COM/DirectShow Audio device

最新推荐文章于 2020-12-22 00:27:31 发布

FFE4

最新推荐文章于 2020-12-22 00:27:31 发布

阅读量451

点赞数

分类专栏： Anti-SandBox 文章标签：检测沙箱 Anti-Sandbox

本文链接：https://blog.csdn.net/cssxn/article/details/100529981

版权

Anti-SandBox 专栏收录该内容

2 篇文章 0 订阅

订阅专栏

一些病毒通过COM组件来检测沙箱环境

#include "stdafx.h"
#include <windows.h>
#include <dshow.h>
#include <Strmif.h>
#pragma comment(lib,"Strmiids.lib")

int _tmain(int argc, _TCHAR* argv[])
{
	CoInitialize(0);
	wchar_t * filterName= L"random_name";
	IGraphBuilder * pGraph;
	CoCreateInstance(CLSID_FilterGraph, NULL, CLSCTX_INPROC_SERVER, IID_IGraphBuilder, (void**)&pGraph);
	if (E_POINTER != pGraph->AddFilter(NULL, filterName))
	{
		MessageBoxA(0, "检测到沙箱L ！\n", 0, 0);
	}

	IBaseFilter* pBaseFilter = NULL;
	CoCreateInstance(CLSID_AudioRender, NULL, CLSCTX_INPROC_SERVER, IID_IBaseFilter, (void**)&pBaseFilter);

	pGraph->AddFilter(pBaseFilter, filterName);

	IBaseFilter* pBaseFilter2 = NULL;
	pGraph->FindFilterByName(filterName, &pBaseFilter2);
	if (NULL == pBaseFilter2)
	{
		MessageBoxA(0, "检测到沙箱2L ！\n", 0, 0);
	}

	FILTER_INFO info = { 0 };
	pBaseFilter2->QueryFilterInfo(&info);
	if (0 != wcscmp(info.achName, filterName))
	{
		return 0;
	}

	IReferenceClock * pClock;
	if (0 != pBaseFilter2->GetSyncSource((&pClock)))
	{
		return 0;
	}

	if (0 != pClock)
	{
		return 0;
	}
	
	CLSID clsID;
	pBaseFilter2->GetClassID(&clsID);
	if (clsID.Data1 == 0)
	{
		exit(1);
	}

	if (NULL == pBaseFilter2)
	{
		exit(-1);
	}

	IEnumPins* pEnum = NULL;
	if (0 != pBaseFilter2->EnumPins(&pEnum))
	{
		exit(-1);
	}

	if (0 == pBaseFilter2->AddRef())
	{
		exit(-1);
	}


	MessageBoxA(0,"没有检测到沙箱，执行病毒代码！\n",0,0);
	system("pause");

	return 0;
}