VirtualBox VS. Hardware Breakpoints

1. //http://waleedassar.blogspot.com (@waleedassar)
2. // Code to test whether VirtualBox (With VTX/AMD-V turned off) supports hardware breakpoints
3. #include "stdafx.h"
4. #include <stdio.h>
5. #include <windows.h>
6.  
7. #define CONTEXT_ALL 0x1003F;
8.  
9. unsigned char probe=0x100;
10.  
11. int __cdecl Handler(EXCEPTION_RECORD* pRec,void* est,unsigned char* pContext,void* disp)
12. {
13.     if(pRec->ExceptionCode==0xC0000005)
14.     {
15.         *(unsigned long*)pContext=CONTEXT_ALL;
16.         //Set debug registers here
17.         *(unsigned long*)(pContext+0x4)=(unsigned long)(&probe);
18.         *(unsigned long*)(pContext+0x18)=0x032101;
19.         (*(unsigned long*)(pContext+0xB8))+=0x6;
20.         return ExceptionContinueExecution;
21.     }
22.     if(pRec->ExceptionCode==EXCEPTION_SINGLE_STEP)
23.     {
24.         MessageBox(0,"Expected behavior","waliedassar",0);
25.         ExitProcess(0);
26.     }
27.     return ExceptionContinueSearch;
28. }
29.  
30. int main()
31. {
32.     __asm
33.     {
34.         push offset Handler
35.         push dword ptr fs:[0x0]
36.         mov dword ptr fs:[0x0],esp
37.         xor eax,eax
38.         mov dword ptr[eax],0x1  ;;triggers an AV
39.         nop
40.         nop
41.         nop
42.         nop
43.         nop
44.     }
45.     unsigned char x=probe;
46.     MessageBox(0,"VirtualBox(Intel-VTX/AMD-V Turned off) detected","waliedassar",0);
47.     return 0;
48. }