通过取得MAC地址判断是否在VM中

来源：互联网发布：网吧指纹软件申报编辑：程序博客网时间：2024/05/22 14:03

自己随手写的，自测试通过:

bool AntiVMware::AD_VM_CheckMacAddr(){const long MAX_COMMAND_SIZE = 10000;  TCHAR szFetCmd[] = _T("ipconfig /all");// 获取MAC的命令行SECURITY_ATTRIBUTES sa = {sizeof(SECURITY_ATTRIBUTES), NULL, TRUE};HANDLE hReadPipe, hWritePipe; //创建管道BOOL bRet = CreatePipe(&hReadPipe, &hWritePipe, &sa, 0);if (!bRet){return false;}//返回进程信息PROCESS_INFORMATION pi;     // 返回进程信息//控制命令行窗口信息STARTUPINFO si = {sizeof(STARTUPINFO)};GetStartupInfo(&si);si.hStdError = hWritePipe;si.hStdOutput = hWritePipe;si.wShowWindow = SW_HIDE;   //隐藏命令行窗口si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;//创建获取命令行进程bRet = CreateProcess(NULL, szFetCmd, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi);char szBuffer[MAX_COMMAND_SIZE+1] = {0};CString strBuffer;if (bRet){WaitForSingleObject(pi.hProcess, 100);//这里不要设为INFINITE，不然有些机器会卡死！unsigned long count;bRet = ReadFile(hReadPipe, szBuffer, MAX_COMMAND_SIZE, &count, 0);if (!bRet){//关闭所有句柄CloseHandle(hWritePipe);CloseHandle(hReadPipe);CloseHandle(pi.hProcess);CloseHandle(pi.hThread);return false;}else{//char szSearch1[] = "00-05-69";//char szSearch2[] = "00-0C-29";//char szSearch3[] = "00-50-56";//如果unicode环境内先转换成unicode            CString strBuffer;#ifdef UNICODEint len = MultiByteToWideChar(CP_ACP, 0, szBuffer,-1, NULL, 0);wchar_t *pBuf = new wchar_t[len+1];::ZeroMemory(pBuf, len+1);MultiByteToWideChar(CP_ACP, 0, szBuffer, -1, pBuf, len);strBuffer = pBuf;delete[] pBuf;pBuf = NULL;#elsestrBuffer = szBuffer;#endif// 一行行取出来，取得第一行包括"物理地址"或"Physical Address"的内容// 因为如果有vmware，它的"物理地址"或"Physical Address"同样在字符串中// 不过在主机后面int nStar = 0;int nEnd = 0;bool bFind = false; //找到mac地址那一行CString strChild;nEnd = strBuffer.Find(_T("\r\n"), nStar);while (nEnd != -1){if (nEnd != nStar){strChild = strBuffer.Mid(nStar, nEnd-nStar);if (-1 != strChild.Find(_T("物理地址"))||-1 != strChild.Find(_T("Physical Address"))){bFind = true;break;}}nStar = nEnd + 2;nEnd = strBuffer.Find(_T("\r\n"), nStar);}if (nStar != strBuffer.GetLength() &&!bFind)//在未找到时，取最后的一行{strChild = strBuffer.Right(strBuffer.GetLength() - nStar);}//这里判断strChild是否为VMWare的Mac地址if (!strChild.IsEmpty()){if (-1 != strChild.Find(_T("00-05-69"))||-1 != strChild.Find(_T("00-0C-29"))||-1 != strChild.Find(_T("00-50-56"))){//关闭所有句柄CloseHandle(hWritePipe);CloseHandle(hReadPipe);CloseHandle(pi.hProcess);CloseHandle(pi.hThread);return true;}}}}//关闭所有句柄CloseHandle(hWritePipe);CloseHandle(hReadPipe);CloseHandle(pi.hProcess);CloseHandle(pi.hThread);return false;}

bool AntiVMware::AD_VM_OtherCheckMacAddr(){PIP_ADAPTER_INFO pAdapterInfo = NULL;TCHAR szMac[32] = {0};DWORD AdapterInfoSize = 0;DWORD dwErr = GetAdaptersInfo(NULL, &AdapterInfoSize);if (0 != dwErr &&ERROR_BUFFER_OVERFLOW != dwErr){return false;}// 分配网卡信息内存pAdapterInfo = (PIP_ADAPTER_INFO)GlobalAlloc(GPTR, AdapterInfoSize);if (NULL == pAdapterInfo){return false;}if (ERROR_SUCCESS != GetAdaptersInfo(pAdapterInfo, &AdapterInfoSize)){GlobalFree(pAdapterInfo);return false;}if ((0 == pAdapterInfo->Address[0])&&(0x05 == pAdapterInfo->Address[1])&&(0x69 == pAdapterInfo->Address[2])){GlobalFree(pAdapterInfo);return true;}if ((0 == pAdapterInfo->Address[0])&&(0x0C == pAdapterInfo->Address[1])&&(0x29 == pAdapterInfo->Address[2])){GlobalFree(pAdapterInfo);return true;}if ((0 == pAdapterInfo->Address[0])&&(0x50 == pAdapterInfo->Address[1])&&(0x56 == pAdapterInfo->Address[2])){GlobalFree(pAdapterInfo);return true;}    GlobalFree(pAdapterInfo);return false;}