simple code to detect the sandbox used by BitDefender
2012-08-03 17:14
302 查看
simple code to detect the sandbox used by BitDefender
http://hi.baidu.com/sec_/blog/item/a7ede81f2856a60c304e15c2.htmlsince everyone else is posting anti sandbox code, I figured I'd post this.
simple code to detect the sandbox used by BitDefender. works by identifying a non native IDT base address. code could be modified to detect other VMs by changing the address that I'm using to identify BitDefender.
| Code: |
| /* BitDefenderDefender.c - Detect BitDefender sandbox emulation. Hella easy. Credits: - Joanna Rutkowska (for redpill) Coded by: s134k */ #include <stdio.h> typedef enum {FALSE, TRUE} BOOL; BOOL IsBDVM() { unsigned char m[2+4], rpill[] = "\x0f\x01\x0d\x00\x00\x00\x00\xc3"; *((unsigned*)&rpill[3]) = (unsigned)m; ((void(*)())&rpill)(); if(*((unsigned*)&m[2]) == 0x80010160) return TRUE; return FALSE; } int main() { if(IsBDVM()) printf("\nBitDefender VM Detected.\n"); else printf("\nBitDefender VM Not Found.\n"); return 0; } |
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- workBench Error Code: 1046. No database selected Select the default DB to be used by double-clicking
- XDB: Utility package to change the HTTP and FTP ports used by XML DB
- mysql workbench 错误 No database selected Select the default DB to be used by double-clicking its nam
- This event supports the .NET Framework infrastructure and is not intended to be used directly from your code?继承自VScrollbar的自定义winform控件,某些事件不触发的问题(Winform控件开发学习)
- XDB: Utility package to change the HTTP and FTP ports used by XML DB.
- how to change the machine code to ASM by Using OllyDbg
- mysql workbench 错误 Error Code: 1046. No database selected Select the default DB to be used by doubl
- Build A Simple Socket Server - Can Be Used To Check The HTTP Protocol
- Listbox: scroll to the selected item by code
- When the RTP port is set to 8005, why is 8006 used by RTP and 8007 for RTCP for all communications ?
- How to move the databases that are used by SharePoint Portal Server 2003 to a computer that is running SQL Server
- Analysing the ASM code of a simple sample of C programming language at Linux Platform by GCC and GDB
- How to hide & unhide the grid from the page by using people code?
- jquery crossdomain post plugin i changed bit test code suite for my env,due to the windows env is not familiar with github operation,i didn't forked form the original resposeritoy
- Eclipse下,选项Add variable attributes to generated class files (used by the debugger)的含义
- Deleting a Mounted Folder The code example in this topic shows you how to delete a mounted folder by
- You receive a C4226 or a C4236 error message when you compile code to contain the keyword in 32-bit Visual C++(ZZ)
- 笔试题:Suggest a simple and fast way to multiply the input integer digit by 7。
- (转!!~!`)On the Criteria To Be Used in Decomposing Systems into Modules by D.L. Parnas
- Inside ARC — to see the code inserted by the compiler