/* Check against virtualbox registry keys */ VOID vbox_check_registry_keys() { /* Array of strings of blacklisted registry keys */ TCHAR* szKeys[] = { _T("HARDWARE\\ACPI\\RSDT\\VBOX__"), _T("HARDWARE\\ACPI\\FADT\\VBOX__"), _T("HARDWARE\\ACPI\\RSDT\\VBOX__"), _T("SOFTWARE\\Oracle\\VirtualBox Guest Additions"), _T("SYSTEM\\ControlSet001\\Services\\VBoxGuest"), _T("SYSTEM\\ControlSet001\\Services\\VBoxMouse"), _T("SYSTEM\\ControlSet001\\Services\\VBoxService"), _T("SYSTEM\\ControlSet001\\Services\\VBoxSF"), _T("SYSTEM\\ControlSet001\\Services\\VBoxVideo") }; WORD dwlength = sizeof(szKeys) / sizeof(szKeys[0]); /* Check one by one */ for (int i = 0; i < dwlength; i++) { _tprintf(TEXT("[*] Checking reg key %s: "), szKeys[i]); if (Is_RegKeyExists(HKEY_LOCAL_MACHINE, szKeys[i])) print_detected(); else print_not_detected(); } }
/* Check against VMWare registry keys */ VOID vmware_reg_keys() { /* Array of strings of blacklisted registry keys */ TCHAR* szKeys[] = { _T("SOFTWARE\\VMware, Inc.\\VMware Tools"), }; WORD dwlength = sizeof(szKeys) / sizeof(szKeys[0]); /* Check one by one */ for (int i = 0; i < dwlength; i++) { _tprintf(TEXT("[*] Checking reg key %s: "), szKeys[i]); if (Is_RegKeyExists(HKEY_LOCAL_MACHINE, szKeys[i])) print_detected(); else print_not_detected(); } }