-
Notifications
You must be signed in to change notification settings - Fork 74
/
BypassVM.py
72 lines (53 loc) · 2.42 KB
/
BypassVM.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
"""
1. Registry Check
2. Processes and Files Check
3. MAC check
4. Memory Check
5. Communication Channel Check:
6. Other Hardware Check:
========================
Less Ram : < 1 GB
Hard Disk: < 80 GB
"""
import os, sys, subprocess, re, uuid, ctypes
class BypassVM:
def registry_check(self):
reg1 = os.system("REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDesc 2> nul")
reg2 = os.system("REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\ProviderName 2> nul")
if reg1 != 1 and reg2 != 1:
print("VMware Registry Detected")
sys.exit()
def processes_and_files_check(self):
vmware_dll = os.path.join(os.environ["SystemRoot"], "System32\\vmGuestLib.dll")
virtualbox_dll = os.path.join(os.environ["SystemRoot"], "vboxmrxnp.dll")
process = os.popen('TASKLIST /FI "STATUS eq RUNNING" | find /V "Image Name" | find /V "="').read()
processList = []
for processNames in process.split(" "):
if ".exe" in processNames:
processList.append(processNames.replace("K\n", "").replace("\n", ""))
if "VMwareService.exe" in processList or "VMwareTray.exe" in processList:
print("VMwareService.exe & VMwareTray.exe process are running")
sys.exit()
if os.path.exists(vmware_dll):
print("Vmware DLL Detected")
sys.exit()
if os.path.exists(virtualbox_dll):
print("VirtualBox DLL Detected")
sys.exit()
try:
sandboxie = ctypes.cdll.LoadLibrary("SbieDll.dll")
print("Sandboxie DLL Detected")
sys.exit()
except:
pass
def mac_check(self):
mac_address = ':'.join(re.findall('..', '%012x' % uuid.getnode()))
vmware_mac_list = ["00:05:69", "00:0c:29", "00:1c:14", "00:50:56"]
if mac_address[:8] in vmware_mac_list:
print("VMware MAC Address Detected")
sys.exit()
if __name__ == '__main__':
test = BypassVM()
test.registry_check()
test.processes_and_files_check()
test.mac_check()