Merge branch 'serializingme-dev-issue15-v1' into dev-chaos

a0rtega · May 20, 2015 · 168f52c · 168f52c
2 parents ea6e3cf + 0187948
commit 168f52c
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 0 deletions.
diff --git a/pafish/main.c b/pafish/main.c
@@ -229,6 +229,14 @@ int main(void)
 	}
 	else print_not_traced();
 
+	printf("[*] Reg key (HKCU\\SOFTWARE\\Wine) ... ");
+	if (wine_reg_key1() == TRUE) {
+		write_log("Wine traced using Reg key HKCU\\SOFTWARE\\Wine");
+		print_traced();
+		write_trace("hi_wine");
+	}
+	else print_not_traced();
+
 	/* VirtualBox detection tricks */
 	printf("\n[-] VirtualBox detection\n");
 	printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");
@@ -393,6 +401,14 @@ int main(void)
 	}
 	else print_not_traced();
 
+	printf("[*] Looking for pseudo devices ... ");
+	if (vmware_devices(TRUE) == TRUE) {
+		/* Log written inside function */
+		print_traced();
+		write_trace("hi_vmware");
+	}
+	else print_not_traced();
+
 	/* Qemu detection tricks */
 	printf("\n[-] Qemu detection\n");
 	printf("[*] Scsi port->bus->target id->logical unit id-> 0 identifier ... ");

diff --git a/pafish/vmware.c b/pafish/vmware.c
@@ -1,10 +1,12 @@
 
 #include <windows.h>
 #include <string.h>
+#include <stdio.h>
 
 #include "vmware.h"
 #include "types.h"
 #include "utils.h"
+#include "common.h"
 
 int vmware_reg_key1() {
 	if ( pafish_exists_regkey_value_str(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier", "VMWARE") ||
@@ -27,3 +29,23 @@ int vmware_sysfile1() {
 int vmware_sysfile2() {
 	return pafish_exists_file("C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys");
 }
+
+int vmware_devices(int writelogs) {
+	HANDLE h;
+	const int count = 2;
+	string strs[count];
+	int res = FALSE, i = 0;
+	char message[200];
+
+	strs[0] = "\\\\.\\HGFS";
+	strs[1] = "\\\\.\\vmci";
+	for (i=0; i < count; i++) {
+		h = CreateFile(strs[i], GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
+		if (h != INVALID_HANDLE_VALUE) {
+			snprintf(message, sizeof(message)-sizeof(message[0]), "VMWare traced using device %s", strs[i]);
+			if (writelogs) write_log(message);
+			res = TRUE;
+		}
+	}
+	return res;
+}
diff --git a/pafish/vmware.h b/pafish/vmware.h
@@ -10,4 +10,6 @@ int vmware_sysfile1();
 
 int vmware_sysfile2();
 
+int vmware_devices();
+
 #endif
diff --git a/pafish/wine.c b/pafish/wine.c
@@ -3,6 +3,7 @@
 
 #include "wine.h"
 #include "types.h"
+#include "utils.h"
 
 int wine_detect_get_unix_file_name() {
 	HMODULE k32;
@@ -19,3 +20,7 @@ int wine_detect_get_unix_file_name() {
 		return FALSE;
 	}
 }
+
+int wine_reg_key1() {
+	return pafish_exists_regkey(HKEY_CURRENT_USER, "SOFTWARE\\Wine");
+}
diff --git a/pafish/wine.h b/pafish/wine.h
@@ -4,4 +4,6 @@
 
 int wine_detect_get_unix_file_name();
 
+int wine_reg_key1();
+
 #endif