코드 프로젝트 가상 환경 탐지 코드

// IsInsideVPC's exception filter DWORD __forceinline IsInsideVPC_exceptionFilter(LPEXCEPTION_POINTERS ep) { PCONTEXT ctx = ep->ContextRecord; ctx->Ebx = -1; // Not running VPC ctx->Eip += 4; // skip past the "call VPC" opcodes return EXCEPTION_CONTINUE_EXECUTION; // we can safely resume execution since we skipped faulty instruction } // High level language friendly version of IsInsideVPC() bool IsInsideVPC() { bool rc = false; __try { _asm push ebx _asm mov ebx, 0 // It will stay ZERO if VPC is running _asm mov eax, 1 // VPC function number // call VPC _asm __emit 0Fh _asm __emit 3Fh _asm __emit 07h _asm __emit 0Bh _asm test ebx, ebx _asm setz [rc] _asm pop ebx } // The except block shouldn't get triggered if VPC is running!! __except(IsInsideVPC_exceptionFilter(GetExceptionInformation())) { } return rc; } bool IsInsideVMWare() { bool rc = true; __try { __asm { push edx push ecx push ebx mov eax, 'VMXh' mov ebx, 0 // any value but not the MAGIC VALUE mov ecx, 10 // get VMWare version mov edx, 'VX' // port number in eax, dx // read port // on return EAX returns the VERSION cmp ebx, 'VMXh' // is it a reply from VMWare? setz [rc] // set return value pop ebx pop ecx pop edx } } __except(EXCEPTION_EXECUTE_HANDLER) { rc = false; } return rc; }

 

 

 

출처 : http://www.codeproject.com/KB/system/VmDetect.aspx