mirrors/pafish
1
0
Fork 0
mirror of https://github.com/a0rtega/pafish synced 2024-11-21 22:01:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Huge refactor, TRUE FALSE types added, utils functions added, fix encoding, trailing spaces, CRLF removed

Browse Source
This commit is contained in:
Alberto Ortega 2014-12-31 20:24:11 +01:00
parent 6912bb1565
commit 02a6590271
23 changed files with 1164 additions and 1572 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pafish/Makefile.win
View File

@ -1,15 +1,15 @@

CC = gcc.exe
LINK = gcc.exe
WINDRES = windres.exe
OBJ = Objects/MingW/main.o Objects/MingW/common.o Objects/MingW/debuggers.o Objects/MingW/sandboxie.o \
OBJ = Objects/MingW/main.o Objects/MingW/common.o Objects/MingW/utils.o Objects/MingW/debuggers.o Objects/MingW/sandboxie.o \
Objects/MingW/vbox.o Objects/MingW/gensandbox.o Objects/MingW/wine.o Objects/MingW/vmware.o \
Objects/MingW/qemu.o Objects/MingW/hooks.o Objects/MingW/pafish_private.res
LINKOBJ = $(OBJ)
LIBS = -L"C:/MinGW32/lib" -lwsock32 -liphlpapi -lsetupapi -lmpr -s
INCS = -I"C:/MinGW32/include"
BIN = Output/MingW/pafish.exe
CFLAGS = $(INCS) $(DEFINES) -O0
CFLAGS = $(INCS) $(DEFINES) -O1
all: $(BIN)
@ -27,6 +27,9 @@ Objects/MingW/main.o: $(GLOBALDEPS) main.c
Objects/MingW/common.o: $(GLOBALDEPS) common.c
$(CC) -c common.c -o Objects/MingW/common.o $(CFLAGS)
Objects/MingW/utils.o: $(GLOBALDEPS) utils.c
$(CC) -c utils.c -o Objects/MingW/utils.o $(CFLAGS)
Objects/MingW/debuggers.o: $(GLOBALDEPS) debuggers.c
$(CC) -c debuggers.c -o Objects/MingW/debuggers.o $(CFLAGS)

124
pafish/common.c
View File

@ -1,65 +1,59 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>
#include "common.h"
int analysis_result = 0;
void init_cmd_colors() {
HANDLE handler = GetStdHandle(STD_OUTPUT_HANDLE);
SetConsoleTextAttribute(handler, FOREGROUND_INTENSITY);
}
void print_header() {
HANDLE handler = GetStdHandle(STD_OUTPUT_HANDLE);
printf("* Pafish (");
SetConsoleTextAttribute(handler, 11);
printf("Paranoid fish");
SetConsoleTextAttribute(handler, FOREGROUND_INTENSITY);
printf(") *\n\n");
printf("Some anti(debugger/VM/sandbox) tricks\n");
printf("used by malware for the general public.\n\n");
}
void print_traced() {
HANDLE handler = GetStdHandle(STD_OUTPUT_HANDLE);
SetConsoleTextAttribute(handler, 207);
printf("traced!\n");
SetConsoleTextAttribute(handler, FOREGROUND_INTENSITY);
analysis_result = 2;
}
void print_not_traced() {
HANDLE handler = GetStdHandle(STD_OUTPUT_HANDLE);
SetConsoleTextAttribute(handler, 10);
printf("OK\n");
SetConsoleTextAttribute(handler, FOREGROUND_INTENSITY);
}
void print_suspicious() {
HANDLE handler = GetStdHandle(STD_OUTPUT_HANDLE);
SetConsoleTextAttribute(handler, 207);
printf("suspicious\n");
SetConsoleTextAttribute(handler, FOREGROUND_INTENSITY);
if (analysis_result == 0) {
analysis_result = 1;
}
}
void write_log(char msg[]) {
FILE *log;
char logstr[1024];
snprintf(logstr, sizeof(logstr), "\n[pafish] %s", msg);
log = fopen("pafish.log", "a");
fputs(logstr, log);
fclose(log);
}
void write_trace(char product[]) {
FILE *trace;
trace = fopen(product, "a");
fclose(trace);
}
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>
#include "common.h"
void init_cmd_colors() {
HANDLE handler = GetStdHandle(STD_OUTPUT_HANDLE);
SetConsoleTextAttribute(handler, FOREGROUND_INTENSITY);
}
void print_header() {
HANDLE handler = GetStdHandle(STD_OUTPUT_HANDLE);
printf("* Pafish (");
SetConsoleTextAttribute(handler, 11);
printf("Paranoid fish");
SetConsoleTextAttribute(handler, FOREGROUND_INTENSITY);
printf(") *\n\n");
printf("Some anti(debugger/VM/sandbox) tricks\n");
printf("used by malware for the general public.\n\n");
}
void print_traced() {
HANDLE handler = GetStdHandle(STD_OUTPUT_HANDLE);
SetConsoleTextAttribute(handler, 207);
printf("traced!\n");
SetConsoleTextAttribute(handler, FOREGROUND_INTENSITY);
}
void print_not_traced() {
HANDLE handler = GetStdHandle(STD_OUTPUT_HANDLE);
SetConsoleTextAttribute(handler, 10);
printf("OK\n");
SetConsoleTextAttribute(handler, FOREGROUND_INTENSITY);
}
void print_suspicious() {
HANDLE handler = GetStdHandle(STD_OUTPUT_HANDLE);
SetConsoleTextAttribute(handler, 207);
printf("suspicious\n");
SetConsoleTextAttribute(handler, FOREGROUND_INTENSITY);
}
void write_log(char msg[]) {
FILE *log;
char logstr[1024];
snprintf(logstr, sizeof(logstr), "\n[pafish] %s", msg);
log = fopen("pafish.log", "a");
fputs(logstr, log);
fclose(log);
}
void write_trace(char product[]) {
FILE *trace;
trace = fopen(product, "a");
fclose(trace);
}

40
pafish/common.h
View File

@ -1,21 +1,19 @@
#ifndef COMM_H
#define COMM_H
void init_cmd_colors();
void print_header();
void print_traced();
void print_not_traced();
void print_suspicious();
void write_log(char msg[]);
void write_trace(char product[]);
extern int analysis_result;
#endif
#ifndef COMM_H
#define COMM_H
void init_cmd_colors();
void print_header();
void print_traced();
void print_not_traced();
void print_suspicious();
void write_log(char msg[]);
void write_trace(char product[]);
#endif

83
pafish/debuggers.c
View File

@ -1,42 +1,41 @@
#define _WIN32_WINNT 0x0501 /* _WIN32_WINNT_WINXP */
#include <windows.h>
#include "debuggers.h"
int debug_isdebuggerpresent() {
if (IsDebuggerPresent()) {
return 0;
}
else {
return 1;
}
}
/* This function is not used because it isn't reliable in
some new environments */
int debug_checkremotedebuggerpresent() {
BOOL isdebug = FALSE;
CheckRemoteDebuggerPresent(GetCurrentProcess(), &isdebug);
if (isdebug) {
return 0;
}
else {
return 1;
}
}
int debug_outputdebugstring() {
DWORD err = 99; /* Random error */
SetLastError(err);
/* If we're been debugging, this shouldn't
drop an error. */
OutputDebugString("useless");
if (GetLastError() == err){
return 0;
}
else {
return 1;
}
}
#define _WIN32_WINNT 0x0501 /* _WIN32_WINNT_WINXP */
#include <windows.h>
#include "debuggers.h"
#include "types.h"
int debug_isdebuggerpresent() {
if (IsDebuggerPresent())
return TRUE;
else
return FALSE;
}
/* This function is not used because it isn't reliable in
some new environments */
int debug_checkremotedebuggerpresent() {
BOOL isdebug = FALSE;
CheckRemoteDebuggerPresent(GetCurrentProcess(), &isdebug);
if (isdebug) {
return TRUE;
}
else {
return FALSE;
}
}
int debug_outputdebugstring() {
DWORD err = 99; /* Random error */
SetLastError(err);
/* If we're been debugging, this shouldn't
drop an error. */
OutputDebugString("useless");
if (GetLastError() == err){
return TRUE;
}
else {
return FALSE;
}
}

22
pafish/debuggers.h
View File

@ -1,11 +1,11 @@
#ifndef DEBUG_H
#define DEBUG_H
int debug_isdebuggerpresent();
int debug_checkremotedebuggerpresent();
int debug_outputdebugstring();
#endif
#ifndef DEBUG_H
#define DEBUG_H
int debug_isdebuggerpresent();
int debug_checkremotedebuggerpresent();
int debug_outputdebugstring();
#endif

200
pafish/gensandbox.c
View File

@ -1,105 +1,95 @@
#include <windows.h>
#include <winioctl.h>
#include <string.h>
#include "gensandbox.h"
int gensandbox_mouse_act() {
POINT position1, position2;
GetCursorPos(&position1);
Sleep(1750); /* Sleep time */
GetCursorPos(&position2);
if ((position1.x == position2.x) && (position1.y == position2.y)) {
/* No mouse activity during the sleep */
return 0;
}
else {
/* Mouse activity during the sleep */
return 1;
}
}
int gensandbox_username() {
char username[200];
int i;
DWORD usersize = sizeof(username);
GetUserName(username, &usersize);
for (i = 0; i < strlen(username); i++) { /* case-insensitive */
username[i] = toupper(username[i]);
}
if (strstr(username, "SANDBOX") != NULL) {
return 0;
}
if (strstr(username, "VIRUS") != NULL) {
return 0;
}
if (strstr(username, "MALWARE") != NULL) {
return 0;
}
return 1;
}
int gensandbox_path() {
char path[500];
int i;
DWORD pathsize = sizeof(path);
GetModuleFileName(NULL, path, pathsize);
for (i = 0; i < strlen(path); i++) { /* case-insensitive */
path[i] = toupper(path[i]);
}
if (strstr(path, "\\SAMPLE") != NULL) {
return 0;
}
if (strstr(path, "\\VIRUS") != NULL) {
return 0;
}
if (strstr(path, "SANDBOX") != NULL) {
return 0;
}
return 1;
}
int gensandbox_drive_size() {
HANDLE drive;
BOOL result;
GET_LENGTH_INFORMATION size;
DWORD lpBytesReturned;
drive = CreateFile("\\\\.\\PhysicalDrive0", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
if (drive == INVALID_HANDLE_VALUE) {
// Someone is playing tricks. Or not enough privileges.
CloseHandle(drive);
return 1;
}
result = DeviceIoControl(drive, IOCTL_DISK_GET_LENGTH_INFO, NULL, 0, &size,
sizeof(GET_LENGTH_INFORMATION), &lpBytesReturned, NULL);
CloseHandle(drive);
if (result != 0) {
if (size.Length.QuadPart / 1073741824 <= 50) { /* <= 50 GB */
return 0;
}
}
return 1;
}
int gensandbox_drive_size2() {
ULARGE_INTEGER bytes_available;
ULARGE_INTEGER total_bytes;
ULARGE_INTEGER total_number_free_bytes;
if (GetDiskFreeSpaceExA("C:\\", &bytes_available, &total_bytes, &total_number_free_bytes))
{
if (bytes_available.QuadPart / 1073741824 <= 60) { /* <= 60 GB */
return 0;
}
if (total_bytes.QuadPart / 1073741824 <= 60) { /* <= 60 GB */
return 0;
}
if (total_number_free_bytes.QuadPart / 1073741824 <= 60) { /* <= 60 GB */
return 0;
}
}
return 1;
}
#include <windows.h>
#include <winioctl.h>
#include <string.h>
#include "types.h"
#include "gensandbox.h"
int gensandbox_mouse_act() {
POINT position1, position2;
GetCursorPos(&position1);
Sleep(2000); /* Sleep time */
GetCursorPos(&position2);
if ((position1.x == position2.x) && (position1.y == position2.y)) {
/* No mouse activity during the sleep */
return TRUE;
}
else {
/* Mouse activity during the sleep */
return FALSE;
}
}
int gensandbox_username() {
char username[200];
int i;
DWORD usersize = sizeof(username);
GetUserName(username, &usersize);
for (i = 0; i < strlen(username); i++) { /* case-insensitive */
username[i] = toupper(username[i]);
}
if (strstr(username, "SANDBOX") != NULL) {
return TRUE;
}
if (strstr(username, "VIRUS") != NULL) {
return TRUE;
}
if (strstr(username, "MALWARE") != NULL) {
return TRUE;
}
return FALSE;
}
int gensandbox_path() {
char path[500];
int i;
DWORD pathsize = sizeof(path);
GetModuleFileName(NULL, path, pathsize);
for (i = 0; i < strlen(path); i++) { /* case-insensitive */
path[i] = toupper(path[i]);
}
if (strstr(path, "\\SAMPLE") != NULL) {
return TRUE;
}
if (strstr(path, "\\VIRUS") != NULL) {
return TRUE;
}
if (strstr(path, "SANDBOX") != NULL) {
return TRUE;
}
return FALSE;
}
int gensandbox_drive_size() {
HANDLE drive;
BOOL result;
GET_LENGTH_INFORMATION size;
DWORD lpBytesReturned;
drive = CreateFile("\\\\.\\PhysicalDrive0", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
if (drive == INVALID_HANDLE_VALUE) {
// Someone is playing tricks. Or not enough privileges.
CloseHandle(drive);
return FALSE;
}
result = DeviceIoControl(drive, IOCTL_DISK_GET_LENGTH_INFO, NULL, 0, &size,
sizeof(GET_LENGTH_INFORMATION), &lpBytesReturned, NULL);
CloseHandle(drive);
if (result != 0) {
if (size.Length.QuadPart / 1073741824 <= 60) /* <= 60 GB */
return TRUE;
}
return FALSE;
}
int gensandbox_drive_size2() {
ULARGE_INTEGER total_bytes;
if (GetDiskFreeSpaceExA("C:\\", NULL, &total_bytes, NULL))
{
if (total_bytes.QuadPart / 1073741824 <= 60) /* <= 60 GB */
return TRUE;
}
return FALSE;
}

30
pafish/gensandbox.h
View File

@ -1,15 +1,15 @@
#ifndef GENSAND_H
#define GENSAND_H
int gensandbox_mouse_act();
int gensandbox_username();
int gensandbox_path();
int gensandbox_drive_size();
int gensandbox_drive_size2();
#endif
#ifndef GENSAND_H
#define GENSAND_H
int gensandbox_mouse_act();
int gensandbox_username();
int gensandbox_path();
int gensandbox_drive_size();
int gensandbox_drive_size2();
#endif

53
pafish/hooks.c
View File

@ -1,26 +1,27 @@
#include <windows.h>
#include "hooks.h"
/* Thx Inaki for this! (@virtualminds_es) */
int check_hook_DeleteFileW_m1() {
DWORD *dwAddress = (DWORD *)DeleteFileW;
BYTE *b = (BYTE *)dwAddress;
if ((*b == 0xff) && (*(b+1) == 0x25)) {
b++; b++;
dwAddress = (DWORD *)b;
DWORD *c = (DWORD *)(*dwAddress);
BYTE *op = (BYTE *)*c;
if ((*op == 0x8b) && (*(op+1) == 0xff)) {
return 1;
}
else {
return 0;
}
}
else {
return 1;
}
}
#include <windows.h>
#include "hooks.h"
#include "types.h"
/* Thx Inaki for this! (@virtualminds_es) */
int check_hook_DeleteFileW_m1() {
DWORD *dwAddress = (DWORD *)DeleteFileW;
BYTE *b = (BYTE *)dwAddress;
if ((*b == 0xff) && (*(b+1) == 0x25)) {
b++; b++;
dwAddress = (DWORD *)b;
DWORD *c = (DWORD *)(*dwAddress);
BYTE *op = (BYTE *)*c;
if ((*op == 0x8b) && (*(op+1) == 0xff)) {
return FALSE;
}
else {
return TRUE;
}
}
else {
return FALSE;
}
}

14
pafish/hooks.h
View File

@ -1,7 +1,7 @@
#ifndef HOOKS_H
#define HOOKS_H
int check_hook_DeleteFileW_m1();
#endif
#ifndef HOOKS_H
#define HOOKS_H
int check_hook_DeleteFileW_m1();
#endif

637
pafish/main.c
View File

@ -4,6 +4,7 @@
#include <string.h>
#include <windows.h>
#include "types.h"
#include "common.h"
#include "debuggers.h"
@ -16,380 +17,316 @@
#include "qemu.h"
/*
Pafish (Paranoid fish)
Pafish (Paranoid fish)
All code from this project, including
functions, procedures and the main program
is licensed under GNU/GPL version 3.
All code from this project, including
functions, procedures and the main program
is licensed under GNU/GPL version 3.
So, if you are going to use functions or
procedures from this project to develop
your malware, you have to release the
source code as well :)
So, if you are going to use functions or
procedures from this project to develop
your malware, you have to release the
source code as well :)
- Alberto Ortega
- Alberto Ortega
*/
int main(int argc, char *argv[])
{
char icon[] = "Blue fish icon thanks to http://www.fasticon.com/", winverstr[32], aux[1024];
OSVERSIONINFO winver;
char icon[] = "Blue fish icon thanks to http://www.fasticon.com/", winverstr[32], aux[1024];
OSVERSIONINFO winver;
write_log("Start");
write_log("Start");
init_cmd_colors();
print_header();
init_cmd_colors();
print_header();
winver.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&winver);
snprintf(winverstr, sizeof(winverstr), "%d.%d build %d", winver.dwMajorVersion, winver.dwMinorVersion, winver.dwBuildNumber);
winver.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&winver);
snprintf(winverstr, sizeof(winverstr)-sizeof(winverstr[0]), "%d.%d build %d",
winver.dwMajorVersion, winver.dwMinorVersion, winver.dwBuildNumber);
printf("[*] Windows version: %s\n", winverstr);
snprintf(aux, sizeof(aux), "Windows version: %s", winverstr);
write_log(aux);
printf("[*] Windows version: %s\n", winverstr);
snprintf(aux, sizeof(aux)-sizeof(aux[0]), "Windows version: %s", winverstr);
write_log(aux);
printf("[*] Running checks ...\n");
printf("[*] Running checks ...\n");
/* Debuggers detection tricks */
printf("\n[-] Debuggers detection\n");
printf("[*] Using IsDebuggerPresent() ... ");
if (debug_isdebuggerpresent() == 0) {
write_log("Debugger traced using IsDebuggerPresent()");
print_traced();
write_trace("hi_debugger_isdebuggerpresent");
}
else {
print_not_traced();
}
/* This is only working on MS Windows systems prior to Vista */
if (winver.dwMajorVersion < 6) {
printf("[*] Using OutputDebugString() ... ");
if (debug_outputdebugstring() == 0) {
write_log("Debugger traced using OutputDebugString()");
print_traced();
write_trace("hi_debugger_outputdebugstring");
}
else {
print_not_traced();
}
}
/* Generic sandbox detection tricks */
printf("\n[-] Generic sandbox detection\n");
printf("[*] Using mouse activity ... ");
if (gensandbox_mouse_act() == 0) {
print_traced();
write_log("Sandbox traced using mouse activity");
write_trace("hi_sandbox_mouse_act");
}
else {
print_not_traced();
}
printf("[*] Checking username ... ");
if (gensandbox_username() == 0) {
print_traced();
write_log("Sandbox traced by checking username");
write_trace("hi_sandbox_username");
}
else {
print_not_traced();
}
printf("[*] Checking file path ... ");
if (gensandbox_path() == 0) {
print_traced();
write_log("Sandbox traced by checking file path");
write_trace("hi_sandbox_path");
}
else {
print_not_traced();
}
printf("[*] Checking if disk size <= 50GB ... ");
if (gensandbox_drive_size() == 0) {
print_traced();
write_log("Sandbox traced by checking disk size <= 50GB");
write_trace("hi_sandbox_drive_size");
}
else {
print_not_traced();
}
printf("[*] Checking if disk size by GetDiskFreeSpace <= 60GB ... ");
if (gensandbox_drive_size2() == 0) {
print_traced();
write_log("Sandbox traced by checking disk size GetDiskFreeSpace <= 60GB");
write_trace("hi_sandbox_drive_size_2");
}
else {
print_not_traced();
}
/* Hooks detection tricks */
printf("\n[-] Hooks detection\n");
printf("[*] Checking function DeleteFileW method 1 ... ");
if (check_hook_DeleteFileW_m1() == 0) {
print_traced();
write_log("Hooks traced using DeleteFileW method 1");
write_trace("hi_hooks_deletefile_m1");
}
else {
print_not_traced();
}
/* Sandboxie detection tricks */
printf("\n[-] Sandboxie detection\n");
printf("[*] Using sbiedll.dll ... ");
if (sboxie_detect_sbiedll() == 0) {
write_log("Sandboxie traced using sbiedll.dll");
print_traced();
write_trace("hi_sandboxie");
}
else {
print_not_traced();
}
/* Wine detection tricks */
printf("\n[-] Wine detection\n");
printf("[*] Using GetProcAddress(wine_get_unix_file_name) from kernel32.dll ... ");
if (wine_detect_get_unix_file_name() == 0) {
write_log("Wine traced using GetProcAddress(wine_get_unix_file_name) from kernel32.dll");
print_traced();
write_trace("hi_wine");
}
else {
print_not_traced();
}
/* VirtualBox detection tricks */
printf("\n[-] VirtualBox detection\n");
printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");
if (vbox_reg_key1() == 0) {
write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0 \"Identifier\"");
print_traced();
write_trace("hi_virtualbox");
}
else {
print_not_traced();
}
printf("[*] Reg key (HKLM\\HARDWARE\\Description\\System \"SystemBiosVersion\") ... ");
if (vbox_reg_key2() == 0) {
write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\Description\\System \"SystemBiosVersion\"");
print_traced();
write_trace("hi_virtualbox");
}
else {
print_not_traced();
}
printf("[*] Reg key (HKLM\\SOFTWARE\\Oracle\\VirtualBox Guest Additions) ... ");
if (vbox_reg_key3() == 0) {
write_log("VirtualBox traced using Reg key HKLM\\SOFTWARE\\Oracle\\VirtualBox Guest Additions");
print_traced();
write_trace("hi_virtualbox");
}
else {
print_not_traced();
}
printf("[*] Reg key (HKLM\\HARDWARE\\Description\\System \"VideoBiosVersion\") ... ");
if (vbox_reg_key4() == 0) {
write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\Description\\System \"VideoBiosVersion\"");
print_traced();
write_trace("hi_virtualbox");
}
else {
print_not_traced();
}
printf("[*] Reg key (HKLM\\HARDWARE\\ACPI\\DSDT\\VBOX__ ... ");
if (vbox_reg_key5() == 0) {
write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\ACPI\\DSDT\\VBOX__");
print_traced();
write_trace("hi_virtualbox");
}
else {
print_not_traced();
}
printf("[*] Reg key (HKLM\\SYSTEM\\CurrentControlSet\\Enum\\IDE ... ");
if (vbox_reg_key6() == 0) {
/* Debuggers detection tricks */
printf("\n[-] Debuggers detection\n");
printf("[*] Using IsDebuggerPresent() ... ");
if (debug_isdebuggerpresent() == TRUE) {
write_log("Debugger traced using IsDebuggerPresent()");
print_traced();
}
else {
print_not_traced();
}
write_trace("hi_debugger_isdebuggerpresent");
}
else print_not_traced();
printf("[*] Reg key (HKLM\\HARDWARE\\ACPI\\FADT\\VBOX__ ... ");
if (vbox_reg_key7() == 0) {
write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\ACPI\\FADT\\VBOX__");
print_traced();
write_trace("hi_virtualbox");
}
else {
print_not_traced();
}
printf("[*] Reg key (HKLM\\HARDWARE\\ACPI\\RSDT\\VBOX__ ... ");
if (vbox_reg_key8() == 0) {
write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\ACPI\\RSDT\\VBOX__");
print_traced();
write_trace("hi_virtualbox");
}
else {
print_not_traced();
}
printf("[*] Reg key (HKLM\\SYSTEM\\ControlSet001\\Services\\VBox* ... ");
if (vbox_reg_key9() == 0) {
print_traced();
}
else {
print_not_traced();
}
if (vbox_sysfile1() == 0) {
print_traced();
}
else {
print_not_traced();
}
if (vbox_sysfile2() == 0) {
print_traced();
}
else {
print_not_traced();
}
printf("[*] Looking for MAC ");
if (vbox_mac() == 0) {
print_traced();
}
else {
print_not_traced();
}
printf("[*] Looking for pseudo device ");
if (vbox_pseudodev() == 0) {
print_traced();
}
else {
print_not_traced();
}
printf("[*] Looking for pipe ");
if (vbox_pipe() == 0) {
print_traced();
}
else {
print_not_traced();
}
printf("[*] Looking for VBox tray tool window ");
if (vbox_traywindow() == 0) {
print_traced();
}
else {
print_not_traced();
}
printf("[*] Looking for VBox network share ");
if (vbox_network_share() == 0) {
print_traced();
}
else {
print_not_traced();
}
printf("[*] Looking for VBox processes ");
if (vbox_processes() == 0) {
print_traced();
}
else {
print_not_traced();
}
printf("[*] Looking for guest tools ");
if (vbox_guest_tools() == 0) {
print_traced();
/* This is only working on MS Windows systems prior to Vista */
if (winver.dwMajorVersion < 6) {
printf("[*] Using OutputDebugString() ... ");
if (debug_outputdebugstring() == TRUE) {
write_log("Debugger traced using OutputDebugString()");
print_traced();
write_trace("hi_debugger_outputdebugstring");
}
else print_not_traced();
}
printf("[*] Looking for VBox devices ");
if (vbox_devices() == 0) {
/* Generic sandbox detection tricks */
printf("\n[-] Generic sandbox detection\n");
printf("[*] Using mouse activity ... ");
if (gensandbox_mouse_act() == TRUE) {
print_traced();
}
else {
print_not_traced();
}
write_log("Sandbox traced using mouse activity");
write_trace("hi_sandbox_mouse_act");
}
else print_not_traced();
/* VMware detection tricks */
printf("\n[-] VMware detection\n");
printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");
if (vmware_reg_key1() == 0) {
write_log("VMWare traced using Reg key HKLM\\HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0 \"Identifier\"");
print_traced();
write_trace("hi_vmware");
}
else {
print_not_traced();
}
printf("[*] Reg key (HKLM\\SOFTWARE\\VMware, Inc.\\VMware Tools) ... ");
if (vmware_reg_key2() == 0) {
write_log("VMware traced using Reg key HKLM\\SOFTWARE\\VMware, Inc.\\VMware Tools");
print_traced();
write_trace("hi_vmware");
}
else {
print_not_traced();
}
printf("[*] Looking for C:\\WINDOWS\\system32\\drivers\\vmmouse.sys ... ");
if (vmware_sysfile1() == 0) {
write_log("VMware traced using file C:\\WINDOWS\\system32\\drivers\\vmmouse.sys");
print_traced();
write_trace("hi_vmware");
}
else {
print_not_traced();
}
printf("[*] Looking for C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys ... ");
if (vmware_sysfile2() == 0) {
write_log("VMware traced using file C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys");
print_traced();
write_trace("hi_vmware");
}
else {
print_not_traced();
}
printf("[*] Checking username ... ");
if (gensandbox_username() == TRUE) {
print_traced();
write_log("Sandbox traced by checking username");
write_trace("hi_sandbox_username");
}
else print_not_traced();
/* Qemu detection tricks */
printf("\n[-] Qemu detection\n");
printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");
if (qemu_reg_key1() == 0) {
write_log("Qemu traced using Reg key HKLM\\HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0 \"Identifier\"");
print_traced();
write_trace("hi_qemu");
}
else {
print_not_traced();
}
printf("[*] Reg key (HKLM\\HARDWARE\\Description\\System \"SystemBiosVersion\") ... ");
if (qemu_reg_key2() == 0) {
write_log("Qemu traced using Reg key HKLM\\HARDWARE\\Description\\System \"SystemBiosVersion\"");
print_traced();
write_trace("hi_qemu");
}
else {
print_not_traced();
}
printf("[*] Checking file path ... ");
if (gensandbox_path() == TRUE) {
print_traced();
write_log("Sandbox traced by checking file path");
write_trace("hi_sandbox_path");
}
else print_not_traced();
printf("\n\n");
printf("[-] Finished, feel free to RE me.");
printf("[*] Checking if disk size <= 60GB via DeviceIoControl() ... ");
if (gensandbox_drive_size() == TRUE) {
print_traced();
write_log("Sandbox traced by checking disk size <= 60GB via DeviceIoControl()");
write_trace("hi_sandbox_drive_size");
}
else print_not_traced();
write_log("End");
printf("[*] Checking if disk size <= 60GB via GetDiskFreeSpaceExA() ... ");
if (gensandbox_drive_size2() == TRUE) {
print_traced();
write_log("Sandbox traced by checking disk size <= 60GB via GetDiskFreeSpaceExA()");
write_trace("hi_sandbox_drive_size2");
}
else print_not_traced();
fflush(stdin);
/* Hooks detection tricks */
printf("\n[-] Hooks detection\n");
printf("[*] Checking function DeleteFileW method 1 ... ");
if (check_hook_DeleteFileW_m1() == TRUE) {
print_traced();
write_log("Hooks traced using DeleteFileW method 1");
write_trace("hi_hooks_deletefile_m1");
}
else print_not_traced();
/* Sandboxie detection tricks */
printf("\n[-] Sandboxie detection\n");
printf("[*] Using GetModuleHandle(sbiedll.dll) ... ");
if (sboxie_detect_sbiedll() == TRUE) {
write_log("Sandboxie traced using GetModuleHandle(sbiedll.dll)");
print_traced();
write_trace("hi_sandboxie");
}
else print_not_traced();
/* Wine detection tricks */
printf("\n[-] Wine detection\n");
printf("[*] Using GetProcAddress(wine_get_unix_file_name) from kernel32.dll ... ");
if (wine_detect_get_unix_file_name() == TRUE) {
write_log("Wine traced using GetProcAddress(wine_get_unix_file_name) from kernel32.dll");
print_traced();
write_trace("hi_wine");
}
else print_not_traced();
/* VirtualBox detection tricks */
printf("\n[-] VirtualBox detection\n");
printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");
if (vbox_reg_key1() == TRUE) {
write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0 \"Identifier\"");
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Reg key (HKLM\\HARDWARE\\Description\\System \"SystemBiosVersion\") ... ");
if (vbox_reg_key2() == TRUE) {
write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\Description\\System \"SystemBiosVersion\"");
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Reg key (HKLM\\SOFTWARE\\Oracle\\VirtualBox Guest Additions) ... ");
if (vbox_reg_key3() == TRUE) {
write_log("VirtualBox traced using Reg key HKLM\\SOFTWARE\\Oracle\\VirtualBox Guest Additions");
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Reg key (HKLM\\HARDWARE\\Description\\System \"VideoBiosVersion\") ... ");
if (vbox_reg_key4() == TRUE) {
write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\Description\\System \"VideoBiosVersion\"");
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Reg key (HKLM\\HARDWARE\\ACPI\\DSDT\\VBOX__ ... ");
if (vbox_reg_key5() == TRUE) {
write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\ACPI\\DSDT\\VBOX__");
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Reg key (HKLM\\HARDWARE\\ACPI\\FADT\\VBOX__ ... ");
if (vbox_reg_key7() == TRUE) {
write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\ACPI\\FADT\\VBOX__");
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Reg key (HKLM\\HARDWARE\\ACPI\\RSDT\\VBOX__ ... ");
if (vbox_reg_key8() == TRUE) {
write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\ACPI\\RSDT\\VBOX__");
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Reg key (HKLM\\SYSTEM\\ControlSet001\\Services\\VBox* ... ");
if (vbox_reg_key9(TRUE) == TRUE) {
/* Log written inside function */
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Driver files in C:\\WINDOWS\\system32\\drivers\\VBox* ... ");
if (vbox_sysfile1(TRUE) == TRUE) {
/* Log written inside function */
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Additional system files ... ");
if (vbox_sysfile2(TRUE) == TRUE) {
/* Log written inside function */
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Looking for a MAC address starting with 08:00:27 ... ");
if (vbox_mac() == TRUE) {
write_log("VirtualBox traced using MAC address starting with 08:00:27");
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Looking for pseudo devices ... ");
if (vbox_devices(TRUE) == TRUE) {
/* Log written inside function */
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Looking for VBoxTray windows ... ");
if (vbox_traywindow() == TRUE) {
write_log("VirtualBox traced using VBoxTray windows");
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Looking for VBox network share ... ");
if (vbox_network_share() == TRUE) {
write_log("VirtualBox traced using its network share");
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
printf("[*] Looking for VBox processes (vboxservice.exe, vboxtray.exe) ... ");
if (vbox_processes(TRUE) == TRUE) {
/* Log written inside function */
print_traced();
write_trace("hi_virtualbox");
}
else print_not_traced();
/* VMware detection tricks */
printf("\n[-] VMware detection\n");
printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");
if (vmware_reg_key1() == TRUE) {
write_log("VMWare traced using Reg key HKLM\\HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0 \"Identifier\"");
print_traced();
write_trace("hi_vmware");
}
else print_not_traced();
printf("[*] Reg key (HKLM\\SOFTWARE\\VMware, Inc.\\VMware Tools) ... ");
if (vmware_reg_key2() == TRUE) {
write_log("VMware traced using Reg key HKLM\\SOFTWARE\\VMware, Inc.\\VMware Tools");
print_traced();
write_trace("hi_vmware");
}
else print_not_traced();
printf("[*] Looking for C:\\WINDOWS\\system32\\drivers\\vmmouse.sys ... ");
if (vmware_sysfile1() == TRUE) {
write_log("VMware traced using file C:\\WINDOWS\\system32\\drivers\\vmmouse.sys");
print_traced();
write_trace("hi_vmware");
}
else print_not_traced();
printf("[*] Looking for C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys ... ");
if (vmware_sysfile2() == TRUE) {
write_log("VMware traced using file C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys");
print_traced();
write_trace("hi_vmware");
}
else print_not_traced();
/* Qemu detection tricks */
printf("\n[-] Qemu detection\n");
printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");
if (qemu_reg_key1() == TRUE) {
write_log("Qemu traced using Reg key HKLM\\HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0 \"Identifier\"");
print_traced();
write_trace("hi_qemu");
}
else print_not_traced();
printf("[*] Reg key (HKLM\\HARDWARE\\Description\\System \"SystemBiosVersion\") ... ");
if (qemu_reg_key2() == TRUE) {
write_log("Qemu traced using Reg key HKLM\\HARDWARE\\Description\\System \"SystemBiosVersion\"");
print_traced();
write_trace("hi_qemu");
}
else print_not_traced();
printf("\n\n");
printf("[-] Feel free to RE me, check log file for more information.");
write_log("End");
fflush(stdin);
getchar();
return 0;
return 0;
}

135
pafish/qemu.c
View File

@ -1,67 +1,68 @@
#include <windows.h>
#include <string.h>
#include "qemu.h"
int qemu_reg_key1() {
HKEY regkey;
LONG retu;
char value[1024];
int i;
DWORD size;
size = sizeof(value);
retu = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", 0, KEY_READ, &regkey);
if (retu == ERROR_SUCCESS) {
retu = RegQueryValueEx(regkey, "Identifier", NULL, NULL, (BYTE*)value, &size);
if (retu == ERROR_SUCCESS) {
for (i = 0; i < strlen(value); i++) { /* case-insensitive */
value[i] = toupper(value[i]);
}
if (strstr(value, "QEMU") != NULL) {
return 0;
}
else {
return 1;
}
}
else {
return 1;
}
}
else {
return 1;
}
}
int qemu_reg_key2() {
HKEY regkey;
LONG retu;
char value[1024];
int i;
DWORD size;
size = sizeof(value);
retu = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "HARDWARE\\Description\\System", 0, KEY_READ, &regkey);
if (retu == ERROR_SUCCESS) {
retu = RegQueryValueEx(regkey, "SystemBiosVersion", NULL, NULL, (BYTE*)value, &size);
if (retu == ERROR_SUCCESS) {
for (i = 0; i < strlen(value); i++) { /* case-insensitive */
value[i] = toupper(value[i]);
}
if (strstr(value, "QEMU") != NULL) {
return 0;
}
else {
return 1;
}
}
else {
return 1;
}
}
else {
return 1;
}
}
#include <windows.h>
#include <string.h>
#include "qemu.h"
#include "types.h"
int qemu_reg_key1() {
HKEY regkey;
LONG retu;
char value[1024];
int i;
DWORD size;
size = sizeof(value);
retu = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", 0, KEY_READ, &regkey);
if (retu == ERROR_SUCCESS) {
retu = RegQueryValueEx(regkey, "Identifier", NULL, NULL, (BYTE*)value, &size);
if (retu == ERROR_SUCCESS) {
for (i = 0; i < strlen(value); i++) { /* case-insensitive */
value[i] = toupper(value[i]);
}
if (strstr(value, "QEMU") != NULL) {
return TRUE;
}
else {
return FALSE;
}
}
else {
return FALSE;
}
}
else {
return FALSE;
}
}
int qemu_reg_key2() {
HKEY regkey;
LONG retu;
char value[1024];
int i;
DWORD size;
size = sizeof(value);
retu = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "HARDWARE\\Description\\System", 0, KEY_READ, &regkey);
if (retu == ERROR_SUCCESS) {
retu = RegQueryValueEx(regkey, "SystemBiosVersion", NULL, NULL, (BYTE*)value, &size);
if (retu == ERROR_SUCCESS) {
for (i = 0; i < strlen(value); i++) { /* case-insensitive */
value[i] = toupper(value[i]);
}
if (strstr(value, "QEMU") != NULL) {
return TRUE;
}
else {
return FALSE;
}
}
else {
return FALSE;
}
}
else {
return FALSE;
}
}

18
pafish/qemu.h
View File

@ -1,9 +1,9 @@
#ifndef QEMU_H
#define QEMU_H
int qemu_reg_key1();
int qemu_reg_key2();
#endif
#ifndef QEMU_H
#define QEMU_H
int qemu_reg_key1();
int qemu_reg_key2();
#endif

27
pafish/sandboxie.c
View File

@ -1,13 +1,14 @@
#include <windows.h>
#include "sandboxie.h"
int sboxie_detect_sbiedll() {
if (GetModuleHandle("sbiedll.dll") != NULL) {
return 0;
}
else {
return 1;
}
}
#include <windows.h>
#include "sandboxie.h"
#include "types.h"
int sboxie_detect_sbiedll() {
if (GetModuleHandle("sbiedll.dll") != NULL) {
return TRUE;
}
else {
return FALSE;
}
}

14
pafish/sandboxie.h
View File

@ -1,7 +1,7 @@
#ifndef SANBOXIE_H
#define SANBOXIE_H
int sboxie_detect_sbiedll();
#endif
#ifndef SANBOXIE_H
#define SANBOXIE_H
int sboxie_detect_sbiedll();
#endif

10
pafish/types.h Normal file
View File

@ -0,0 +1,10 @@
#ifndef TYPES_H
#define TYPES_H
#define TRUE 1
#define FALSE 0
typedef char * string;
#endif

30
pafish/utils.c Normal file
View File

@ -0,0 +1,30 @@
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include "utils.h"
#include "types.h"
inline int pafish_exists_regkey(HKEY hKey, char * regkey_s) {
HKEY regkey;
LONG ret;
ret = RegOpenKeyEx(hKey, regkey_s, 0, KEY_READ, &regkey);
if (ret == ERROR_SUCCESS) {
RegCloseKey(regkey);
return TRUE;
}
else
return FALSE;
}
inline int pafish_exists_file(char * filename) {
DWORD ret;
ret = GetFileAttributes(filename);
if (ret != INVALID_FILE_ATTRIBUTES)
return TRUE;
else
return FALSE;
}

9
pafish/utils.h Normal file
View File

@ -0,0 +1,9 @@
#ifndef UTILS_H
#define UTILS_H
inline int pafish_exists_regkey(HKEY hKey, char * regkey);
inline int pafish_exists_file(char * filename);
#endif

1054
pafish/vbox.c
View File

File diff suppressed because it is too large Load Diff

26
pafish/vbox.h
View File

@ -3,41 +3,25 @@
#define VBOX_H
int vbox_reg_key1();
int vbox_reg_key2();
int vbox_reg_key3();
int vbox_reg_key4();
int vbox_reg_key5();
int vbox_reg_key6();
int vbox_reg_key7();
int vbox_reg_key8();
int vbox_reg_key9(int writelogs);
int vbox_reg_key9();
int vbox_sysfile1();
int vbox_sysfile2();
int vbox_sysfile1(int writelogs);
int vbox_sysfile2(int writelogs);
int vbox_mac();
int vbox_pseudodev();
int vbox_pipe();
int vbox_devices(int writelogs);
int vbox_traywindow();
int vbox_network_share();
int vbox_processes();
int vbox_guest_tools();
int vbox_devices();
int vbox_processes(int writelogs);
#endif

120
pafish/vmware.c
View File

@ -1,70 +1,50 @@
#include <windows.h>
#include <string.h>
#include "vmware.h"
int vmware_reg_key1() {
HKEY regkey;
LONG retu;
char value[1024];
int i;
DWORD size;
size = sizeof(value);
retu = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", 0, KEY_READ, &regkey);
if (retu == ERROR_SUCCESS) {
retu = RegQueryValueEx(regkey, "Identifier", NULL, NULL, (BYTE*)value, &size);
if (retu == ERROR_SUCCESS) {
for (i = 0; i < strlen(value); i++) { /* case-insensitive */
value[i] = toupper(value[i]);
}
if (strstr(value, "VMWARE") != NULL) {
return 0;
}
else {
return 1;
}
}
else {
return 1;
}
}
else {
return 1;
}
}
int vmware_reg_key2() {
HKEY regkey;
LONG retu;
retu = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\VMware, Inc.\\VMware Tools", 0, KEY_READ, &regkey);
if (retu == ERROR_SUCCESS) {
return 0;
}
else {
return 1;
}
}
int vmware_sysfile1() {
DWORD ret;
ret = GetFileAttributes("C:\\WINDOWS\\system32\\drivers\\vmmouse.sys");
if (ret != INVALID_FILE_ATTRIBUTES) {
return 0;
}
else {
return 1;
}
}
int vmware_sysfile2() {
DWORD ret;
ret = GetFileAttributes("C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys");
if (ret != INVALID_FILE_ATTRIBUTES) {
return 0;
}
else {
return 1;
}
}
#include <windows.h>
#include <string.h>
#include "vmware.h"
#include "types.h"
#include "utils.h"
int vmware_reg_key1() {
HKEY regkey;
LONG retu;
char value[1024];
int i;
DWORD size;
size = sizeof(value);
retu = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", 0, KEY_READ, &regkey);
if (retu == ERROR_SUCCESS) {
retu = RegQueryValueEx(regkey, "Identifier", NULL, NULL, (BYTE*)value, &size);
if (retu == ERROR_SUCCESS) {
for (i = 0; i < strlen(value); i++) { /* case-insensitive */
value[i] = toupper(value[i]);
}
if (strstr(value, "VMWARE") != NULL) {
return TRUE;
}
else {
return FALSE;
}
}
else {
return FALSE;
}
}
else {
return FALSE;
}
}
int vmware_reg_key2() {
return pafish_exists_regkey(HKEY_LOCAL_MACHINE, "SOFTWARE\\VMware, Inc.\\VMware Tools");
}
int vmware_sysfile1() {
return pafish_exists_file("C:\\WINDOWS\\system32\\drivers\\vmmouse.sys");
}
int vmware_sysfile2() {
return pafish_exists_file("C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys");
}

26
pafish/vmware.h
View File

@ -1,13 +1,13 @@
#ifndef VMWARE_H
#define VMWARE_H
int vmware_reg_key1();
int vmware_reg_key2();
int vmware_sysfile1();
int vmware_sysfile2();
#endif
#ifndef VMWARE_H
#define VMWARE_H
int vmware_reg_key1();
int vmware_reg_key2();
int vmware_sysfile1();
int vmware_sysfile2();
#endif

41
pafish/wine.c
View File

@ -1,20 +1,21 @@
#include <windows.h>
#include "wine.h"
int wine_detect_get_unix_file_name() {
HMODULE k32;
k32 = GetModuleHandle("kernel32.dll");
if (k32 != NULL) {
if (GetProcAddress(k32, "wine_get_unix_file_name") != NULL) {
return 0;
}
else {
return 1;
}
}
else {
return 1;
}
}
#include <windows.h>
#include "wine.h"
#include "types.h"
int wine_detect_get_unix_file_name() {
HMODULE k32;
k32 = GetModuleHandle("kernel32.dll");
if (k32 != NULL) {
if (GetProcAddress(k32, "wine_get_unix_file_name") != NULL) {
return TRUE;
}
else {
return FALSE;
}
}
else {
return FALSE;
}
}

14
pafish/wine.h
View File

@ -1,7 +1,7 @@
#ifndef WINE_H
#define WINE_H
int wine_detect_get_unix_file_name();
#endif
#ifndef WINE_H
#define WINE_H
int wine_detect_get_unix_file_name();
#endif