From 947720271703230e27ff46dd75993c84462b0cd5 Mon Sep 17 00:00:00 2001 From: Thorsten Sick Date: Thu, 3 Apr 2014 15:07:12 +0200 Subject: [PATCH] scanning for VirtualBox tools --- pafish/Makefile | 6 +++--- pafish/main.c | 9 ++++++++- pafish/vbox.c | 39 +++++++++++++++++++++++++++++++++++++++ pafish/vbox.h | 2 ++ 4 files changed, 52 insertions(+), 4 deletions(-) diff --git a/pafish/Makefile b/pafish/Makefile index f24568f..a207d2a 100644 --- a/pafish/Makefile +++ b/pafish/Makefile @@ -1,5 +1,5 @@ -CC = i686-pc-mingw32-gcc -WINDRES = i686-pc-mingw32-windres +CC = i686-w64-mingw32-gcc +WINDRES = i686-w64-mingw32-windres OBJDIR = Objects/MingW SRC = $(wildcard *.c) OBJ = $(SRC:%.c=$(OBJDIR)/%.o) $(OBJDIR)/pafish_private.res @@ -18,7 +18,7 @@ else RM = rm -f FixPath = $1 endif -LINK = i686-pc-mingw32-g++ +LINK = i686-w64-mingw32-g++ .PHONY: all all-before all-after clean clean-custom all: all-before $(BIN) all-after diff --git a/pafish/main.c b/pafish/main.c index 479514c..acb6869 100644 --- a/pafish/main.c +++ b/pafish/main.c @@ -289,7 +289,14 @@ int main(int argc, char *argv[]) else { print_not_traced(); } - + + printf("[*] Looking for guest tools "); + if (vbox_guest_tools() == 0) { + } + else { + print_not_traced(); + } + /* VMware detection tricks */ printf("\n[-] VMware detection\n"); printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... "); diff --git a/pafish/vbox.c b/pafish/vbox.c index 479ab99..810a38d 100644 --- a/pafish/vbox.c +++ b/pafish/vbox.c @@ -555,3 +555,42 @@ int vbox_processes() { } return res; } + +/** +* Checking for the VBoxControl and other vbox tools +**/ +int vbox_guest_tools() { + int res=1; + HANDLE h; + + h = CreateFile("c:\\windows\\system32\\VBoxControl.exe", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + if (h != INVALID_HANDLE_VALUE){ + write_log("VirtualBox VBoxControl.exe detected"); + print_traced(); + write_trace("hi_virtualbox"); + res = 0; + CloseHandle(h); + } + + h = CreateFile("c:\\program files\\oracle\\virtualbox guest additions\\VBoxDrvInst.exe", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + if (h != INVALID_HANDLE_VALUE){ + write_log("VirtualBox VBoxDrvInst.exe detected"); + print_traced(); + write_trace("hi_virtualbox"); + res = 0; + CloseHandle(h); + } + + h = CreateFile("c:\\program files\\oracle\\virtualbox guest additions\\VBoxWHQLFake.exe", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + if (h != INVALID_HANDLE_VALUE){ + write_log("VirtualBox VBoxWHQLFake.exe detected"); + print_traced(); + write_trace("hi_virtualbox"); + res = 0; + CloseHandle(h); + } + + return res; + +} + diff --git a/pafish/vbox.h b/pafish/vbox.h index 45a5093..d40a349 100644 --- a/pafish/vbox.h +++ b/pafish/vbox.h @@ -36,4 +36,6 @@ int vbox_network_share(); int vbox_processes(); +int vbox_guest_tools(); + #endif