mirror of
https://github.com/a0rtega/pafish
synced 2024-11-25 23:59:37 +03:00
Merge pull request #9 from Thorsten-Sick/multi_virtualbox_files_support
Multi virtualbox files support
This commit is contained in:
commit
b639688a7b
@ -188,11 +188,14 @@ int main(int argc, char *argv[])
|
|||||||
else {
|
else {
|
||||||
print_not_traced();
|
print_not_traced();
|
||||||
}
|
}
|
||||||
printf("[*] Looking for C:\\WINDOWS\\system32\\drivers\\VBoxMouse.sys ... ");
|
|
||||||
if (vbox_sysfile1() == 0) {
|
if (vbox_sysfile1() == 0) {
|
||||||
write_log("VirtualBox traced using file C:\\WINDOWS\\system32\\drivers\\VBoxMouse.sys");
|
}
|
||||||
print_traced();
|
else {
|
||||||
write_trace("hi_virtualbox");
|
print_not_traced();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (vbox_sysfile2() == 0) {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
print_not_traced();
|
print_not_traced();
|
||||||
|
@ -1,9 +1,11 @@
|
|||||||
|
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#include <stdio.h>
|
||||||
#include "vbox.h"
|
#include "vbox.h"
|
||||||
|
|
||||||
|
typedef char * string;
|
||||||
|
|
||||||
int vbox_reg_key1() {
|
int vbox_reg_key1() {
|
||||||
HKEY regkey;
|
HKEY regkey;
|
||||||
LONG retu;
|
LONG retu;
|
||||||
@ -109,13 +111,79 @@ int vbox_reg_key4() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* VirtualBox Driver files in windows/system32
|
||||||
|
**/
|
||||||
int vbox_sysfile1() {
|
int vbox_sysfile1() {
|
||||||
DWORD ret;
|
DWORD ret;
|
||||||
ret = GetFileAttributes("C:\\WINDOWS\\system32\\drivers\\VBoxMouse.sys");
|
|
||||||
|
const int count = 4;
|
||||||
|
string strs[count];
|
||||||
|
int res = 1;
|
||||||
|
char message[200];
|
||||||
|
int i=0;
|
||||||
|
|
||||||
|
strs[0] = "C:\\WINDOWS\\system32\\drivers\\VBoxMouse.sys";
|
||||||
|
strs[1] = "C:\\WINDOWS\\system32\\drivers\\VBoxGuest.sys";
|
||||||
|
strs[2] = "C:\\WINDOWS\\system32\\drivers\\VBoxSF.sys";
|
||||||
|
strs[3] = "C:\\WINDOWS\\system32\\drivers\\VBoxVideo.sys";
|
||||||
|
|
||||||
|
|
||||||
|
for (i=0; i < count; i++){
|
||||||
|
sprintf(message, "[*] Looking for %s ... ", strs[i]);
|
||||||
|
printf(message);
|
||||||
|
ret = GetFileAttributes(strs[i]);
|
||||||
if (ret != INVALID_FILE_ATTRIBUTES) {
|
if (ret != INVALID_FILE_ATTRIBUTES) {
|
||||||
return 0;
|
sprintf(message, "VirtualBox traced using driver file %s", strs[i]);
|
||||||
}
|
write_log(message);
|
||||||
else {
|
print_traced();
|
||||||
return 1;
|
write_trace("hi_virtualbox");
|
||||||
|
res = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return res;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* VirtualBox files in windows/system32
|
||||||
|
**/
|
||||||
|
int vbox_sysfile2() {
|
||||||
|
DWORD ret;
|
||||||
|
|
||||||
|
const int count = 12;
|
||||||
|
string strs[count];
|
||||||
|
int res = 1;
|
||||||
|
char message[200];
|
||||||
|
int i=0;
|
||||||
|
|
||||||
|
strs[0] = "C:\\WINDOWS\\system32\\vboxdisp.dll";
|
||||||
|
strs[1] = "C:\\WINDOWS\\system32\\vboxhook.dll";
|
||||||
|
strs[2] = "C:\\WINDOWS\\system32\\vboxmrxnp.dll";
|
||||||
|
strs[3] = "C:\\WINDOWS\\system32\\vboxogl.dll";
|
||||||
|
strs[4] = "C:\\WINDOWS\\system32\\vboxoglarrayspu.dll";
|
||||||
|
strs[5] = "C:\\WINDOWS\\system32\\vboxoglcrutil.dll";
|
||||||
|
strs[6] = "C:\\WINDOWS\\system32\\vboxoglerrorspu.dll";
|
||||||
|
strs[7] = "C:\\WINDOWS\\system32\\vboxoglfeedbackspu.dll";
|
||||||
|
strs[8] = "C:\\WINDOWS\\system32\\vboxoglpackspu.dll";
|
||||||
|
strs[9] = "C:\\WINDOWS\\system32\\vboxoglpassthroughspu.dll";
|
||||||
|
strs[10] = "C:\\WINDOWS\\system32\\vboxservice.exe";
|
||||||
|
strs[11] = "C:\\WINDOWS\\system32\\vboxtray.exe";
|
||||||
|
|
||||||
|
for (i=0; i < count; i++){
|
||||||
|
sprintf(message, "[*] Looking for %s ... ", strs[i]);
|
||||||
|
printf(message);
|
||||||
|
ret = GetFileAttributes(strs[i]);
|
||||||
|
if (ret != INVALID_FILE_ATTRIBUTES) {
|
||||||
|
sprintf(message, "VirtualBox traced using file %s", strs[i]);
|
||||||
|
write_log(message);
|
||||||
|
print_traced();
|
||||||
|
write_trace("hi_virtualbox");
|
||||||
|
res = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return res;
|
||||||
|
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user