Added pseudo-device vm detection

2024-11-24 23:29:39 +03:00 · 2014-02-17 09:56:19 +01:00 · 2014-02-17 09:56:19 +01:00 · 2902f5f21f
commit 2902f5f21f
parent 7830b7a7d6
3 changed files with 27 additions and 0 deletions
--- a/pafish/main.c
+++ b/pafish/main.c
@ -207,6 +207,13 @@ int main(int argc, char *argv[])
    else {
        print_not_traced();
    }
+
+    printf("[*] Looking for pseudo device ");
+    if (vbox_pseudodev() == 0) {
+    }
+    else {
+        print_not_traced();
+    }
    
    /* VMware detection tricks */
    printf("\n[-] VMware detection\n");
--- a/pafish/vbox.c
+++ b/pafish/vbox.c
@ -228,3 +228,21 @@ int vbox_mac() {
    return res;
 }

+/**
+* Checking for the VirtualBox pseudo device VBoxMiniRdrDN
+**/
+int vbox_pseudodev() {
+    int res=1;
+    HANDLE h;
+
+    h = CreateFile("\\\\.\\VBoxMiniRdrDN", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
+    if (h != INVALID_HANDLE_VALUE){
+        write_log("VirtualBox traced using MAC starting with 08:00:27");
+        print_traced();
+        write_trace("hi_virtualbox");
+        res = 0;
+        CloseHandle(h);
+        }
+ 
+    return res;
+}
--- a/pafish/vbox.h
+++ b/pafish/vbox.h
@ -16,4 +16,6 @@ int vbox_sysfile2();

 int vbox_mac();

+int vbox_pseudodev();
+
 #endif