unnamed020
asked on
translate some functions from c++ to delphi
hi im writing a exe packer and i found some interesting codes in c++, to evade someone debug my project, because i not a c++ coder, i ask is someone can translate this functions for me
[code]
bool IsAnubis()
{
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
DWORD PID = 0, PPID = 0, expPID = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot(T H32CS_SNAP PROCESS, 0);
if(Process32First(hSnapsho t, &pe32))
{
while(Process32Next(hSnaps hot, &pe32))
{
PID = pe32.th32ProcessID;
if(PID == GetCurrentProcessId())
{
PPID = pe32.th32ParentProcessID;
}
if(!strcmp(pe32.szExeFile, "explorer.exe"))
{
expPID = pe32.th32ProcessID;
}
}
CloseHandle(hSnapshot);
}
if(PPID != expPID)
{
return TRUE;
}
else
{
return FALSE;
}
}
bool IsNormanSandBox()
{
CHAR szUserName[MAX_PATH];
DWORD dwUserNameSize = sizeof(szUserName);
GetUserName(szUserName, &dwUserNameSize);
if(!strcmp(szUserName, "CurrentUser"))
{
return TRUE;
}
else
{
return FALSE;
}
}
bool IsSunbeltSandBox()
{
CHAR szFileName[MAX_PATH];
GetModuleFileName(NULL, szFileName, MAX_PATH);
if(!strcmp(szFileName, "C:\\file.exe"))
{
return TRUE;
}
else
{
return FALSE;
}
}
bool IsVirtualPC()
{
__try
{
__asm
{
mov eax, 1
_emit 0x0F
_emit 0x3F
_emit 0x07
_emit 0x0B
_emit 0xC7
_emit 0x45
_emit 0xFC
_emit 0xFF
_emit 0xFF
_emit 0xFF
_emit 0xFF
}
}
__except(1)
{
return FALSE;
}
return TRUE;
}
bool IsVMware()
{
DWORD _EBX;
__try
{
__asm
{
push ebx
mov eax, 0x564D5868
mov ebx, 0x8685D465
mov ecx, 0x0A
mov dx, 0x5658
in eax, dx
mov _EBX, ebx
pop ebx
}
}
__except(1)
{
return FALSE;
}
return _EBX == 0x564D5868;
}
[/code]
thanks in advance
[code]
bool IsAnubis()
{
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
DWORD PID = 0, PPID = 0, expPID = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot(T
if(Process32First(hSnapsho
{
while(Process32Next(hSnaps
{
PID = pe32.th32ProcessID;
if(PID == GetCurrentProcessId())
{
PPID = pe32.th32ParentProcessID;
}
if(!strcmp(pe32.szExeFile,
{
expPID = pe32.th32ProcessID;
}
}
CloseHandle(hSnapshot);
}
if(PPID != expPID)
{
return TRUE;
}
else
{
return FALSE;
}
}
bool IsNormanSandBox()
{
CHAR szUserName[MAX_PATH];
DWORD dwUserNameSize = sizeof(szUserName);
GetUserName(szUserName, &dwUserNameSize);
if(!strcmp(szUserName, "CurrentUser"))
{
return TRUE;
}
else
{
return FALSE;
}
}
bool IsSunbeltSandBox()
{
CHAR szFileName[MAX_PATH];
GetModuleFileName(NULL, szFileName, MAX_PATH);
if(!strcmp(szFileName, "C:\\file.exe"))
{
return TRUE;
}
else
{
return FALSE;
}
}
bool IsVirtualPC()
{
__try
{
__asm
{
mov eax, 1
_emit 0x0F
_emit 0x3F
_emit 0x07
_emit 0x0B
_emit 0xC7
_emit 0x45
_emit 0xFC
_emit 0xFF
_emit 0xFF
_emit 0xFF
_emit 0xFF
}
}
__except(1)
{
return FALSE;
}
return TRUE;
}
bool IsVMware()
{
DWORD _EBX;
__try
{
__asm
{
push ebx
mov eax, 0x564D5868
mov ebx, 0x8685D465
mov ecx, 0x0A
mov dx, 0x5658
in eax, dx
mov _EBX, ebx
pop ebx
}
}
__except(1)
{
return FALSE;
}
return _EBX == 0x564D5868;
}
[/code]
thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER