反虚拟机/沙盒
c#(WMI检测内存):
using System;
using System.Management;
using System.Threading;
namespace Program
{
class Anti_Analysis
{
public static void RunAntiAnalysis()
{
if (isVM())
{
Environment.FailFast(null);
}
Thread.Sleep(1000);
}
public static bool isVM()
{
SelectQuery selectQuery = new SelectQuery("Select * from Win32_CacheMemory");
//SelectQuery selectQuery = new SelectQuery("Select * from CIM_Memory");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(selectQuery);
int i = 0;
foreach (ManagementObject DeviceID in searcher.Get())
i++;
return (i == 0);
}
}
}
c++(即插即用设备)
#include <Windows.h>
#include <iostream>
#include <string>
int main()
{
DISPLAY_DEVICE dd;
dd.cb = sizeof(dd);
int deviceIndex = 0;
while (EnumDisplayDevices(0, deviceIndex, &dd, 0))
{
std::wstring deviceName = dd.DeviceName;
int monitorIndex = 0;
while (EnumDisplayDevices(deviceName.c_str(), monitorIndex, &dd, 0))
{
int flag = strlen((const char*)dd.DeviceString);
if (flag > 2) {
std::wcout << "this is vm";
}
else
{
std::wcout << "this is not vm";
}
++monitorIndex;
}
++deviceIndex;
}
return 0;
}
测试工具:
最近更新 2yr ago