Merge branch 'serializingme-dev-issue15-v1' into dev-chaos

This commit is contained in:
Alberto Ortega 2015-05-20 11:19:04 +02:00
commit 168f52cc58
5 changed files with 47 additions and 0 deletions

View File

@ -229,6 +229,14 @@ int main(void)
}
else print_not_traced();
printf("[*] Reg key (HKCU\\SOFTWARE\\Wine) ... ");
if (wine_reg_key1() == TRUE) {
write_log("Wine traced using Reg key HKCU\\SOFTWARE\\Wine");
print_traced();
write_trace("hi_wine");
}
else print_not_traced();
/* VirtualBox detection tricks */
printf("\n[-] VirtualBox detection\n");
printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");
@ -393,6 +401,14 @@ int main(void)
}
else print_not_traced();
printf("[*] Looking for pseudo devices ... ");
if (vmware_devices(TRUE) == TRUE) {
/* Log written inside function */
print_traced();
write_trace("hi_vmware");
}
else print_not_traced();
/* Qemu detection tricks */
printf("\n[-] Qemu detection\n");
printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");

View File

@ -1,10 +1,12 @@
#include <windows.h>
#include <string.h>
#include <stdio.h>
#include "vmware.h"
#include "types.h"
#include "utils.h"
#include "common.h"
int vmware_reg_key1() {
if ( pafish_exists_regkey_value_str(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier", "VMWARE") ||
@ -27,3 +29,23 @@ int vmware_sysfile1() {
int vmware_sysfile2() {
return pafish_exists_file("C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys");
}
int vmware_devices(int writelogs) {
HANDLE h;
const int count = 2;
string strs[count];
int res = FALSE, i = 0;
char message[200];
strs[0] = "\\\\.\\HGFS";
strs[1] = "\\\\.\\vmci";
for (i=0; i < count; i++) {
h = CreateFile(strs[i], GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (h != INVALID_HANDLE_VALUE) {
snprintf(message, sizeof(message)-sizeof(message[0]), "VMWare traced using device %s", strs[i]);
if (writelogs) write_log(message);
res = TRUE;
}
}
return res;
}

View File

@ -10,4 +10,6 @@ int vmware_sysfile1();
int vmware_sysfile2();
int vmware_devices();
#endif

View File

@ -3,6 +3,7 @@
#include "wine.h"
#include "types.h"
#include "utils.h"
int wine_detect_get_unix_file_name() {
HMODULE k32;
@ -19,3 +20,7 @@ int wine_detect_get_unix_file_name() {
return FALSE;
}
}
int wine_reg_key1() {
return pafish_exists_regkey(HKEY_CURRENT_USER, "SOFTWARE\\Wine");
}

View File

@ -4,4 +4,6 @@
int wine_detect_get_unix_file_name();
int wine_reg_key1();
#endif