/*
Check against virtualbox registry keys
*/
VOID vbox_check_registry_keys()
{
/* Array of strings of blacklisted registry keys */
TCHAR* szKeys[] = {
_T("HARDWARE\\ACPI\\RSDT\\VBOX__"),
_T("HARDWARE\\ACPI\\FADT\\VBOX__"),
_T("HARDWARE\\ACPI\\RSDT\\VBOX__"),
_T("SOFTWARE\\Oracle\\VirtualBox Guest Additions"),
_T("SYSTEM\\ControlSet001\\Services\\VBoxGuest"),
_T("SYSTEM\\ControlSet001\\Services\\VBoxMouse"),
_T("SYSTEM\\ControlSet001\\Services\\VBoxService"),
_T("SYSTEM\\ControlSet001\\Services\\VBoxSF"),
_T("SYSTEM\\ControlSet001\\Services\\VBoxVideo")
};
WORD dwlength = sizeof(szKeys) / sizeof(szKeys[0]);
/* Check one by one */
for (int i = 0; i < dwlength; i++)
{
_tprintf(TEXT("[*] Checking reg key %s: "), szKeys[i]);
if (Is_RegKeyExists(HKEY_LOCAL_MACHINE, szKeys[i]))
print_detected();
else
print_not_detected();
}
}
/*
Check against VMWare registry keys
*/
VOID vmware_reg_keys()
{
/* Array of strings of blacklisted registry keys */
TCHAR* szKeys[] = {
_T("SOFTWARE\\VMware, Inc.\\VMware Tools"),
};
WORD dwlength = sizeof(szKeys) / sizeof(szKeys[0]);
/* Check one by one */
for (int i = 0; i < dwlength; i++)
{
_tprintf(TEXT("[*] Checking reg key %s: "), szKeys[i]);
if (Is_RegKeyExists(HKEY_LOCAL_MACHINE, szKeys[i]))
print_detected();
else
print_not_detected();
}
}
