?
Solved

translate some functions from c++ to delphi

Posted on 2008-11-08
2
Medium Priority
?
246 Views
Last Modified: 2012-05-05
hi im writing a exe packer and i found some interesting codes in c++, to evade someone debug my project, because i not a c++ coder, i ask is someone can translate this functions for me

[code]
bool IsAnubis()
{
      PROCESSENTRY32 pe32;
      pe32.dwSize = sizeof(PROCESSENTRY32);
      DWORD PID = 0, PPID = 0, expPID = 0;
      HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
      if(Process32First(hSnapshot, &pe32))
      {
            while(Process32Next(hSnapshot, &pe32))
            {
                  PID = pe32.th32ProcessID;
                  if(PID == GetCurrentProcessId())
                  {
                        PPID = pe32.th32ParentProcessID;
                  }
                  if(!strcmp(pe32.szExeFile, "explorer.exe"))
                  {
                        expPID = pe32.th32ProcessID;
                  }
            }
            CloseHandle(hSnapshot);
      }
      if(PPID != expPID)
      {
            return TRUE;
      }
      else
      {
            return FALSE;
      }
}

bool IsNormanSandBox()
{
      CHAR szUserName[MAX_PATH];
      DWORD dwUserNameSize = sizeof(szUserName);
      GetUserName(szUserName, &dwUserNameSize);
      if(!strcmp(szUserName, "CurrentUser"))
      {
            return TRUE;
      }
      else
      {
            return FALSE;
      }
}

bool IsSunbeltSandBox()
{
      CHAR szFileName[MAX_PATH];
      GetModuleFileName(NULL, szFileName, MAX_PATH);
      if(!strcmp(szFileName, "C:\\file.exe"))
      {
            return TRUE;
      }
      else
      {
            return FALSE;
      }
}

bool IsVirtualPC()
{
      __try
      {
            __asm
            {
                  mov eax, 1
                  _emit 0x0F
                  _emit 0x3F
                  _emit 0x07
                  _emit 0x0B
                  _emit 0xC7
                  _emit 0x45
                  _emit 0xFC
                  _emit 0xFF
                  _emit 0xFF
                  _emit 0xFF
                  _emit 0xFF
            }
      }
      __except(1)
      {
            return FALSE;
      }
      return TRUE;
}

bool IsVMware()
{
      DWORD _EBX;
      __try
      {
            __asm
            {
                  push ebx
                  mov eax, 0x564D5868
                  mov ebx, 0x8685D465
                  mov ecx, 0x0A
                  mov dx, 0x5658
                  in eax, dx
                  mov _EBX, ebx
                  pop ebx
            }
      }
      __except(1)
      {
            return FALSE;
      }
      return _EBX == 0x564D5868;
}
[/code]

thanks in advance
0
Comment
Question by:unnamed020
2 Comments
 
LVL 13

Accepted Solution

by:
ThievingSix earned 500 total points
ID: 22914430
This should work, didn't test it though.
uses TlHelp32;
function IsAnubis: Boolean;
var
  PE32 : TProcessEntry32;
  PID, PPID, expPID : DWORD;
  hSnapShot : Cardinal;
begin
  PID := 0;
  PPID := 0;
  expPID := 0;
  hSnapShot := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS,0);
  If Process32First(hSnapShot,PE32) Then
    begin
    While Process32Next(hSnapShot,PE32) Do
      begin
      PID := PE32.th32ProcessID;
      If PID = GetCurrentProcessID Then
        begin
        PPID := PE32.th32ParentProcessID;
      end;
      If PE32.szExeFile = 'explorer.exe' Then
        begin
        expPID := PE32.th32ProcessID;
      end;
    end;
    CloseHandle(hSnapShot);
  end;
  Result := False;
  If PPID <> expPID Then
    begin
    Result := True;
  end;
end;
 
function IsNormanSandBox: Boolean;
var
  szUserName : PChar;
  dwUserNameSize : DWORD;
begin
  szUserName := AllocMem(MAX_PATH);
  dwUserNameSize := MAX_PATH;
  GetUserName(szUserName,dwUserNameSize);
  Result := True;
  If szUserName = 'CurrentUser' Then
    begin
    Result := False;
  end;
end;
 
function IsSunbeltSandBox: Boolean;
var
  szFileName : PChar;
begin
  szFileName := AllocMem(MAX_PATH);
  GetModuleFileName(0,szFileName,MAX_PATH);
  Result := True;
  If szFileName = 'C:\file.exe' Then
    begin
    Result := False;
  end;
end;
 
function IsVirtualPC: Boolean;
begin
  Try
    asm
      mov eax,1
      db $0F
      db $3F
      db $07
      db $0B
      db $C7
      db $45
      db $FC
      db $FF
      db $FF
      db $FF
      db $FF
    end;
  Except
    Result := False;
    Exit;
  end;
  Result := True;
end;
 
 
function IsVMWare: Boolean;
var
  _EBX : DWORD;
begin
  Try
    asm
      push ebx
      mov eax,$564D5868
      mov ebx,$8685D465
      mov ecx,$0A
      mov dx,$5658
      in eax,dx
      mov _EBX,ebx
      pop ebx
    end;
  Except
    Result := False;
    Exit;
  end;
  Result := (_EBX = $564D5868);
end;

Open in new window

0
 

Author Closing Comment

by:unnamed020
ID: 31514743
thanks a lot man!! :)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
Introduction Raise your hands if you were as upset with FireMonkey as I was when I discovered that there was no TListview.  I use TListView in almost all of my applications I've written, and I was not going to compromise by resorting to TStringGrid…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question