检测vmware等类似的虚拟机
来源:互联网 发布:国内网络存储厂商排名 编辑:程序博客网 时间:2024/05/29 03:21
转:http://bbs.pediy.com/showthread.php?t=214890
Anti-Virtualization / Full-System Emulation
Registry key value artifacts
HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 (Identifier) (VBOX)
HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 (Identifier) (QEMU)
HARDWARE\Description\System (SystemBiosVersion) (VBOX)
HARDWARE\Description\System (SystemBiosVersion) (QEMU)
HARDWARE\Description\System (VideoBiosVersion) (VIRTUALBOX)
HARDWARE\Description\System (SystemBiosDate) (06/23/99)
HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 (Identifier) (VMWARE)
HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0 (Identifier) (VMWARE)
HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0 (Identifier) (VMWARE)
Registry Keys artifacts
"HARDWARE\ACPI\RSDT\VBOX__"
"HARDWARE\ACPI\FADT\VBOX__"
"HARDWARE\ACPI\RSDT\VBOX__"
"SOFTWARE\Oracle\VirtualBox Guest Additions"
"SYSTEM\ControlSet001\Services\VBoxGuest"
"SYSTEM\ControlSet001\Services\VBoxMouse"
"SYSTEM\ControlSet001\Services\VBoxService"
"SYSTEM\ControlSet001\Services\VBoxSF"
"SYSTEM\ControlSet001\Services\VBoxVideo"
SOFTWARE\VMware, Inc.\VMware Tools
SOFTWARE\Wine
File system artifacts
"system32\drivers\VBoxMouse.sys"
"system32\drivers\VBoxGuest.sys"
"system32\drivers\VBoxSF.sys"
"system32\drivers\VBoxVideo.sys"
"system32\vboxdisp.dll"
"system32\vboxhook.dll"
"system32\vboxmrxnp.dll"
"system32\vboxogl.dll"
"system32\vboxoglarrayspu.dll"
"system32\vboxoglcrutil.dll"
"system32\vboxoglerrorspu.dll"
"system32\vboxoglfeedbackspu.dll"
"system32\vboxoglpackspu.dll"
"system32\vboxoglpassthroughspu.dll"
"system32\vboxservice.exe"
"system32\vboxtray.exe"
"system32\VBoxControl.exe"
"system32\drivers\vmmouse.sys"
"system32\drivers\vmhgfs.sys"
Directories artifacts
"%PROGRAMFILES%\oracle\virtualbox guest additions\"
"%PROGRAMFILES%\VMWare\"
Memory artifacts - Interupt Descriptor Table (IDT) location - Local Descriptor Table (LDT) location - Global Descriptor Table (GDT) location - Task state segment trick with STR
MAC Address
"\x08\x00\x27" (VBOX)
"\x00\x05\x69" (VMWARE)
"\x00\x0C\x29" (VMWARE)
"\x00\x1C\x14" (VMWARE)
"\x00\x50\x56" (VMWARE)
Virtual devices
"\\.\VBoxMiniRdrDN"
"\\.\VBoxGuest"
"\\.\pipe\VBoxMiniRdDN"
"\\.\VBoxTrayIPC"
"\\.\pipe\VBoxTrayIPC")
"\\.\HGFS"
"\\.\vmci"
Hardware Device information
SetupAPI SetupDiEnumDeviceInfo (GUID_DEVCLASS_DISKDRIVE)
QEMU
VMWare
VBOX
VIRTUAL HD
Adapter name
VMWare
Windows Class
VBoxTrayToolWndClass
VBoxTrayToolWnd
Network shares
VirtualBox Shared Folders
Processes
vboxservice.exe (VBOX)
vboxtray.exe (VBOX)
vmtoolsd.exe (VMWARE)
vmwaretray.exe (VMWARE)
vmwareuser (VMWARE)
vmsrvc.exe (VirtualPC)
vmusrvc.exe (VirtualPC)
prl_cc.exe (Parallels)
prl_tools.exe (Parallels)
xenservice.exe (Citrix Xen)
WMI
SELECT * FROM Win32_Bios (SerialNumber) (VMWARE)
SELECT * FROM Win32_PnPEntity (DeviceId) (VBOX)
SELECT * FROM Win32_NetworkAdapterConfiguration (MACAddress) (VBOX)
SELECT * FROM Win32_NTEventlogFile (VBOX)
SELECT * FROM Win32_Processor (NumberOfCores) (GENERIC)
SELECT * FROM Win32_LogicalDisk (Size) (GENERIC)
DLL Exports and Loaded DLLs
kernel32.dll!wine_get_unix_file_nameWine (Wine)
sbiedll.dll (Sandboxie)
dbghelp.dll (MS debugging support routines)
api_log.dll (iDefense Labs)
dir_watch.dll (iDefense Labs)
pstorec.dll (SunBelt Sandbox)
vmcheck.dll (Virtual PC)
wpespy.dll (WPE Pro)
https://github.com/LordNoteworthy/al-khaser
- 检测vmware等类似的虚拟机
- VMWare 绕过虚拟机检测
- 虚拟机设置-VMWare等
- VMWare Virtual PC 虚拟机 检测
- 检测你的程序是否运行在虚拟机(VMware)
- 检测VMware虚拟机及更新Hal文件的脚本示例
- 如何绕开对通用VMware虚拟机检测
- 防止vmware虚拟机被检测到
- Vmware虚拟机检测不到USB设备
- 如何绕开对通用VMware虚拟机检测
- VMware虚拟机的联网
- VMware虚拟机的安装
- vmware 虚拟机的快捷键
- [VMware]虚拟机的安装
- VMware虚拟机的安装
- VMware虚拟机的安装
- Vmware虚拟机安装solaris10遇到的网络等配置问题及解决方法
- Linux 在vmware等虚拟机中桥接,NAT,Host Only的区别分析
- Jenkins -- 配置构建触发器
- ListView嵌套RecycleView滑动卡顿问题的优化方案
- 知识表示学习研究进展
- 入门训练 圆的面积
- LeetCode-148. Sort List
- 检测vmware等类似的虚拟机
- test
- mac系统升级到10.12后homebrew不能正常使用的问题
- 个人网站怎么备案?
- 几个易混淆概念(2)
- 年末发点代码系列(1)
- myeclipse 删除项目后记得删除tomcat部署目录下的项目信息。D:\Java\apache-tomcat-6.0.43\webapps
- 年末系列(2)-加速器
- jenkins 构建触发器 区别
