mirrors
/
pafish
mirror of https://github.com/a0rtega/pafish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

VirtualBox pipe detection

This commit is contained in:
Thorsten Sick 2014-02-17 10:56:00 +01:00
parent e2ea0340b6
commit 69d2ffc190
3 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pafish/main.c
View File

@ -224,6 +224,13 @@ int main(int argc, char *argv[])
else {
print_not_traced();
}
printf("[*] Looking for pipe ");
if (vbox_pipe() == 0) {
}
else {
print_not_traced();
}
/* VMware detection tricks */
printf("\n[-] VMware detection\n");

22
pafish/vbox.c
View File

@ -257,7 +257,7 @@ int vbox_pseudodev() {
h = CreateFile("\\\\.\\VBoxMiniRdrDN", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (h != INVALID_HANDLE_VALUE){
write_log("VirtualBox traced using MAC starting with 08:00:27");
write_log("VBoxMiniRdrDN pseudo device detected");
print_traced();
write_trace("hi_virtualbox");
res = 0;
@ -266,3 +266,23 @@ int vbox_pseudodev() {
return res;
}
/**
* Checking for the VirtualBox pipe
**/
int vbox_pipe() {
int res=1;
HANDLE h;
h = CreateFile("\\\\.\\pipe\\VBoxTrayIPC", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (h != INVALID_HANDLE_VALUE){
write_log("VirtualBox VBoxTrayIPC pipe detected");
print_traced();
write_trace("hi_virtualbox");
res = 0;
CloseHandle(h);
}
return res;
}

2
pafish/vbox.h
View File

@ -20,4 +20,6 @@ int vbox_mac();
int vbox_pseudodev();
int vbox_pipe();
#endif