Added a check for less than one GiB of memory.

2015-05-18 13:30:43 +01:00 · 2015-05-18 13:30:43 +01:00 · 01ac4d2153
parent b0a2aeeda3
commit 01ac4d2153
3 changed files with 20 additions and 0 deletions
--- a/pafish/gensandbox.c
+++ b/pafish/gensandbox.c
@ -1,4 +1,6 @@

+#define _WIN32_WINNT 0x0501 /* _WIN32_WINNT_WINXP */
+
 #include <windows.h>
 #include <winioctl.h>
 #include <string.h>
@ -149,3 +151,11 @@ int gensandbox_one_cpu_GetSystemInfo() {
 	return siSysInfo.dwNumberOfProcessors < 2 ? TRUE : FALSE;
 }

+int gensandbox_less_than_onegb() {
+	MEMORYSTATUSEX statex;
+	statex.dwLength = sizeof (statex);
+
+	GlobalMemoryStatusEx(&statex);
+	return (statex.ullAvailPhys/1024) < 1048576 ? TRUE : FALSE;
+}
+
--- a/pafish/gensandbox.h
+++ b/pafish/gensandbox.h
@ -20,4 +20,6 @@ int gensandbox_one_cpu();

 int gensandbox_one_cpu_GetSystemInfo();

+int gensandbox_less_than_onegb();
+
 #endif
--- a/pafish/main.c
+++ b/pafish/main.c
@ -191,6 +191,14 @@ int main(void)
 	}
 	else print_not_traced();

+	printf("[*] Checking if pysical memory is < 1Gb ... ");
+	if (gensandbox_less_than_onegb() == TRUE) {
+		print_traced();
+		write_log("Sandbox traced by checking if pysical memory is less than 1Gb");
+		write_trace("hi_sandbox_pysicalmemory_less_1Gb");
+	}
+	else print_not_traced();
+
 	/* Hooks detection tricks */
 	printf("\n[-] Hooks detection\n");
 	printf("[*] Checking function DeleteFileW method 1 ... ");