-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathantivm.c
71 lines (57 loc) · 1.39 KB
/
antivm.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#include <stdlib.h>
#include "antivm.h"
/* Re-implementation of BSD-style strncmp */
static inline int
inline_strncmp(const char *s1, const char *s2, size_t n)
{
if (n == 0)
return 0;
do {
if (*s1 != *s2++)
return (*(const unsigned char *)s1 - *(const unsigned char *)(s2 - 1));
if (*s1++ == 0)
break;
} while (--n != 0);
return 0;
}
static inline void
cpuid(unsigned int *eax, unsigned int *ebx, unsigned int *ecx, unsigned int *edx)
{
asm volatile("cpuid"
: "=a" (*eax),
"=b" (*ebx),
"=c" (*ecx),
"=d" (*edx)
: "0" (*eax), "2" (*ecx));
}
static inline void
process_exists(char *name)
{
}
bool CheckCPUIDHypervisor(void)
{
char name[13];
name[12] = 0;
unsigned int eax = 0x40000000;
cpuid(&eax, (unsigned int *) &name[0], (unsigned int *) &name[8], (unsigned int *) &name[4]);
// check against set of hypervisor strings
char hypervisors[3][12] = {"XenVMMXenVMM", "VMwareVMware", "KVMKVMKVM"};
for (size_t i = 0; i < 3; i++) {
if (inline_strncmp(name, hypervisors[i], 12) == 0)
return true;
}
return false;
}
bool CheckCPUIDIsVM(void)
{
unsigned eax = 0x1;
unsigned int *ecx;
cpuid(&eax, NULL, ecx, NULL);
if ((*ecx & (1 << 31)) >> 31)
return true;
return false;
}
bool CheckVMProcesses(void)
{
return false;
}