) printf("%s\r\n",x1);
61.                               if(x2) printf("%s\r\n",x2);
62.                               if(x3) printf("%s\r\n",x3);
63.                               if(x4) printf("%s\r\n",x4);
64.                               if(x5) printf("%s\r\n",x5);
65.                           }
66.                     }
67.                     LocalFree(p);
68.                 }
69.             }
70.         }
71.         RegCloseKey(hk);
72.     }
73.     return 0;
74. }