判断程序是否运行在虚拟机里 收藏

//判读程序是否运行在虚拟机里

#include <windows.h>

#include <stdio.h>

// IsInsideVPC's exception filter

DWORD __forceinline IsInsideVPC_exceptionFilter(LPEXCEPTION_POINTERS ep)

{

PCONTEXT ctx = ep->ContextRecord;

ctx->Ebx = -1; // Not running VPC

ctx->Eip += 4; // skip past the "call VPC" opcodes

return EXCEPTION_CONTINUE_EXECUTION;

// we can safely resume execution since we skipped faulty instruction

}



// High level language friendly version of IsInsideVPC()

bool IsInsideVPC()

{

bool rc = false;

__try

{

_asm push ebx

_asm mov ebx, 0 // It will stay ZERO if VPC is running

_asm mov eax, 1 // VPC function number



// call VPC

_asm __emit 0Fh

_asm __emit 3Fh

_asm __emit 07h

_asm __emit 0Bh

_asm test ebx, ebx

_asm setz [rc]

_asm pop ebx

}

// The except block shouldn't get triggered if VPC is running!!

__except(IsInsideVPC_exceptionFilter(GetExceptionInformation()))

{

}



return rc;

}



bool IsInsideVMWare()

{

bool rc = true;



__try

{

__asm

{

push edx

push ecx

push ebx







mov eax, 'VMXh'

mov ebx, 0 // any value but not the MAGIC value

mov ecx, 10 // get VMWare version

mov edx, 'VX' // port number







in eax, dx // read port

// on return EAX returns the VERSION

cmp ebx, 'VMXh' // is it a reply from VMWare?

setz [rc] // set return value







pop ebx

pop ecx

pop edx

}

}

__except(EXCEPTION_EXECUTE_HANDLER)

{

rc = false;

}



return rc;

}



int main()

{

if (IsInsideVPC()) printf("I am in a VPC/n");

else if (IsInsideVMWare()) printf("I am in a VMWare/n");

else printf("I am in a real world/n");

return 0;

}