Added pseudo-device vm detection

pafish/main.c

@@ -208,6 +208,13 @@ int main(int argc, char *argv[])
         print_not_traced();
     }
 
+    printf("[*] Looking for pseudo device ");
+    if (vbox_pseudodev() == 0) {
+    }
+    else {
+        print_not_traced();
+    }
+    
     /* VMware detection tricks */
     printf("\n[-] VMware detection\n");
     printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");

pafish/vbox.c

@@ -228,3 +228,21 @@ int vbox_mac() {
     return res;
 }
 
+/**
+* Checking for the VirtualBox pseudo device VBoxMiniRdrDN
+**/
+int vbox_pseudodev() {
+    int res=1;
+    HANDLE h;
+
+    h = CreateFile("\\\\.\\VBoxMiniRdrDN", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
+    if (h != INVALID_HANDLE_VALUE){
+        write_log("VirtualBox traced using MAC starting with 08:00:27");
+        print_traced();
+        write_trace("hi_virtualbox");
+        res = 0;
+        CloseHandle(h);
+        }
+ 
+    return res;
+}

pafish/vbox.h

@@ -16,4 +16,6 @@ int vbox_sysfile2();
 
 int vbox_mac();
 
+int vbox_pseudodev();
+
 #endif