反虚拟机/沙盒

using System;
using System.Management;
using System.Threading;

namespace Program
{
    class Anti_Analysis
    {
        public static void RunAntiAnalysis()
        {
            if (isVM()) 
            {
                Environment.FailFast(null);
            }
            Thread.Sleep(1000);
        }
        public static bool isVM()
        {            
            SelectQuery selectQuery = new SelectQuery("Select * from Win32_CacheMemory");
            //SelectQuery selectQuery = new SelectQuery("Select * from CIM_Memory");
            ManagementObjectSearcher searcher = new ManagementObjectSearcher(selectQuery);
            int i = 0;
            foreach (ManagementObject DeviceID in searcher.Get()) 
                i++;
            return (i == 0);            
        }
    }
}

#include <Windows.h>
#include <iostream>
#include <string>

int main()
{
  DISPLAY_DEVICE dd;
  dd.cb = sizeof(dd);
  int deviceIndex = 0;
  while (EnumDisplayDevices(0, deviceIndex, &dd, 0))
  {
    std::wstring deviceName = dd.DeviceName;
    int monitorIndex = 0;
    while (EnumDisplayDevices(deviceName.c_str(), monitorIndex, &dd, 0))
    {
      int flag = strlen((const char*)dd.DeviceString);
      if (flag > 2) {
        std::wcout << "this is vm";
      }
      else
      {
        std::wcout << "this is not vm";
      }
      ++monitorIndex;
    }
    ++deviceIndex;
  }
  return 0;
}