- vm ware


back door - 3


;

mov ecx, 0Ah ;  

mov eax, 564d5868h ; 'VMXh' - ""

mov edx, 00005658h ; '..VX' - back-door

; ""

in eax, dx ; back-door

; EAX/EBX/ECX

; !

; Windows

vm-ware -

; SEH-,

; (

; )

; , ,

; , - -,

; vm-ware

; -

cmp ebx, 'VMXh' ;

je under_VMware ; , vm-ware

xor eax,eax ; , vm-ware!

ret ;

under_VMware:

ret ; vm-ware, eax

}

}

 

main()

{

// get_vm

__try,

//

// , vm-ware, get_vm,

// ,

// ( ,

// vm-ware )

__try { printf("%s %s\n",VM, (get_vm())?VM_DETECTED:VM_NOT_RECOGNZD);}

// ,

// Windows, vm-ware

__except(1) {printf("%s %s\n",VM, VM_NOT_DETECTED);}

}

 1 , back-door VM Ware ( )




- -  - -  - -