Istifadəçi |
2012-06-02 18:34 GMT |
|
|
|
Security |
|
Mesaj Sayı : 839 |
Mövzu Sayı : |
Rep Ver : |
Rep Sayı : 25 |
Indi Saytda : |
Cinsiyyət : Oğlan |
|
Şəhər : Sumqayıt |
Ölkə : |
Məslək : Pan - Turkism |
Yaş : 34 |
Mesaj : |
|
Kod: //************************************************** ****************************
//Unit : ANTIS
//Autor : Fakedo0r .:[PD-TEAM]:.
//Fecha : 04.04.2012
//Creditos : Cobein
//Descripcion : Detecta [VirtualPC / VMWare / VirtualBox]
// Detecta [Sandboxie / ThreatExpert / Anubis / CWSandbox / JoeBox]
//Uso : Anti_End;
//************************************************** ****************************
unit ANTIS;
//************************************************** ****************************
//DECLARACION DE CLASES
//************************************************** ****************************
interface
uses
Windows, ShlObj, Messages, SysUtils;
//************************************************** ****************************
//DECLARACION DE FUNCIONES / PROCEDIMIENTOS
//************************************************** ****************************
function InStr(iStart: Integer; sSource: String; sSourceToFind: String): Integer;
function TrimA(sCadena: String): String;
function IsVirtualPCPresent: Bool;
function IsInSandbox: Bool;
function Anti_End: Bool;
//************************************************** ****************************
//FUNCIONES / PROCEDIMIENTOS
//************************************************** ****************************
implementation
//************************************************** ****************************
//<--- MAQUINAS VIRTUALES [VirtualPC / VMWare / VirtualBox] --->
//************************************************** ****************************
function IsVirtualPCPresent: Bool;
const
sArrVM :array[0..2] of string = ('VIRTUAL','VMWARE','VBOX');
var
hlKey :HKEY;
sBuffer :String;
i :Integer;
iRegType :Integer;
iDataSize :Integer;
begin
IsVirtualPCPresent := False;
iRegType := 1;
if RegOpenKeyEx($80000002, Pchar('SYSTEM\ControlSet001\Services\Disk\Enum'), 0, $20019, hlKey) = 0 then
if RegQueryValueEx(hlKey, '0', 0, @iRegType, nil, @iDataSize) = 0 then
SetLength(sBuffer, iDataSize);
RegQueryValueEx(hlKey, '0', 0, @iRegType, PByte(PChar(sBuffer)), @iDataSize);
for I := 0 to 2 do
if InStr(1, TrimA(sBuffer), sArrVM[i]) > 0 then
IsVirtualPCPresent := True;
RegCloseKey(hlKey);
end;
//************************************************** ****************************
//<--- SANDBOX [Sandboxie / ThreatExpert / Anubis / CWSandbox / JoeBox] --->
//************************************************** ****************************
function IsInSandbox: Bool;
const
sArrSB :array[0..2] of string = ('76487-337-8429955-22614',
'76487-644-3177037-23510',
'55274-640-2673064-23950');
sArrDll :array[0..1] of string = ('sbiedll.dll', 'dbghelp.dll');
var
hlKey :HKEY;
sBuffer :String;
i :Integer;
hDll :Integer;
iRegType :Integer;
iDataSize :Integer;
hSnapShot :Integer;
begin
IsInSandbox := False;
iRegType := 1;
hDll := LoadLibrary(PChar(sArrDll[0]));
if hDll <> 0 then
IsInSandbox := True;
FreeLibrary(hDll);
hDll := LoadLibrary(PChar(sArrDll[1]));
if hDll <> 0 then
IsInSandbox := True;
FreeLibrary(hDll);
if RegOpenKeyEx($80000002, Pchar('Software\Microsoft\Windows\CurrentVersion') , 0, $20019, hlKey) = 0 then
if RegQueryValueEx(hlKey, 'ProductId', 0, @iRegType, nil, @iDataSize) = 0 then
SetLength(sBuffer, iDataSize);
RegQueryValueEx(hlKey, 'ProductId', 0, @iRegType, PByte(PChar(sBuffer)), @iDataSize);
for I := 0 to 2 do
if InStr(1, TrimA(sBuffer), sArrSB[i]) > 0 then
IsInSandbox := True;
RegCloseKey(hlKey);
end;
//************************************************** ****************************
//<--- BUSCA CADENA DENTRO DE OTRA CADENA --->
//************************************************** ****************************
function InStr(iStart: Integer; sSource: String; sSourceToFind: String): integer;
begin
Result := Pos(sSourceToFind, Copy(sSource, iStart, Length(sSource) - (iStart - 1)));
end;
//************************************************** ****************************
//<--- ELIMINA LOS ESPACIOS DE UNA CADENA --->
//************************************************** ****************************
function TrimA(sCadena: String): String;
begin
Result := '';
if sCadena = '' then Exit;
while sCadena[1] = ' ' do
begin
Delete(sCadena, 1, 1);
if sCadena='' then Exit;
end;
while sCadena[Length(sCadena)] = ' ' do
begin
Delete(sCadena,Length(sCadena),1);
if sCadena = '' then Exit;
end;
Result := sCadena;
end;
//************************************************** ****************************
//<--- CIERRA EL EJECUTABLE EN CASO DE TRUE --->
//************************************************** ****************************
function Anti_End: Bool;
begin
Anti_End := False;
if IsVirtualPCPresent = True or IsInSandbox = True then
ExitProcess(0);
end;
end.
Bura Ergenekon, təpədən-dırnağa Türkəm!
|
Anti-armenia.ORG |
|