本帖最后由 JoyChou 于 2013-6-26 11:37 编辑
自己封装了一个类。
只是针对VMware,VMBox不涉及到。
主机效果:
VMware效果:
VMP反虚拟机就是通过IN特权指令,贴一个VMX过检测的几行代码:
[C++] 纯文本查看 复制代码 #Anti Anti VMWARE 过In检测,其他过不了
monitor_control.restrict_backdoor = "TRUE"
disable_acceleration = "TRUE"
isolation.tools.getPtrLocation.disable = "TRUE"
isolation.tools.setPtrLocation.disable = "TRUE"
isolation.tools.setVersion.disable = "TRUE"
isolation.tools.getVersion.disable = "TRUE"
monitor_control.disable_directexec = "TRUE"
monitor_control.disable_chksimd = "TRUE"
monitor_control.disable_ntreloc = "TRUE"
monitor_control.disable_selfmod = "TRUE"
monitor_control.disable_reloc = "TRUE"
monitor_control.disable_btinout = "TRUE"
monitor_control.disable_btmemspace = "TRUE"
monitor_control.disable_btpriv = "TRUE"
monitor_control.disable_btseg = "TRUE"
#Anti Anti VMWARE End
附件:
AntiVirtualMachine.zip
(23.72 KB, 下载次数: 248)
| 
[复制链接]
发表于 2013-6-26 11:31
