VirtualBox pipe detection

2024-11-24 23:29:39 +03:00 · 2014-02-17 10:56:00 +01:00 · 2014-02-17 10:56:00 +01:00 · 69d2ffc190
commit 69d2ffc190
parent e2ea0340b6
3 changed files with 30 additions and 1 deletions
--- a/pafish/main.c
+++ b/pafish/main.c
@ -224,6 +224,13 @@ int main(int argc, char *argv[])
    else {
        print_not_traced();
    }
+
+    printf("[*] Looking for pipe ");
+    if (vbox_pipe() == 0) {
+    }
+    else {
+        print_not_traced();
+    }
    
    /* VMware detection tricks */
    printf("\n[-] VMware detection\n");
--- a/pafish/vbox.c
+++ b/pafish/vbox.c
@ -257,7 +257,7 @@ int vbox_pseudodev() {

    h = CreateFile("\\\\.\\VBoxMiniRdrDN", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
    if (h != INVALID_HANDLE_VALUE){
-        write_log("VirtualBox traced using MAC starting with 08:00:27");
+        write_log("VBoxMiniRdrDN pseudo device detected");
        print_traced();
        write_trace("hi_virtualbox");
        res = 0;
@ -266,3 +266,23 @@ int vbox_pseudodev() {
 
    return res;
 }
+
+/**
+* Checking for the VirtualBox pipe
+**/
+int vbox_pipe() {
+    int res=1;
+    HANDLE h;
+
+    h = CreateFile("\\\\.\\pipe\\VBoxTrayIPC", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
+    if (h != INVALID_HANDLE_VALUE){
+        write_log("VirtualBox VBoxTrayIPC pipe detected");
+        print_traced();
+        write_trace("hi_virtualbox");
+        res = 0;
+        CloseHandle(h);
+        }
+ 
+    return res;
+
+}
--- a/pafish/vbox.h
+++ b/pafish/vbox.h
@ -20,4 +20,6 @@ int vbox_mac();

 int vbox_pseudodev();

+int vbox_pipe();
+
 #endif