| Welcome, Guest |
You have to register before you can post on our site.
|
|
|
| Detect QEMU Virtual Machine |
|
Posted by: Anne Wilson - Yesterday, 09:39 PM - Forum: Source Code Library
- No Replies
|
 |
This program will detect if it is being run in a QEMU Virtual Machine VM.
Note that hackers will place your programs to run in a VM so that they can
pirate or hack your programs.
This is to detect whether the user is using a QEMU VM and to do the
necessary counter action.
Please let me know if you encounter issue with this program.
Code: ' Detect QEMU.bas
' This program uses multiple detection methods for QEMU VM to increase accuracy.
' However, no single method is foolproof, as virtualization environments
' can be customized or masked by hackers.
#COMPILE EXE
#DIM ALL
#INCLUDE "Win32Api.inc"
%KEY_QUERY_VALUE = &H0001
%ERROR_SUCCESS = 0
'============================
FUNCTION PBMAIN () AS LONG
IF IsQEMU() THEN
? "Running inside a QEMU virtual machine."
ELSE
? "Not running inside a QEMU virtual machine."
END IF
END FUNCTION
'===============================
' Detects QEMU VM using several methods
FUNCTION IsQEMU() AS LONG
LOCAL hqeKey AS DWORD
LOCAL dwType AS DWORD
LOCAL dwData AS DWORD
LOCAL cbData AS DWORD
LOCAL qresult AS LONG
' Indicator for various QEMU types
LOCAL tmpQe AS LONG
tmpQe = 0
' Check for QEMU-specific registry key (System Manufacturer)
' HARDWARE\DESCRIPTION\System\BIOS
qresult = RegOpenKeyEx(%HKEY_LOCAL_MACHINE, hwBios, 0, %KEY_QUERY_VALUE, hqeKey)
IF qresult = %ERROR_SUCCESS THEN
cbData = 256
' SystemManufacturer
qresult = RegQueryValueEx(hqeKey, SysManf , 0, dwType, BYVAL VARPTR(dwData), cbData)
IF qresult = %ERROR_SUCCESS THEN
'QEMU
IF INSTR(UCASE$(PEEK$(VARPTR(dwData), cbData)), StQE) > 0 THEN
tmpQe = 1
END IF
END IF
RegCloseKey hqeKey
END IF
IF tmpQe > 0 THEN
IsQEMU = 1
EXIT FUNCTION
END IF
' Check for QEMU-specific driver (qxl.sys or virtio drivers)
' such as QXL video adapter or VirtIO devices
' C:\Windows\System32\drivers\qxl.sys and
' C:\Windows\System32\drivers\vioinput.sys
IF ISFILE(qxlS ) OR ISFILE(vioinp) THEN
tmpQe = 2
END IF
IF tmpQe > 0 THEN
IsQEMU = 1
EXIT FUNCTION
END IF
' Check for QEMU-specific hardware (QXL video or VirtIO devices)
' C:\Windows\System32\drivers\qxl.dll and
' C:\Windows\System32\drivers\viostor.sys
IF ISFILE(stQxl) OR ISFILE(stVio) THEN
tmpQe = 3
END IF
IF tmpQe > 0 THEN
IsQEMU = 1
EXIT FUNCTION
END IF
' Not running inside QEMU
IsQEMU = 0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' C:\Windows\System32\drivers\vioinput.sys
FUNCTION vioinp() AS STRING
' Text is 40 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(40)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 40
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 40
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 137,244,134,19,90,252,4,157,27,48,199,3,14,247,228,3
! db 175,250,190,186,216,209,84,46,134,104,244,174,243,136,210,100
! db 103,146,120,43,36,182,157,78,0
#ALIGN 4
paddlabel:
! db 202,206,218,68,51,146,96,242,108,67,155,80,119,132,144,102
! db 194,201,140,230,188,163,61,88,227,26,135,242,133,225,189,13
! db 9,226,13,95,10,197,228,61,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' C:\Windows\System32\drivers\qxl.sys
FUNCTION qxlS() AS STRING
' Text is 35 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(35)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 35
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 35
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 39,193,199,194,34,252,156,45,109,153,235,30,232,30,74,199
! db 100,250,27,119,124,175,212,177,7,207,147,66,236,149,73,81
! db 143,69,39,0
#ALIGN 4
paddlabel:
! db 100,251,155,149,75,146,248,66,26,234,183,77,145,109,62,162
! db 9,201,41,43,24,221,189,199,98,189,224,30,157,237,37,127
! db 252,60,84,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
'C:\Windows\System32\drivers\qxl.dll
FUNCTION stQxl() AS STRING
' Text is 35 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(35)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 35
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 35
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 107,242,156,222,105,186,235,71,251,111,207,178,223,54,223,160
! db 48,66,192,5,85,78,114,228,105,10,125,30,253,8,13,29
! db 29,250,74,0
#ALIGN 4
paddlabel:
! db 40,200,192,137,0,212,143,40,140,28,147,225,166,69,171,197
! db 93,113,242,89,49,60,27,146,12,120,14,66,140,112,97,51
! db 121,150,38,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' C:\Windows\System32\drivers\viostor.sys
FUNCTION stVio() AS STRING
' Text is 39 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(39)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 39
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 39
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 249,253,198,251,223,113,140,156,245,139,234,192,79,79,251,90
! db 10,141,82,54,82,155,166,16,138,158,122,123,208,158,228,122
! db 211,170,16,201,173,76,240,0
#ALIGN 4
paddlabel:
! db 186,199,154,172,182,31,232,243,130,248,182,147,54,60,143,63
! db 103,190,96,106,54,233,207,102,239,236,9,39,166,247,139,9
! db 167,197,98,231,222,53,131,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' QEMU
FUNCTION StQE() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(4)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+0], 81
! mov BYTE PTR [esi+2], 77
! mov BYTE PTR [esi+1], 69
! mov BYTE PTR [esi+3], 85
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' SystemManufacturer
FUNCTION SysManf() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(18)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+14], 117
! mov BYTE PTR [esi+5], 109
! mov BYTE PTR [esi+9], 117
! mov BYTE PTR [esi+16], 101
! mov BYTE PTR [esi+15], 114
! mov BYTE PTR [esi+17], 114
! mov BYTE PTR [esi+11], 97
! mov BYTE PTR [esi+8], 110
! mov BYTE PTR [esi+13], 116
! mov BYTE PTR [esi+3], 116
! mov BYTE PTR [esi+4], 101
! mov BYTE PTR [esi+2], 115
! mov BYTE PTR [esi+0], 83
! mov BYTE PTR [esi+1], 121
! mov BYTE PTR [esi+7], 97
! mov BYTE PTR [esi+12], 99
! mov BYTE PTR [esi+6], 77
! mov BYTE PTR [esi+10], 102
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' HARDWARE\DESCRIPTION\System\BIOS
FUNCTION hwBios() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(32)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+28], 66
! mov BYTE PTR [esi+29], 73
! mov BYTE PTR [esi+27], 92
! mov BYTE PTR [esi+17], 73
! mov BYTE PTR [esi+4], 87
! mov BYTE PTR [esi+30], 79
! mov BYTE PTR [esi+20], 92
! mov BYTE PTR [esi+16], 84
! mov BYTE PTR [esi+21], 83
! mov BYTE PTR [esi+25], 101
! mov BYTE PTR [esi+31], 83
! mov BYTE PTR [esi+12], 67
! mov BYTE PTR [esi+15], 80
! mov BYTE PTR [esi+22], 121
! mov BYTE PTR [esi+9], 68
! mov BYTE PTR [esi+1], 65
! mov BYTE PTR [esi+3], 68
! mov BYTE PTR [esi+6], 82
! mov BYTE PTR [esi+0], 72
! mov BYTE PTR [esi+18], 79
! mov BYTE PTR [esi+23], 115
! mov BYTE PTR [esi+11], 83
! mov BYTE PTR [esi+7], 69
! mov BYTE PTR [esi+19], 78
! mov BYTE PTR [esi+26], 109
! mov BYTE PTR [esi+8], 92
! mov BYTE PTR [esi+2], 82
! mov BYTE PTR [esi+5], 65
! mov BYTE PTR [esi+10], 69
! mov BYTE PTR [esi+13], 82
! mov BYTE PTR [esi+14], 73
! mov BYTE PTR [esi+24], 116
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
|
|
|
| Detect Hyper-V Virtual Machine |
|
Posted by: Anne Wilson - Yesterday, 09:37 PM - Forum: Source Code Library
- No Replies
|
|
This program will detect if it is being run in a Hyper-V Virtual Machine VM.
Note that hackers will place your programs to run in a VM so that they can
pirate or hack your programs.
This is to detect whether the user is using a Hyper-V VM and to do the
necessary counter action.
Please let me know if you encounter issue with this program.
Code: ' Detect HyperV.bas
' This program uses multiple detection methods for Hyper-V VM to increase accuracy.
' However, no single method is foolproof, as virtualization environments
' can be customized or masked by hackers.
#COMPILE EXE
#DIM ALL
#INCLUDE "Win32Api.inc"
%KEY_QUERY_VALUE = &H0001
%ERROR_SUCCESS = 0
TYPE nSYSTEM_INFO
dwOemID AS DWORD
dwPageSize AS DWORD
lpMinimumApplicationAddress AS DWORD
lpMaximumApplicationAddress AS DWORD
dwActiveProcessorMask AS DWORD
dwNumberOfProcessors AS DWORD
dwProcessorType AS DWORD
dwAllocationGranularity AS DWORD
wProcessorLevel AS WORD
wProcessorRevision AS WORD
END TYPE
'===============================
FUNCTION PBMAIN () AS LONG
IF IsHyperV() THEN
? "Inside a Hyper-V virtual machine."
ELSE
? "Not inside a Hyper-V virtual machine."
END IF
END FUNCTION
'===========================
' Detects Hyper-V VM using several methods
FUNCTION IsHyperV() AS LONG
LOCAL hypKey AS DWORD
LOCAL dwType AS DWORD
LOCAL dwData AS DWORD
LOCAL cbData AS DWORD
LOCAL nresult AS LONG
' Indicator for HyperV types
LOCAL tmpHpV AS LONG
tmpHpV = 0
' Check for Hyper-V specific registry key
' HARDWARE\DESCRIPTION\System\BIOS
nresult = RegOpenKeyEx(%HKEY_LOCAL_MACHINE, hwBios, 0, %KEY_QUERY_VALUE, hypKey)
IF nresult = %ERROR_SUCCESS THEN
cbData = SIZEOF(dwData)
'SystemManufacturer
nresult = RegQueryValueEx(hypKey, SysManf , 0, dwType, BYVAL VARPTR(dwData), cbData)
IF nresult = %ERROR_SUCCESS THEN
' MICROSOFT
IF INSTR(UCASE$(PEEK$(VARPTR(dwData), cbData)), stMS ) > 0 THEN
tmpHpV = 1
END IF
END IF
RegCloseKey hypKey
END IF
IF tmpHpV > 0 THEN
IsHyperV = 1
EXIT FUNCTION
END IF
' Check for Hyper-V specific driver (vmbus.sys)
' C:\Windows\System32\drivers\vmbus.sys
IF ISFILE(vmbus) THEN
tmpHpV = 2
END IF
IF tmpHpV > 0 THEN
IsHyperV = 1
EXIT FUNCTION
END IF
' Check for Hyper-V specific hardware (Hyper-V Video) adapter
' C:\Windows\System32\drivers\hvvid.sys
IF ISFILE(hvvid) THEN
tmpHpV = 3
END IF
IF tmpHpV > 0 THEN
IsHyperV = 1
EXIT FUNCTION
END IF
' Look at the system information
LOCAL sysInfo AS nSYSTEM_INFO
LOCAL biosVendor AS STRING
LOCAL biosModel AS STRING
' Get system information
GetSystemInfo sysInfo
' Get BIOS vendor and model information
' BIOS_VENDOR and BIOS_MODEL
biosVendor = ENVIRON$(BVend)
biosModel = ENVIRON$(BModel)
' Check if the BIOS vendor or model contains "Hyper-V"
IF INSTR(UCASE$(biosVendor), StHpV) > 0 OR _
INSTR(UCASE$(biosModel), StHpV) > 0 THEN
tmpHpV = 4
END IF
IF tmpHpV > 0 THEN
IsHyperV = 1
EXIT FUNCTION
END IF
' No detecting any HyperV
IsHyperV = 0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' C:\Windows\System32\drivers\vmbus.sys
FUNCTION vmbus() AS STRING
' Text is 37 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(37)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 37
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 37
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 193,174,66,178,212,51,215,33,254,70,7,94,230,164,89,187
! db 134,1,189,113,148,12,28,39,62,174,155,85,248,5,225,47
! db 40,39,248,212,127,0
#ALIGN 4
paddlabel:
! db 130,148,30,229,189,93,179,78,137,53,91,13,159,215,45,222
! db 235,50,143,45,240,126,117,81,91,220,232,9,142,104,131,90
! db 91,9,139,173,12,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' C:\Windows\System32\drivers\hvvid.sys
FUNCTION hvvid() AS STRING
' Text is 37 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(37)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 37
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 37
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 189,165,122,161,218,108,74,157,208,172,158,224,34,204,210,8
! db 75,32,135,113,156,83,65,255,47,184,167,134,80,167,159,156
! db 94,242,107,0,133,0
#ALIGN 4
paddlabel:
! db 254,159,38,246,179,2,46,242,167,223,194,179,91,191,166,109
! db 38,19,181,45,248,33,40,137,74,202,212,218,56,209,233,245
! db 58,220,24,121,246,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
'BIOS_VENDOR
FUNCTION BVend() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(11)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+3], 83
! mov BYTE PTR [esi+5], 86
! mov BYTE PTR [esi+9], 79
! mov BYTE PTR [esi+6], 69
! mov BYTE PTR [esi+10], 82
! mov BYTE PTR [esi+4], 95
! mov BYTE PTR [esi+8], 68
! mov BYTE PTR [esi+1], 73
! mov BYTE PTR [esi+7], 78
! mov BYTE PTR [esi+0], 66
! mov BYTE PTR [esi+2], 79
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' BIOS_MODEL
FUNCTION BModel() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(10)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+4], 95
! mov BYTE PTR [esi+3], 83
! mov BYTE PTR [esi+0], 66
! mov BYTE PTR [esi+9], 76
! mov BYTE PTR [esi+2], 79
! mov BYTE PTR [esi+8], 69
! mov BYTE PTR [esi+7], 68
! mov BYTE PTR [esi+1], 73
! mov BYTE PTR [esi+5], 77
! mov BYTE PTR [esi+6], 79
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' HYPER-V
FUNCTION StHpV() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(7)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+3], 69
! mov BYTE PTR [esi+2], 80
! mov BYTE PTR [esi+4], 82
! mov BYTE PTR [esi+1], 89
! mov BYTE PTR [esi+5], 45
! mov BYTE PTR [esi+0], 72
! mov BYTE PTR [esi+6], 86
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' MICROSOFT
FUNCTION stMS() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(9)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+1], 73
! mov BYTE PTR [esi+7], 70
! mov BYTE PTR [esi+5], 83
! mov BYTE PTR [esi+4], 79
! mov BYTE PTR [esi+8], 84
! mov BYTE PTR [esi+3], 82
! mov BYTE PTR [esi+6], 79
! mov BYTE PTR [esi+0], 77
! mov BYTE PTR [esi+2], 67
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' SystemManufacturer
FUNCTION SysManf() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(18)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+14], 117
! mov BYTE PTR [esi+5], 109
! mov BYTE PTR [esi+9], 117
! mov BYTE PTR [esi+16], 101
! mov BYTE PTR [esi+15], 114
! mov BYTE PTR [esi+17], 114
! mov BYTE PTR [esi+11], 97
! mov BYTE PTR [esi+8], 110
! mov BYTE PTR [esi+13], 116
! mov BYTE PTR [esi+3], 116
! mov BYTE PTR [esi+4], 101
! mov BYTE PTR [esi+2], 115
! mov BYTE PTR [esi+0], 83
! mov BYTE PTR [esi+1], 121
! mov BYTE PTR [esi+7], 97
! mov BYTE PTR [esi+12], 99
! mov BYTE PTR [esi+6], 77
! mov BYTE PTR [esi+10], 102
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' HARDWARE\DESCRIPTION\System\BIOS
FUNCTION hwBios() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(32)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+28], 66
! mov BYTE PTR [esi+29], 73
! mov BYTE PTR [esi+27], 92
! mov BYTE PTR [esi+17], 73
! mov BYTE PTR [esi+4], 87
! mov BYTE PTR [esi+30], 79
! mov BYTE PTR [esi+20], 92
! mov BYTE PTR [esi+16], 84
! mov BYTE PTR [esi+21], 83
! mov BYTE PTR [esi+25], 101
! mov BYTE PTR [esi+31], 83
! mov BYTE PTR [esi+12], 67
! mov BYTE PTR [esi+15], 80
! mov BYTE PTR [esi+22], 121
! mov BYTE PTR [esi+9], 68
! mov BYTE PTR [esi+1], 65
! mov BYTE PTR [esi+3], 68
! mov BYTE PTR [esi+6], 82
! mov BYTE PTR [esi+0], 72
! mov BYTE PTR [esi+18], 79
! mov BYTE PTR [esi+23], 115
! mov BYTE PTR [esi+11], 83
! mov BYTE PTR [esi+7], 69
! mov BYTE PTR [esi+19], 78
! mov BYTE PTR [esi+26], 109
! mov BYTE PTR [esi+8], 92
! mov BYTE PTR [esi+2], 82
! mov BYTE PTR [esi+5], 65
! mov BYTE PTR [esi+10], 69
! mov BYTE PTR [esi+13], 82
! mov BYTE PTR [esi+14], 73
! mov BYTE PTR [esi+24], 116
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
|
|
|
|
| Detect WINE emulator |
|
Posted by: Anne Wilson - Yesterday, 06:05 PM - Forum: Source Code Library
- No Replies
|
|
This program will detect if it is being run in a WINE emulator.
Note that hackers will place your programs to run in WINE so that they can
pirate or hack your programs.
This is to detect whether the user is using a WINE emulator and to do the
necessary counter action.
Please let me know if you encounter issue with this program.
Code: ' Detect Wine.bas
#COMPILE EXE
#DIM ALL
#INCLUDE "Win32Api.inc"
' Constants for registry access
%KEY_QUERY_VALUE = &H0001
%KEY_WOW64_64KEY = &H0100
'===================
FUNCTION PBMAIN() AS LONG
IF IsRunningInWine() THEN
? "Running in Wine."
ELSE
? "Not running in Wine."
END IF
END FUNCTION
'=========================
FUNCTION IsRunningInWine() AS LONG
' Check for Wine-specific environment variables
LOCAL szBuffer AS ASCIIZ * 256
LOCAL lResult AS LONG
' Check for the "WINEDLLPATH" environment variable
lResult = GetEnvironmentVariable( stWineP, szBuffer, SIZEOF(szBuffer))
IF lResult > 0 THEN
' Wine environment variable found
FUNCTION = 1
EXIT FUNCTION
END IF
' Check for the "WINE" environment variable
lResult = GetEnvironmentVariable(stWine, szBuffer, SIZEOF(szBuffer))
IF lResult > 0 THEN
' Wine environment variable found
FUNCTION = 1
EXIT FUNCTION
END IF
' Check for Wine-specific registry keys
LOCAL hwnKey AS LONG
LOCAL dwType AS LONG
LOCAL dwSize AS LONG
' Check for Wine version in the registry
' Software\Wine
lResult = RegOpenKeyEx(%HKEY_LOCAL_MACHINE, swWine , _
0, %KEY_QUERY_VALUE OR %KEY_WOW64_64KEY, hwnKey)
IF lResult = 0 THEN
' Wine registry key found
FUNCTION = 1
RegCloseKey(hwnKey)
EXIT FUNCTION
END IF
' Check for Wine-specific files
' C:\windows\system32\winecfg.exe
IF GetFileAttributes(stWcfg) <> %INVALID_FILE_ATTRIBUTES THEN
' Wine-specific file found
FUNCTION = 1
EXIT FUNCTION
END IF
' If none of the above checks pass, assume not running in Wine
FUNCTION = 0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' WINEDLLPATH
FUNCTION stWineP() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(11)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+6], 76
! mov BYTE PTR [esi+2], 78
! mov BYTE PTR [esi+0], 87
! mov BYTE PTR [esi+4], 68
! mov BYTE PTR [esi+3], 69
! mov BYTE PTR [esi+5], 76
! mov BYTE PTR [esi+10], 72
! mov BYTE PTR [esi+7], 80
! mov BYTE PTR [esi+1], 73
! mov BYTE PTR [esi+8], 65
! mov BYTE PTR [esi+9], 84
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' WINE
FUNCTION stWine() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(4)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+1], 73
! mov BYTE PTR [esi+3], 69
! mov BYTE PTR [esi+2], 78
! mov BYTE PTR [esi+0], 87
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' Software\Wine
FUNCTION swWine() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(13)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+7], 101
! mov BYTE PTR [esi+9], 87
! mov BYTE PTR [esi+0], 83
! mov BYTE PTR [esi+6], 114
! mov BYTE PTR [esi+3], 116
! mov BYTE PTR [esi+4], 119
! mov BYTE PTR [esi+1], 111
! mov BYTE PTR [esi+10], 105
! mov BYTE PTR [esi+2], 102
! mov BYTE PTR [esi+11], 110
! mov BYTE PTR [esi+12], 101
! mov BYTE PTR [esi+5], 97
! mov BYTE PTR [esi+8], 92
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' C:\windows\system32\winecfg.exe
FUNCTION stWcfg() AS STRING
#REGISTER NONE
LOCAL pstr AS DWORD
LOCAL a$
a$ = NUL$(31)
pstr = STRPTR(a$)
! mov esi, pstr
! mov BYTE PTR [esi+24], 99
! mov BYTE PTR [esi+25], 102
! mov BYTE PTR [esi+17], 51
! mov BYTE PTR [esi+22], 110
! mov BYTE PTR [esi+14], 116
! mov BYTE PTR [esi+15], 101
! mov BYTE PTR [esi+27], 46
! mov BYTE PTR [esi+9], 115
! mov BYTE PTR [esi+12], 121
! mov BYTE PTR [esi+7], 111
! mov BYTE PTR [esi+2], 92
! mov BYTE PTR [esi+23], 101
! mov BYTE PTR [esi+29], 120
! mov BYTE PTR [esi+26], 103
! mov BYTE PTR [esi+28], 101
! mov BYTE PTR [esi+8], 119
! mov BYTE PTR [esi+18], 50
! mov BYTE PTR [esi+30], 101
! mov BYTE PTR [esi+4], 105
! mov BYTE PTR [esi+19], 92
! mov BYTE PTR [esi+6], 100
! mov BYTE PTR [esi+11], 115
! mov BYTE PTR [esi+0], 67
! mov BYTE PTR [esi+1], 58
! mov BYTE PTR [esi+5], 110
! mov BYTE PTR [esi+3], 119
! mov BYTE PTR [esi+10], 92
! mov BYTE PTR [esi+20], 119
! mov BYTE PTR [esi+21], 105
! mov BYTE PTR [esi+16], 109
! mov BYTE PTR [esi+13], 115
FUNCTION = a$
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
|
|
|
|
| Detect the Virtual Box Virtual Machine |
|
Posted by: Anne Wilson - Yesterday, 05:34 PM - Forum: Source Code Library
- No Replies
|
|
This program will detect if it is being run in a Virtual Box Virtual Machine VM.
Note that hackers will place your programs to run in a VM so that they can
pirate or hack your programs.
This is to detect whether the user is using a Virtual Box VM and to do the
necessary counter action.
Please let me know if you encounter issue with this program.
Code: ' Detect VirtualBox2.bas
' The program checks the SystemProductName value in the
' HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS registry key.
' If the value contains the string "VIRTUALBOX", it
' assumes the program is running inside a VirtualBox virtual machine.
' This method relies on the registry value, which can be modified
' by advanced hackers or customized VirtualBox installations.
' Additional checks :
' Detect VirtualBox with additional checks such as
' VirtualBox Guest Additions:
' The program checks for the presence of the
' C:\Program Files\Oracle\VirtualBox Guest Additions directory.
' If this directory exists, it is a strong indicator that
' VirtualBox Guest Additions are installed.
' VirtualBox Graphics Adapter:
' The program checks the registry for the DriverDesc value under the
' SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 key.
' If the value contains "VirtualBox", it indicates the presence of the
' VirtualBox Graphics Adapter.
' VirtualBox Shared Folders Service:
' The program checks for the VBoxSF service in the registry under
' SYSTEM\CurrentControlSet\Services\VBoxSF. If this key exists, it
' indicates that the VirtualBox Shared Folders service is installed.
' Some checks may require administrative privileges to access
' certain registry keys or files.
' VirtualBox environments can be customized by hackers, so these checks
' may not work in all cases.
#COMPILE EXE
#DIM ALL
#INCLUDE "Win32Api.inc"
' Constants for registry access
%KEY_QUERY_VALUE = &H0001
%KEY_WOW64_64KEY = &H0100
'=========================
FUNCTION PBMAIN() AS LONG
IF IsVirtualBox() THEN
? "Running inside VirtualBox."
ELSE
? "Not running inside VirtualBox."
END IF
END FUNCTION
'===================================
FUNCTION IsVirtualBox() AS LONG
' Check for VirtualBox specific hardware
LOCAL hvbKey AS LONG
LOCAL lResult AS LONG
LOCAL dwType AS LONG
LOCAL dwSize AS LONG
LOCAL szBuffer AS ASCIIZ * 256
LOCAL tmpVBfind AS LONG
' Indicator to signify that Virtual Box is found
tmpVBfind = 0
' Check for VirtualBox in the registry for "HARDWARE\DESCRIPTION\System\BIOS" key
lResult = RegOpenKeyEx(%HKEY_LOCAL_MACHINE, HwBios , _
0, %KEY_QUERY_VALUE OR %KEY_WOW64_64KEY, hvbKey)
IF lResult = 0 THEN
dwSize = SIZEOF(szBuffer)
' search for "SystemProductName" in the registry key
lResult = RegQueryValueEx(hvbKey, StSysPNam , 0 , _
dwType, BYVAL VARPTR(szBuffer), dwSize)
IF lResult = 0 THEN
' checks for presence of "VIRTUALBOX"
IF INSTR(UCASE$(szBuffer), StVbox ) > 0 THEN
' Running inside VirtualBox
tmpVBfind = 1
END IF
END IF
RegCloseKey(hvbKey)
END IF
IF tmpVBfind > 0 THEN
' inside Virtual Box, we exit
FUNCTION = 1
EXIT FUNCTION
END IF
' Check for VirtualBox Guest Additions folder
' C:\Program Files\Oracle\VirtualBox Guest Additions
IF GetFileAttributes(StGuestAdd) <> _
%INVALID_FILE_ATTRIBUTES THEN
' VirtualBox Guest Additions folder found
tmpVBfind = 2
END IF
IF tmpVBfind > 0 THEN
' inside Virtual Box, we exit
FUNCTION = 1
EXIT FUNCTION
END IF
' Check for VirtualBox Graphics Adapter in the registry
' SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
lResult = RegOpenKeyEx(%HKEY_LOCAL_MACHINE, _
VboxReg , 0, %KEY_QUERY_VALUE OR %KEY_WOW64_64KEY, hvbKey)
IF lResult = 0 THEN
dwSize = SIZEOF(szBuffer)
' DriverDesc
lResult = RegQueryValueEx(hvbKey, DrvDesc , 0, _
dwType, BYVAL VARPTR(szBuffer), dwSize)
IF lResult = 0 THEN
' checks for presence of "VIRTUALBOX"
IF INSTR(UCASE$(szBuffer), StVbox ) > 0 THEN
' VirtualBox Graphics Adapter found
tmpVBfind = 3
END IF
END IF
RegCloseKey(hvbKey)
END IF
IF tmpVBfind > 0 THEN
' inside Virtual Box, we exit
FUNCTION = 1
EXIT FUNCTION
END IF
' Check for VirtualBox Shared Folders service
' SYSTEM\CurrentControlSet\Services\VBoxSF
lResult = RegOpenKeyEx(%HKEY_LOCAL_MACHINE, VBoxSF ,_
0, %KEY_QUERY_VALUE OR %KEY_WOW64_64KEY, hvbKey)
IF lResult = 0 THEN
' VirtualBox Shared Folders service found
tmpVBfind = 4
RegCloseKey(hvbKey)
END IF
IF tmpVBfind > 0 THEN
'inside Virtual Box, we exit
FUNCTION = 1
EXIT FUNCTION
END IF
' Not running inside VirtualBox
FUNCTION = 0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' SYSTEM\CurrentControlSet\Services\VBoxSF
FUNCTION VBoxSF() AS STRING
' Text is 40 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(40)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 40
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 40
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 79,184,216,160,164,135,207,62,1,240,202,123,92,83,181,95
! db 45,190,211,214,162,219,235,86,157,31,187,119,158,43,215,78
! db 122,59,140,231,178,30,78,170,0
#ALIGN 4
paddlabel:
! db 28,225,139,244,225,202,147,125,116,130,184,30,50,39,246,48
! db 67,202,161,185,206,136,142,34,193,76,222,5,232,66,180,43
! db 9,103,218,165,221,102,29,236,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' DriverDesc
FUNCTION DrvDesc() AS STRING
' Text is 10 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(10)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 10
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 10
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 95,19,30,205,113,174,192,70,177,188,0
#ALIGN 4
paddlabel:
! db 27,97,119,187,20,220,132,35,194,223,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
FUNCTION VboxReg() AS STRING
' Text is 82 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(82)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 82
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 82
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 249,4,13,80,88,97,132,5,24,111,213,141,243,173,242,206
! db 189,198,195,6,254,205,26,36,221,142,19,135,64,61,151,78
! db 153,171,45,85,38,106,176,110,168,138,35,114,191,211,155,93
! db 173,26,92,124,246,134,68,157,34,41,54,12,4,160,71,157
! db 217,220,127,46,171,7,143,39,93,53,250,48,59,101,31,82
! db 71,223,0
#ALIGN 4
paddlabel:
! db 170,93,94,4,29,44,216,70,109,29,167,232,157,217,177,161
! db 211,178,177,105,146,158,127,80,129,205,124,233,52,79,248,34
! db 197,232,65,52,85,25,236,21,156,206,16,68,250,234,173,101
! db 128,95,111,78,195,171,117,172,97,108,27,78,66,227,118,176
! db 233,228,79,30,153,69,202,22,109,6,203,8,70,57,47,98
! db 119,239,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' C:\Program Files\Oracle\VirtualBox Guest Additions
FUNCTION StGuestAdd() AS STRING
' Text is 50 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(50)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 50
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 50
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 7,220,75,224,3,68,53,168,252,239,117,24,148,135,223,200
! db 247,24,180,35,112,47,153,150,228,9,220,195,146,241,190,213
! db 5,52,58,119,39,226,64,247,210,250,250,22,125,81,204,206
! db 154,127,0
#ALIGN 4
paddlabel:
! db 68,230,23,176,113,43,82,218,157,130,85,94,253,235,186,187
! db 171,87,198,66,19,67,252,202,178,96,174,183,231,144,210,151
! db 106,76,26,48,82,135,51,131,242,187,158,114,20,37,165,161
! db 244,12,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' HARDWARE\DESCRIPTION\System\BIOS
FUNCTION HwBios() AS STRING
' Text is 32 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(32)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 32
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 32
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 6,160,141,231,80,254,21,81,26,141,42,230,212,123,191,161
! db 135,127,23,20,125,4,86,219,249,27,41,173,135,79,226,31,0
#ALIGN 4
paddlabel:
! db 78,225,223,163,7,191,71,20,70,201,111,181,151,41,246,241
! db 211,54,88,90,33,87,47,168,141,126,68,241,197,6,173,76,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' SystemProductName
FUNCTION StSysPNam() AS STRING
' Text is 17 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(17)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 17
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 17
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 13,86,169,118,27,35,11,70,75,176,244,132,4,124,41,63
! db 53,0
#ALIGN 4
paddlabel:
! db 94,47,218,2,126,78,91,52,36,212,129,231,112,50,72,82
! db 80,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
' VIRTUALBOX
FUNCTION StVbox() AS STRING
' Text is 10 bytes excluding the terminating zero
#REGISTER NONE
LOCAL src AS DWORD
LOCAL dst AS DWORD
LOCAL outpt$
src = CODEPTR(datalabel)
outpt$ = NUL$(10)
dst = STRPTR(outpt$)
' -------------------
' copy data to string
' -------------------
! mov esi, src
! mov edi, dst
! mov ecx, 10
! rep movsb
src = CODEPTR(paddlabel)
' -----------------------------
' xor string data to unique pad
' -----------------------------
! mov esi, dst
! mov ebx, 10
! mov edi, src
! add esi, ebx
! add edi, ebx
! neg ebx
lbl0:
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jz lbl1
! movzx eax, BYTE PTR [edi+ebx]
! xor [esi+ebx], al
! add ebx, 1
! jnz lbl0
lbl1:
FUNCTION = outpt$
EXIT FUNCTION
#ALIGN 4
datalabel:
! db 44,250,255,129,228,77,15,253,221,22,0
#ALIGN 4
paddlabel:
! db 122,179,173,213,177,12,67,191,146,78,0
END FUNCTION
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
|
|
|
|
PBDOS -- Where The Love Affair Began |
|
Posted by: Frank Ferrell - Yesterday, 11:39 AM - Forum: PowerBASIC for DOS
- Replies (8)
|
|
Greetings ....
The love affair with PowerBASIC began for me in the early 1990s, when I received my first PBDOS compiler program disk and manual (Version 2.1). It wasn't long before I moved up the cyber-ladder to Versions 3.0, 3.2 and finally the wonderful PBDOS 3-point-5.
I'm sure that many will agree that PBDOS and its IDE was a welcome change from Microsoft's QBasic/Quickbasic. The QB's were mmmmm, OK, but had several limitations, and at times produced a lot of frustrations.
With PBDOS in general, and V35 in particular, it was wonderful writing programs, aided by several statements and functions not found in the QB's.
If I could pick some statements/functions to add to PBDOS, which would later appear in the Console Compiler series, then these -- BUILD$, CHOOSE/CHOOSE$, WAITKEY$ and XPRINT -- would be at the top of the wish list.
So, that's my story. albeit a brief one. What's yours?
Thanx-A-Lotte, Frank.
|
|
|
|
| Mapped Drives and Run As Administrator issue |
|
Posted by: Stuart McLachlan - Yesterday, 02:45 AM - Forum: Programming
- Replies (2)
|
 |
Just ran into a little oops.
Writing a small backup utility to copy files from a mapped drive to a USB Thumb Drive.
I initially couldn't work out why it was silently failing with "Compile and Execute"
I tried running the executable from Windows Explorer and it worked.
Then it dawned on me  :
I have PBEdit and PBWin set to "run as Administrator' to avoid the known issues with occasional slow compilation and/or compiler fails.
"Administrator " didn't have the drive mapping.
My solution:
Code: dwDrives = GetLogicalDrives
IF BIT(dwDrives,25) = 0 THEN ' Drive Z not available
? "Cannot access source drive Z:\." & $LF & $LF & "You must run this application as a user with drive Z:\ mapped!" & $LF & $LF & _
"Note that the backup will fail if you run ""as administrator"" rather than as a normal user who has Z:\ mapped",%MB_ICONERROR,"Backup To USB Failed"
EXIT FUNCTION
END IF
|
|
|
|
| Calling opcode string discussion |
|
Posted by: Pierre Bellisle - 01-27-2025, 08:18 PM - Forum: Programming
- Replies (2)
|
 |
Calling opcode string discussion was started at https://forum.powerbasic.com/forum/user-...discussion
It is an answer To Anne on how to get and embed a function in a string and call it via "call dword"
This one show particularly how to find the end of the function code by inserting data near the end.
Code: 'follow up of https://forum.powerbasic.com/forum/user-to-user-discussions/programming/838669-calling-opcode-string-discussion
#compile exe '#Win 10.04 (D:\Dev\Pow\Bas\Jose Roca\Forum\Jose\Windows API Headers\3.1.07\uz)#
#dim all
'#register none
'%Unicode = 1
#include "Win32Api.inc"
#RESOURCE MANIFEST, 1, "XPTheme.xml"
global hDlg as dword
$AppName = "call dword"
%Static01 = 101
%Button01 = 201
declare function myfunction(byval var1 as long ,byval var2 as long) as long 'for call dword to use
'_____________________________________________________________________________
function HexView$(sString as string) as string 'HexString
local pByte as byte pointer
local sBuffer as string
local sChar16 as string
local Looper as long
pByte = strptr(sString)
do
if (Looper and 15) = 00 then 'Like MOD 16
sBuffer = sBuffer & hex$(Looper, 4) & ": " 'Line number:
elseif (Looper and 07) = 00 then 'Like MOD 8
sBuffer = sBuffer & "- " 'Middle dash
end if
if Looper < len(sString) then 'Add data
sBuffer = sBuffer & hex$(@pByte[Looper], 2) & $spc
else
#if %def(%pb_win32) 'A to F have bigger width
sBuffer = sBuffer & " " 'Windows: No more data, fill with five spaces
#else 'Use STDOUT in console
sBuffer = sBuffer & " " 'Console: No more data, fill with three spaces
#endif
end if
if (Looper and 15) = 15 then 'End of 16 bytes line
sChar16 = mid$(sString, Looper -14, 16) 'Next line replace non visible characters with dot
replace any chr$(0,1,7,9,10,13,27 to 31,127,129,140,141,143,144,152,157) with "..................." in sChar16
sBuffer = sBuffer & "; " & sChar16 & $crlf 'Add ascii string and CRLF
if Looper >= len(sString) - 1 then exit do 'Job done
end if
incr Looper
loop
function = "Binary data lenght is" & str$(len(sString)) & " bytes." & $crlf & sBuffer
end function
'____________________________________________________________________________
function Add2Numbers(byval var1 as long ,byval var2 as long) as long
function = var1 + var2
'function = var2
exit function
!DB &h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0
end function
'_____________________________________________________________________________
callback function DlgProc
local sAsm as string
local sTerminator as string
local pcode as dword
local pString as dword
local RetVal as long
local byteVal as byte
select case cbmsg
case %wm_command
select case cbctl
case %Button01
if cbctlmsg = %bn_clicked or cbctlmsg = 1 then
'call original function
sTerminator = chr$(&h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0)
pcode = codeptr(Add2Numbers)
RetVal = 0
call dword pcode using myfunction(2, 2) to RetVal
MessageBox(hDlg, "CALL DWORD pcode result =" & str$(RetVal), $AppName, 266240)
'-----------------------------------------------------------------------------
'call a copy of original function using myfunction()
sAsm = ""
do
sAsm &= peek$(pcode, 1) 'build sAsm byte by byte to be sure to not access out of bound memory
incr pcode
if instr(sAsm, sTerminator) then
sAsm &= peek$(pcode, 16) 'get the end of function
exit do
end if
loop
RetVal = 0
pString = strptr(sAsm)
call dword pString using myfunction(2, 3) to RetVal
MessageBox(hDlg, "CALL DWORD pString result =" & str$(RetVal), $AppName, 266240)
'-------------------------------------------------------------------------------------------------
'call a copy of original function without using myfunction()
pString = strptr(sAsm)
! push 4
! push 2
call dword pString 'Or you may use !call pcode
! mov RetVal, eax
MessageBox(hDlg, "CALL DWORD ASM result =" & str$(RetVal), $AppName, 266240)
'-------------------------------------------------------------------------------------------------
'show the copy and original function code side to side
MessageBox(hDlg, "pcode:" & $crlf & HexView$(peek$(codeptr(Add2Numbers), len(sAsm))) & $crlf & $crlf & $crlf & _
"pString:" & $crlf & HexView$(peek$(codeptr(Add2Numbers), len(sAsm))), $AppName, 266240)
end if
end select
end select
end function
'_____________________________________________________________________________
function pbmain()
dialog font "Segoe UI", 9
dialog new %hwnd_desktop, $AppName, , , 150, 50, _
%ws_caption or %ws_minimizebox or %ws_maximizebox or %ws_sizebox or %ws_sysmenu, %ws_ex_left to hDlg
control add label, hDlg, %Static01, "codeptr() and strptr() test", 5, 10, 140, 11, %ss_center
control add button, hDlg, %Button01, "test codeptr() and strptr()", 15, 25, 120, 15
dialog show modal hDlg call DlgProc
end function
'_____________________________________________________________________________
'
|
|
|
|
|
