re #46 add IsNativeVhdBoot detection

This commit is contained in:
Alberto Ortega 2015-12-27 12:25:53 +01:00
parent 896f26f3be
commit 9ab9e0fb3b
3 changed files with 21 additions and 0 deletions

View File

@ -12,6 +12,11 @@
#include "gensandbox.h" #include "gensandbox.h"
#include "utils.h" #include "utils.h"
/**
* Prototype for IsNativeVhdBoot, which is only available in >= Windows 8
*/
typedef BOOL (WINAPI * IsNativeVhdBoot) (BOOL *);
int gensandbox_mouse_act() { int gensandbox_mouse_act() {
POINT position1, position2; POINT position1, position2;
GetCursorPos(&position1); GetCursorPos(&position1);
@ -164,3 +169,13 @@ int gensandbox_uptime() {
return GetTickCount() < 0xAFE74 ? TRUE : FALSE; return GetTickCount() < 0xAFE74 ? TRUE : FALSE;
} }
int gensandbox_IsNativeVhdBoot() {
BOOL isnative = FALSE;
IsNativeVhdBoot fnnative = (IsNativeVhdBoot) GetProcAddress(
GetModuleHandleA("kernel32"), "IsNativeVhdBoot");
/* IsNativeVhdBoot always returns 1 on query success */
if (fnnative)
fnnative(&isnative);
return (isnative) ? TRUE : FALSE;
}

View File

@ -24,4 +24,6 @@ int gensandbox_less_than_onegb();
int gensandbox_uptime(); int gensandbox_uptime();
int gensandbox_IsNativeVhdBoot();
#endif #endif

View File

@ -146,6 +146,10 @@ int main(void)
&gensandbox_uptime, &gensandbox_uptime,
"Sandbox traced by checking operating system uptime using GetTickCount()", "Sandbox traced by checking operating system uptime using GetTickCount()",
"hi_sandbox_uptime"); "hi_sandbox_uptime");
exec_check("Checking if operating system IsNativeVhdBoot()",
&gensandbox_IsNativeVhdBoot,
"Sandbox traced by checking IsNativeVhdBoot()",
"hi_sandbox_IsNativeVhdBoot");
/* Hooks detection tricks */ /* Hooks detection tricks */
print_check_group("Hooks detection"); print_check_group("Hooks detection");