Added two more registry keys: FADT and RSDT in Hardware/ACPI

pafish/main.c

@@ -206,6 +206,25 @@ int main(int argc, char *argv[])
         print_not_traced();
     }
 
+    printf("[*] Reg key (HKLM\\HARDWARE\\ACPI\\FADT\\VBOX__ ... ");
+    if (vbox_reg_key7() == 0) {
+        write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\ACPI\\FADT\\VBOX__");
+        print_traced();
+        write_trace("hi_virtualbox");
+    }
+    else {
+        print_not_traced();
+    }
+
+    printf("[*] Reg key (HKLM\\HARDWARE\\ACPI\\RSDT\\VBOX__ ... ");
+    if (vbox_reg_key8() == 0) {
+        write_log("VirtualBox traced using Reg key HKLM\\HARDWARE\\ACPI\\RSDT\\VBOX__");
+        print_traced();
+        write_trace("hi_virtualbox");
+    }
+    else {
+        print_not_traced();
+    }
 
     if (vbox_sysfile1() == 0) {        
     }

pafish/vbox.c

@@ -242,6 +242,45 @@ int vbox_reg_key6() {
     return res;
 }
 
+/**
+* FADT ACPI Regkey detection
+**/
+int vbox_reg_key7() {
+    HKEY regkey;
+    LONG retu;
+    char value[1024];
+    int i;
+    DWORD size;
+    
+    size = sizeof(value);
+    retu = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\FADT\\VBOX__", 0, KEY_READ, &regkey);
+    if (retu == ERROR_SUCCESS) {
+        return 0;
+    }
+    else {
+        return 1;
+    }
+}
+
+/**
+* RSDT ACPI Regkey detection
+**/
+int vbox_reg_key8() {
+    HKEY regkey;
+    LONG retu;
+    char value[1024];
+    int i;
+    DWORD size;
+    
+    size = sizeof(value);
+    retu = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\RSDT\\VBOX__", 0, KEY_READ, &regkey);
+    if (retu == ERROR_SUCCESS) {
+        return 0;
+    }
+    else {
+        return 1;
+    }
+}
 
 /**
 * VirtualBox Driver files in windows/system32

pafish/vbox.h

@@ -14,6 +14,10 @@ int vbox_reg_key5();
 
 int vbox_reg_key6();
 
+int vbox_reg_key7();
+
+int vbox_reg_key8();
+
 int vbox_sysfile1();
 
 int vbox_sysfile2();