pwn1sher/vmware-detect.cpp

## vmware-detect.cpp

#include <stdio.h>
#include <comadmin.h>
#include <wbemidl.h>
#include <comdef.h>
#include <comutil.h>
#include "StrSafe.h"
#include "common.h"  // -> vss-common.h

// Credits to below repo
// https://github.com/shabbireee07/test/blob/541abd10a01da56c5f16582cd32d67114ec22a5c/qga/vss-win32/vss-common.h


#define VSS_PROVIDER_NAME "VMware Snapshot Provider"
#define VSS_PROVIDER_LNAME L(VSS_PROVIDER_NAME)

// can detect Qemu and other emulators too
/*

#define QGA_PROVIDER_NAME "QEMU Guest Agent VSS Provider"
#define QGA_PROVIDER_LNAME L(QGA_PROVIDER_NAME)

*/

void errmsg(DWORD err, const char* text)
{

}

#define _chk(hr, status, msg, err_label)        \
    do {                                        \
        hr = (status);                          \
        if (FAILED(hr)) {                       \
            errmsg(hr, msg);                    \
            goto err_label;                     \
        }                                       \
    } while (0)

#define chk(status) _chk(hr, status, "Failed to " #status, out)

static HRESULT VSSProviderFind(
    HRESULT(*found)(ICatalogCollection*, int, void*), void* arg)
{
    HRESULT hr;
    COMInitializer initializer;
    COMPointer<IUnknown> pUnknown;
    COMPointer<ICOMAdminCatalog2> pCatalog;
    COMPointer<ICatalogCollection> pColl;
    COMPointer<ICatalogObject> pObj;
    _variant_t var;
    long i, n;
    BOOL flag;

    chk(CoCreateInstance(CLSID_COMAdminCatalog, NULL, CLSCTX_INPROC_SERVER,
        IID_IUnknown, (void**)pUnknown.replace()));
    chk(pUnknown->QueryInterface(IID_ICOMAdminCatalog2,
        (void**)pCatalog.replace()));

    chk(pCatalog->GetCollection(_bstr_t(L"Applications"),
        (IDispatch**)pColl.replace()));

    chk(pColl->Populate());


    printf(" [*] Listing COM+ Applications Catalog\n");
    chk(pColl->get_Count(&n));
    for (i = n - 1; i >= 0; i--) {
        chk(pColl->get_Item(i, (IDispatch**)pObj.replace()));

        chk(pObj->get_Value(_bstr_t(L"Name"), &var));


        if (V_VT(&var) == VT_BSTR)
        {
            char* p = ( char*)(_bstr_t)var;
            printf("  - Application Name: %s\n", p);
        }

        if (var == _variant_t(VSS_PROVIDER_LNAME)) {
            flag = TRUE;
            if (FAILED(found(pColl, i, arg))) {
                goto out;
            }
        }

    }
    chk(pColl->SaveChanges(&n));


    if (flag) {

        printf(" [*] You are inside VMWare Environment\n");
    }
out:
    return hr;
}


static HRESULT MaintainCount(ICatalogCollection* coll, int i, void* arg)
{
    (*(int*)arg)++;
    return S_OK;
}

void main() {
    int count = 0;
    VSSProviderFind(MaintainCount, (void*)&count);
}

	#include <stdio.h>
	#include <comadmin.h>
	#include <wbemidl.h>
	#include <comdef.h>
	#include <comutil.h>
	#include "StrSafe.h"
	#include "common.h" // -> vss-common.h

	// Credits to below repo
	// https://github.com/shabbireee07/test/blob/541abd10a01da56c5f16582cd32d67114ec22a5c/qga/vss-win32/vss-common.h


	#define VSS_PROVIDER_NAME "VMware Snapshot Provider"
	#define VSS_PROVIDER_LNAME L(VSS_PROVIDER_NAME)

	// can detect Qemu and other emulators too
	/*

	#define QGA_PROVIDER_NAME "QEMU Guest Agent VSS Provider"
	#define QGA_PROVIDER_LNAME L(QGA_PROVIDER_NAME)

	*/

	void errmsg(DWORD err, const char* text)
	{

	}

	#define _chk(hr, status, msg, err_label) \
	do { \
	hr = (status); \
	if (FAILED(hr)) { \
	errmsg(hr, msg); \
	goto err_label; \
	} \
	} while (0)

	#define chk(status) _chk(hr, status, "Failed to " #status, out)

	static HRESULT VSSProviderFind(
	HRESULT(found)(ICatalogCollection, int, void), void arg)
	{
	HRESULT hr;
	COMInitializer initializer;
	COMPointer<IUnknown> pUnknown;
	COMPointer<ICOMAdminCatalog2> pCatalog;
	COMPointer<ICatalogCollection> pColl;
	COMPointer<ICatalogObject> pObj;
	_variant_t var;
	long i, n;
	BOOL flag;

	chk(CoCreateInstance(CLSID_COMAdminCatalog, NULL, CLSCTX_INPROC_SERVER,
	IID_IUnknown, (void**)pUnknown.replace()));
	chk(pUnknown->QueryInterface(IID_ICOMAdminCatalog2,
	(void**)pCatalog.replace()));

	chk(pCatalog->GetCollection(_bstr_t(L"Applications"),
	(IDispatch**)pColl.replace()));

	chk(pColl->Populate());



	printf(" [*] Listing COM+ Applications Catalog\n");
	chk(pColl->get_Count(&n));
	for (i = n - 1; i >= 0; i--) {
	chk(pColl->get_Item(i, (IDispatch**)pObj.replace()));

	chk(pObj->get_Value(_bstr_t(L"Name"), &var));


	if (V_VT(&var) == VT_BSTR)
	{
	char* p = ( char*)(_bstr_t)var;
	printf(" - Application Name: %s\n", p);
	}

	if (var == _variant_t(VSS_PROVIDER_LNAME)) {
	flag = TRUE;
	if (FAILED(found(pColl, i, arg))) {
	goto out;
	}
	}

	}
	chk(pColl->SaveChanges(&n));


	if (flag) {

	printf(" [*] You are inside VMWare Environment\n");
	}
	out:
	return hr;
	}


	static HRESULT MaintainCount(ICatalogCollection* coll, int i, void* arg)
	{
	((int)arg)++;
	return S_OK;
	}

	void main() {
	int count = 0;
	VSSProviderFind(MaintainCount, (void*)&count);
	}