mirror of https://github.com/a0rtega/pafish
Added extra checks for VMWare and Wine.
This commit is contained in:
parent
b0a2aeeda3
commit
01879489d4
|
@ -221,6 +221,14 @@ int main(void)
|
||||||
}
|
}
|
||||||
else print_not_traced();
|
else print_not_traced();
|
||||||
|
|
||||||
|
printf("[*] Reg key (HKCU\\SOFTWARE\\Wine) ... ");
|
||||||
|
if (wine_reg_key1() == TRUE) {
|
||||||
|
write_log("Wine traced using Reg key HKCU\\SOFTWARE\\Wine");
|
||||||
|
print_traced();
|
||||||
|
write_trace("hi_wine");
|
||||||
|
}
|
||||||
|
else print_not_traced();
|
||||||
|
|
||||||
/* VirtualBox detection tricks */
|
/* VirtualBox detection tricks */
|
||||||
printf("\n[-] VirtualBox detection\n");
|
printf("\n[-] VirtualBox detection\n");
|
||||||
printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");
|
printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");
|
||||||
|
@ -385,6 +393,14 @@ int main(void)
|
||||||
}
|
}
|
||||||
else print_not_traced();
|
else print_not_traced();
|
||||||
|
|
||||||
|
printf("[*] Looking for pseudo devices ... ");
|
||||||
|
if (vmware_devices(TRUE) == TRUE) {
|
||||||
|
/* Log written inside function */
|
||||||
|
print_traced();
|
||||||
|
write_trace("hi_vmware");
|
||||||
|
}
|
||||||
|
else print_not_traced();
|
||||||
|
|
||||||
/* Qemu detection tricks */
|
/* Qemu detection tricks */
|
||||||
printf("\n[-] Qemu detection\n");
|
printf("\n[-] Qemu detection\n");
|
||||||
printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");
|
printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");
|
||||||
|
|
|
@ -1,10 +1,12 @@
|
||||||
|
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
|
||||||
#include "vmware.h"
|
#include "vmware.h"
|
||||||
#include "types.h"
|
#include "types.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
|
#include "common.h"
|
||||||
|
|
||||||
int vmware_reg_key1() {
|
int vmware_reg_key1() {
|
||||||
if ( pafish_exists_regkey_value_str(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier", "VMWARE") ||
|
if ( pafish_exists_regkey_value_str(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier", "VMWARE") ||
|
||||||
|
@ -27,3 +29,23 @@ int vmware_sysfile1() {
|
||||||
int vmware_sysfile2() {
|
int vmware_sysfile2() {
|
||||||
return pafish_exists_file("C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys");
|
return pafish_exists_file("C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int vmware_devices(int writelogs) {
|
||||||
|
HANDLE h;
|
||||||
|
const int count = 2;
|
||||||
|
string strs[count];
|
||||||
|
int res = FALSE, i = 0;
|
||||||
|
char message[200];
|
||||||
|
|
||||||
|
strs[0] = "\\\\.\\HGFS";
|
||||||
|
strs[1] = "\\\\.\\vmci";
|
||||||
|
for (i=0; i < count; i++) {
|
||||||
|
h = CreateFile(strs[i], GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||||
|
if (h != INVALID_HANDLE_VALUE) {
|
||||||
|
snprintf(message, sizeof(message)-sizeof(message[0]), "VMWare traced using device %s", strs[i]);
|
||||||
|
if (writelogs) write_log(message);
|
||||||
|
res = TRUE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
|
@ -10,4 +10,6 @@ int vmware_sysfile1();
|
||||||
|
|
||||||
int vmware_sysfile2();
|
int vmware_sysfile2();
|
||||||
|
|
||||||
|
int vmware_devices();
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
|
|
||||||
#include "wine.h"
|
#include "wine.h"
|
||||||
#include "types.h"
|
#include "types.h"
|
||||||
|
#include "utils.h"
|
||||||
|
|
||||||
int wine_detect_get_unix_file_name() {
|
int wine_detect_get_unix_file_name() {
|
||||||
HMODULE k32;
|
HMODULE k32;
|
||||||
|
@ -19,3 +20,7 @@ int wine_detect_get_unix_file_name() {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int wine_reg_key1() {
|
||||||
|
return pafish_exists_regkey(HKEY_CURRENT_USER, "SOFTWARE\\Wine");
|
||||||
|
}
|
||||||
|
|
|
@ -4,4 +4,6 @@
|
||||||
|
|
||||||
int wine_detect_get_unix_file_name();
|
int wine_detect_get_unix_file_name();
|
||||||
|
|
||||||
|
int wine_reg_key1();
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue