Anti-VM by querying registry data in "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet{number}\Services\Disk\Enum\0"

brad-sp / cuckoomon-modified

Modified edition of cuckoomon

GNU General Public License v3.0

23 stars 15 forks source link

Anti-VM by querying registry data in "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet{number}\Services\Disk\Enum\0" #4

Closed MerX1030 closed 9 years ago

MerX1030 commented 9 years ago

do we have anti-anti-vm solution for the following:

RegQueryValueEx the entry "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet{number}\Services\Disk\Enum\0" and check for the following strings: VIRTUAL, VMWARE, VBOX, QEMU

Thanks!

brad-sp commented 9 years ago

We do now, thanks! https://github.com/brad-accuvant/cuckoomon-modified/commit/286c79882340b883db3ddd637b13ad81f42385a0 https://github.com/brad-accuvant/community-modified/commit/3141ad0dbdc9a501045e6226e62f3e81b299570f

MerX1030 commented 9 years ago

So fast! Will let you know when something comes up again. :)