刺激战场
六合彩
贵宾厅
  • 1362阅读
  • 1回复

通过取得MAC地址判断是否在VM中 [复制链接]

上一主题 下一主题
离线啊冲
 

只看楼主 倒序阅读 使用道具 楼主  发表于: 2016-02-13


自己随手写的,自测试通过:

[cpp] view plain copy

  1. bool AntiVMware::AD_VM_CheckMacAddr()  
  2. {  
  3.     const long MAX_COMMAND_SIZE = 10000;    
  4.     TCHAR szFetCmd[] = _T("ipconfig /all");// 获取MAC的命令行  
  5.   
  6.     SECURITY_ATTRIBUTES sa = {sizeof(SECURITY_ATTRIBUTES), NULL, TRUE};  
  7.   
  8.     HANDLE hReadPipe, hWritePipe; //创建管道  
  9.     BOOL bRet = CreatePipe(&hReadPipe, &hWritePipe, &sa, 0);  
  10.     if (!bRet)  
  11.     {  
  12.         return false;  
  13.     }  
  14.   
  15.     //返回进程信息  
  16.     PROCESS_INFORMATION pi;     // 返回进程信息  
  17.   
  18.     //控制命令行窗口信息  
  19.     STARTUPINFO si = {sizeof(STARTUPINFO)};  
  20.     GetStartupInfo(&si);  
  21.       
  22.     si.hStdError = hWritePipe;  
  23.     si.hStdOutput = hWritePipe;  
  24.     si.wShowWindow = SW_HIDE;   //隐藏命令行窗口  
  25.     si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;  
  26.     //创建获取命令行进程  
  27.     bRet = CreateProcess(NULL, szFetCmd, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi);  
  28.     char szBuffer[MAX_COMMAND_SIZE+1] = {0};  
  29.     CString strBuffer;  
  30.     if (bRet)  
  31.     {  
  32.         WaitForSingleObject(pi.hProcess, 100);//这里不要设为INFINITE,不然有些机器会卡死!  
  33.         unsigned long count;  
  34.         bRet = ReadFile(hReadPipe, szBuffer, MAX_COMMAND_SIZE, &count, 0);  
  35.         if (!bRet)  
  36.         {  
  37.             //关闭所有句柄  
  38.             CloseHandle(hWritePipe);  
  39.             CloseHandle(hReadPipe);  
  40.             CloseHandle(pi.hProcess);  
  41.             CloseHandle(pi.hThread);  
  42.   
  43.             return false;  
  44.         }  
  45.         else  
  46.         {  
  47.             //char szSearch1[] = "00-05-69";  
  48.             //char szSearch2[] = "00-0C-29";  
  49.             //char szSearch3[] = "00-50-56";  
  50.             //如果unicode环境内先转换成unicode  
  51.             CString strBuffer;  
  52. #ifdef UNICODE  
  53.             int len = MultiByteToWideChar(CP_ACP, 0, szBuffer,-1, NULL, 0);  
  54.             wchar_t *pBuf = new wchar_t[len+1];  
  55.             ::ZeroMemory(pBuf, len+1);  
  56.             MultiByteToWideChar(CP_ACP, 0, szBuffer, -1, pBuf, len);  
  57.             strBuffer = pBuf;  
  58.             delete[] pBuf;  
  59.             pBuf = NULL;  
  60. #else  
  61.             strBuffer = szBuffer;  
  62. #endif  
  63.             // 一行行取出来,取得第一行包括"物理地址"或"Physical Address"的内容  
  64.             // 因为如果有vmware,它的"物理地址"或"Physical Address"同样在字符串中  
  65.             // 不过在主机后面  
  66.   
  67.             int nStar = 0;  
  68.             int nEnd = 0;  
  69.             bool bFind = false; //找到mac地址那一行  
  70.             CString strChild;  
  71.             nEnd = strBuffer.Find(_T("\r\n"), nStar);  
  72.             while (nEnd != -1)  
  73.             {  
  74.                 if (nEnd != nStar)  
  75.                 {  
  76.                     strChild = strBuffer.Mid(nStar, nEnd-nStar);  
  77.                     if (-1 != strChild.Find(_T("物理地址"))||  
  78.                         -1 != strChild.Find(_T("Physical Address")))  
  79.                     {  
  80.                         bFind = true;  
  81.                         break;  
  82.                     }  
  83.                 }  
  84.   
  85.                 nStar = nEnd + 2;  
  86.                 nEnd = strBuffer.Find(_T("\r\n"), nStar);  
  87.             }  
  88.   
  89.             if (nStar != strBuffer.GetLength() &&  
  90.                 !bFind)//在未找到时,取最后的一行  
  91.             {  
  92.                 strChild = strBuffer.Right(strBuffer.GetLength() - nStar);  
  93.             }  
  94.   
  95.             //这里判断strChild是否为VMWare的Mac地址  
  96.             if (!strChild.IsEmpty())  
  97.             {  
  98.                 if (-1 != strChild.Find(_T("00-05-69"))||  
  99.                     -1 != strChild.Find(_T("00-0C-29"))||  
  100.                     -1 != strChild.Find(_T("00-50-56"))  
  101.                     )  
  102.                 {  
  103.                     //关闭所有句柄  
  104.                     CloseHandle(hWritePipe);  
  105.                     CloseHandle(hReadPipe);  
  106.                     CloseHandle(pi.hProcess);  
  107.                     CloseHandle(pi.hThread);  
  108.   
  109.                     return true;  
  110.                 }  
  111.             }  
  112.         }  
  113.     }  
  114.   
  115.   
  116.     //关闭所有句柄  
  117.     CloseHandle(hWritePipe);  
  118.     CloseHandle(hReadPipe);  
  119.     CloseHandle(pi.hProcess);  
  120.     CloseHandle(pi.hThread);  
  121.   
  122.     return false;  
  123. }  




[cpp] view plain copy

  1. bool AntiVMware::AD_VM_OtherCheckMacAddr()  
  2. {  
  3.     PIP_ADAPTER_INFO pAdapterInfo = NULL;  
  4.     TCHAR szMac[32] = {0};  
  5.   
  6.     DWORD AdapterInfoSize = 0;  
  7.     DWORD dwErr = GetAdaptersInfo(NULL, &AdapterInfoSize);  
  8.   
  9.     if (0 != dwErr &&  
  10.         ERROR_BUFFER_OVERFLOW != dwErr)  
  11.     {  
  12.         return false;  
  13.     }  
  14.   
  15.     // 分配网卡信息内存  
  16.     pAdapterInfo = (PIP_ADAPTER_INFO)GlobalAlloc(GPTR, AdapterInfoSize);  
  17.     if (NULL == pAdapterInfo)  
  18.     {  
  19.         return false;  
  20.     }  
  21.   
  22.     if (ERROR_SUCCESS != GetAdaptersInfo(pAdapterInfo, &AdapterInfoSize))  
  23.     {  
  24.         GlobalFree(pAdapterInfo);  
  25.   
  26.         return false;  
  27.     }  
  28.   
  29.     if ((0 == pAdapterInfo->Address[0])&&  
  30.         (0x05 == pAdapterInfo->Address[1])&&  
  31.         (0x69 == pAdapterInfo->Address[2]))  
  32.     {  
  33.         GlobalFree(pAdapterInfo);  
  34.   
  35.         return true;  
  36.     }  
  37.   
  38.     if ((0 == pAdapterInfo->Address[0])&&  
  39.         (0x0C == pAdapterInfo->Address[1])&&  
  40.         (0x29 == pAdapterInfo->Address[2]))  
  41.     {  
  42.         GlobalFree(pAdapterInfo);  
  43.   
  44.         return true;  
  45.     }  
  46.   
  47.     if ((0 == pAdapterInfo->Address[0])&&  
  48.         (0x50 == pAdapterInfo->Address[1])&&  
  49.         (0x56 == pAdapterInfo->Address[2]))  
  50.     {  
  51.         GlobalFree(pAdapterInfo);  
  52.   
  53.         return true;  
  54.     }  
  55.   
  56.     GlobalFree(pAdapterInfo);  
  57.     return false;  
  58. }  

善者 慈悲心常在 无怨无恨 以苦为乐
默认压缩密码www.hifyl.com
文件分享密码问题:http://www.hifyl.com/read-htm-tid-4444.html
离线v2680267313

只看该作者 沙发  发表于: 2016-04-30
用户被禁言,该主题自动屏蔽!
快速回复
限100 字节
如果您提交过一次失败了,可以用”恢复数据”来恢复帖子内容
 
上一个 下一个