Merge pull request #21 from Thorsten-Sick/GetDiskFreeSpace

Added GetDiskFreeSpace based disk space detection with the min size 60 G...
This commit is contained in:
Alberto Ortega 2014-12-29 00:44:46 +01:00
commit 30892b519c
3 changed files with 33 additions and 0 deletions

View File

@ -82,3 +82,24 @@ int gensandbox_drive_size() {
} }
return 1; return 1;
} }
int gensandbox_drive_size2() {
ULARGE_INTEGER bytes_available;
ULARGE_INTEGER total_bytes;
ULARGE_INTEGER total_number_free_bytes;
if (GetDiskFreeSpaceExA("C:\\", &bytes_available, &total_bytes, &total_number_free_bytes))
{
if (bytes_available.QuadPart / 1073741824 <= 60) { /* <= 60 GB */
return 0;
}
if (total_bytes.QuadPart / 1073741824 <= 60) { /* <= 60 GB */
return 0;
}
if (total_number_free_bytes.QuadPart / 1073741824 <= 60) { /* <= 60 GB */
return 0;
}
}
return 1;
}

View File

@ -10,4 +10,6 @@ int gensandbox_path();
int gensandbox_drive_size(); int gensandbox_drive_size();
int gensandbox_drive_size2();
#endif #endif

View File

@ -114,6 +114,16 @@ int main(int argc, char *argv[])
print_not_traced(); print_not_traced();
} }
printf("[*] Checking if disk size by GetDiskFreeSpace <= 60GB ... ");
if (gensandbox_drive_size2() == 0) {
print_traced();
write_log("Sandbox traced by checking disk size GetDiskFreeSpace <= 60GB");
write_trace("hi_sandbox_drive_size_2");
}
else {
print_not_traced();
}
/* Hooks detection tricks */ /* Hooks detection tricks */
printf("\n[-] Hooks detection\n"); printf("\n[-] Hooks detection\n");
printf("[*] Checking function DeleteFileW method 1 ... "); printf("[*] Checking function DeleteFileW method 1 ... ");