# 反虚拟机/沙盒 c#(WMI检测内存): ```csharp using System; using System.Management; using System.Threading; namespace Program { class Anti_Analysis { public static void RunAntiAnalysis() { if (isVM()) { Environment.FailFast(null); } Thread.Sleep(1000); } public static bool isVM() { SelectQuery selectQuery = new SelectQuery("Select * from Win32_CacheMemory"); //SelectQuery selectQuery = new SelectQuery("Select * from CIM_Memory"); ManagementObjectSearcher searcher = new ManagementObjectSearcher(selectQuery); int i = 0; foreach (ManagementObject DeviceID in searcher.Get()) i++; return (i == 0); } } } ``` c++(即插即用设备) {% embed url="" %} ```cpp #include #include #include int main() { DISPLAY_DEVICE dd; dd.cb = sizeof(dd); int deviceIndex = 0; while (EnumDisplayDevices(0, deviceIndex, &dd, 0)) { std::wstring deviceName = dd.DeviceName; int monitorIndex = 0; while (EnumDisplayDevices(deviceName.c_str(), monitorIndex, &dd, 0)) { int flag = strlen((const char*)dd.DeviceString); if (flag > 2) { std::wcout << "this is vm"; } else { std::wcout << "this is not vm"; } ++monitorIndex; } ++deviceIndex; } return 0; } ``` {% embed url="" %} 测试工具: {% embed url="" %} {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.qwqdanchun.com/main/anti-analysis/anti-vm-sandbox.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.