virtmach.pas

pipe类 pipe类 pipe类 pipe类 pipe类

unit VirtMach;

interface

uses Windows;

function IsVMwarePresent: boolean; stdcall;
function IsVPCPresent: boolean; assembler;

implementation

function IsVMwarePresent: boolean; stdcall;
begin
  result:=false;
  try
    asm
      mov eax, 564D5868h
      mov ebx, 00000000h
      mov ecx, 0000000Ah
      mov edx, 00005658h
      in eax, dx  //VMware intercepts IN instructions to port 0x5658 with a value of 0x564D5868 in EAX.
      cmp ebx, 564D5868h
      jne @@end
      mov result, true
    @@end:
    end;
  except
    result:=false;
  end; 
end;

function IsVPCPresent: boolean; assembler;
asm 
  push ebp 

  mov  ecx, offset @@exception_handler 
  mov  ebp, esp 

  push ebx 
  push ecx 
  push dword ptr fs:[0] 
  mov  dword ptr fs:[0], esp 

  mov  ebx, 0 // flag 
  mov  eax, 1 // VPC function number 

  // call VPC 
  db 00Fh, 03Fh, 007h, 00Bh 

  mov eax, dword ptr ss:[esp] 
  mov dword ptr fs:[0], eax 
  add esp, 8 

  test ebx, ebx 
  setz al 
  lea esp, dword ptr ss:[ebp-4] 
  mov ebx, dword ptr ss:[esp] 
  mov ebp, dword ptr ss:[esp+4] 
  add esp, 8 
  jmp @@ret 
  @@exception_handler: 
  mov ecx, [esp+0Ch] 
  mov dword ptr [ecx+0A4h], -1 // EBX = -1 -> not running, ebx = 0 -> running 
  add dword ptr [ecx+0B8h], 4 // -> skip past the detection code 
  xor eax, eax // exception is handled 
  ret 
  @@ret: 
end;

end.