network share detection

pafish/Makefile

@@ -5,7 +5,7 @@ SRC       = $(wildcard *.c)
 OBJ       = $(SRC:%.c=$(OBJDIR)/%.o) $(OBJDIR)/pafish_private.res
 BIN       = Output/MingW/pafish.exe
 LINKOBJ   = $(OBJDIR)/*.o $(OBJDIR)/pafish_private.res
-LIBS      = -s -lws2_32 -liphlpapi
+LIBS      = -s -lws2_32 -liphlpapi -lmpr
 CXXFLAGS  = -fexpensive-optimizations -O1 -static-libgcc
 CFLAGS    = -fexpensive-optimizations -O1
 GPROF     = i686-pc-mingw32-gprof

pafish/main.c

@@ -247,6 +247,12 @@ int main(int argc, char *argv[])
         print_not_traced();
     }
 
+    printf("[*] Looking for VBox network share ");
+    if (vbox_network_share() == 0) {
+    }
+    else {
+        print_not_traced();
+    }
     
     /* VMware detection tricks */
     printf("\n[-] VMware detection\n");

pafish/vbox.c

@@ -1,6 +1,7 @@
 
 #include <winsock2.h>
 #include <windows.h>
+#include <winnetwk.h>
 #include <string.h>
 #include <stdio.h>
 #include <iphlpapi.h>
@@ -414,3 +415,29 @@ int vbox_traywindow() {
  
     return res;
 }
+
+
+/**
+* Checking network shared
+* http://waleedassar.blogspot.com
+**/
+int vbox_network_share() {
+    int res=1;
+
+    unsigned long pnsize=0x1000;
+
+    char * provider=(char *)LocalAlloc(LMEM_ZEROINIT, pnsize);
+    int retv = WNetGetProviderName(WNNC_NET_RDR2SAMPLE, provider, &pnsize);
+    if (retv==NO_ERROR){
+        if (lstrcmpi(provider, "VirtualBox Shared Folders") == 0){
+            write_log("VirtualBox shared folder detected");
+            print_traced();
+            write_trace("hi_virtualbox");
+            res = 0;
+        }
+    }
+ 
+    return res;
+}
+
+

pafish/vbox.h

@@ -26,4 +26,6 @@ int vbox_pipe();
 
 int vbox_traywindow();
 
+int vbox_network_share();
+
 #endif