反虚拟机/沙盒

using System;
using System.Management;
using System.Threading;

namespace Program
{
    class Anti_Analysis
    {
        public static void RunAntiAnalysis()
        {
            if (isVM()) 
            {
                Environment.FailFast(null);
            }
            Thread.Sleep(1000);
        }
        public static bool isVM()
        {            
            SelectQuery selectQuery = new SelectQuery("Select * from Win32_CacheMemory");
            //SelectQuery selectQuery = new SelectQuery("Select * from CIM_Memory");
            ManagementObjectSearcher searcher = new ManagementObjectSearcher(selectQuery);
            int i = 0;
            foreach (ManagementObject DeviceID in searcher.Get()) 
                i++;
            return (i == 0);            
        }
    }
}