标签:保存 first handle null help splay const isp return
该程序参考于:Tencent2016C (虚拟机检测技术)
将代码修改后进行整理
贴出:
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <Tlhelp32.h>
#include <conio.h>
#include <Shlwapi.h>
#pragma comment(lib, "Shlwapi.lib")
bool CheckVMware1();
bool CheckVMware2();
bool CheckVMware3();
bool CheckVMware4();
bool CheckVMware5();
int main()
{
int n;
bool result;
while (1)
{
printf("虚拟机检测技术:\n");
printf("1. 基于CPU运算时间的检测\n");
printf("2. 基于注册表的检测\n");
printf("3. 基于当前进程信息的检测\n");
printf("4. 基于特定文件的检测\n");
printf("5. 基于注册服务的检测\n");
printf("0. 退出\n");
printf("请选择:");
scanf("%d", &n);
flushall();
printf("检测结果:");
switch (n)
{
case 0: return 0;
case 1: result = CheckVMware1(); break;
case 2: result = CheckVMware2(); break;
case 3: result = CheckVMware3(); break;
case 4: result = CheckVMware4(); break;
case 5: result = CheckVMware5(); break;
default:printf("输入错误,请重新输入!\n"); Sleep(2000); system("cls"); continue;
}
if (result)
printf("yes!\n");
else
printf("no!\n");
printf("按任意键返回主菜单\n");
getch();
flushall();
system("cls");
}
return 0;
}
//基于CPU运算时间的检测
bool CheckVMware1()
{
__asm
{
rdtsc
xchg ebx, eax
rdtsc
sub eax, ebx
cmp eax, 0xFF
jg detected
}
return FALSE;
detected:
return TRUE;
}
//基于注册表的检测
bool CheckVMware2()
{
HKEY hkey;
if (RegOpenKey(HKEY_CLASSES_ROOT, "\\Applications\\VMwareHostOpen.exe", &hkey) == ERROR_SUCCESS)
{
return TRUE;
}
else
{
return FALSE;
}
}
//基于当前进程信息的检测
bool CheckVMware3()
{
PROCESSENTRY32 pe32; //存放快照进程信息的一个结构体
pe32.dwSize = sizeof(pe32); //在使用这个结构之前,先设置它的大小
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); //给系统内的所有进程拍一个快照
if (hProcessSnap == INVALID_HANDLE_VALUE)
{
return FALSE;
}
bool bMore = Process32First(hProcessSnap, &pe32);
while (bMore)
{
if (strcmp((const char *)pe32.szExeFile, "vmtoolsd.exe") == 0)
{
return TRUE;
}
bMore = Process32Next(hProcessSnap, &pe32);
}
CloseHandle(hProcessSnap);
return FALSE;
}
//基于特定文件的检测
bool CheckVMware4()
{
if (PathIsDirectory("C:\\Program Files\\VMware\\VMware Tools\\") == 0)
{
return FALSE;
}
else
{
return TRUE;
}
}
//基于注册服务的检测
bool CheckVMware5()
{
//打开系统服务控制器
SC_HANDLE SCMan = OpenSCManager(NULL, NULL, SC_MANAGER_ENUMERATE_SERVICE);
if (SCMan == NULL)
{
printf("%ld", GetLastError());
printf("OpenSCManager Eorror/n");
return -1;
}
//保存系统服务的结构
LPENUM_SERVICE_STATUSA service_status;
DWORD cbBytesNeeded = NULL;
DWORD ServicesReturned = NULL;
DWORD ResumeHandle = NULL;
service_status = (LPENUM_SERVICE_STATUSA)LocalAlloc(LPTR, 1024 * 64);
//获取系统服务的简单信息
bool ESS = EnumServicesStatusA(SCMan, //系统服务句柄
SERVICE_WIN32, //服务的类型
SERVICE_STATE_ALL, //服务的状态
(LPENUM_SERVICE_STATUSA)service_status, //输出参数,系统服务的结构
1024 * 64, //结构的大小
&cbBytesNeeded, //输出参数,接收返回所需的服务
&ServicesReturned, //输出参数,接收返回服务的数量
&ResumeHandle); //输入输出参数,第一次调用必须为0,返回为0代表成功
if (ESS == NULL)
{
printf("EnumServicesStatus Eorror/n");
return -1;
}
for (int i = 0; i < ServicesReturned; i++)
{
if (strstr(service_status[i].lpDisplayName, "VMware Tools") != NULL || strstr(service_status[i].lpDisplayName, "VMware 物理磁盘助手服务") != NULL)
{
return TRUE;
}
}
//关闭服务管理器的句柄
CloseServiceHandle(SCMan);
return FALSE;
}
PS:在虚拟机环境下
可以自行复制,运行后检测,.exe文件就不上传了
标签:保存 first handle null help splay const isp return
原文地址:https://www.cnblogs.com/fcgfcgfcg/p/9272944.html
