solaritygh/explanation.md

## explanation.md

      
    Raw
  

              explanation.md
            
          
    Basically, it's checking for both VMWare Tools and VBox Guest Additions.
Just a side project. Please don't use this for malicious purposes.

  
## main.py
import subprocess
import platform
import winreg

def get_running_processes():
    if platform.system().startsWith("Windows"):
        cmd = "tasklist"
        result = subprocess.check_output(cmd, shell=True).decode()
    else:
        print(f"Doesn't work on {platform.system()}")
        exit()
    return result

def check_registry_keys():
    vmware_key = r'SOFTWARE\VMWare, Inc.\VMWare Tools'
    virtualbox_key = r'SOFTWARE\Oracle\VirtualBox Guest Additions'

    vmware_installed = False
    virtualbox_installed = False

    try:
        reg = winreg.ConnectRegistry(None, winreg.HKEY_LOCAL_MACHINE)

        try:
            winreg.OpenKey(reg, vmware_key)
            vmware_installed = True
        except FileNotFoundError:
            pass

        try:
            winreg.OpenKey(reg, virtualbox_key)
            virtualbox_installed = True
        except FileNotFoundError:
            pass
    except Exception as e:
        print(f"An error occurred while accessing the registry: {e}")

    return vmware_installed, virtualbox_installed

def check_virtualbox_and_vmware_processes(processes):
    virtualbox_processes = ["vboxservice", "VBoxTray", "VBoxClient", "VBoxControl"]
    vmware_processes = ["vmtoolsd", "vmwaretray", "vmwareuser"]

    found_virtualbox_process = any(process.lower() in processes.lower() for process in virtualbox_processes)
    found_vmware_process = any(process.lower() in processes.lower() for process in vmware_processes)

    return found_virtualbox_process, found_vmware_process

def detect_fake_vm_service():
    processes = get_running_processes()
    vmware_installed, virtualbox_installed = check_registry_keys()
    found_virtualbox_process, found_vmware_process = check_virtualbox_and_vmware_processes(processes)

    if vmware_installed and virtualbox_installed:
        if found_virtualbox_process and found_vmware_process:
            print("Fake VM detected: Both VMware and VirtualBox services are running.")
        else:
            print("Both VMware and VirtualBox are installed, but services are not running.")
    else:
        print("Not a fake VM: Either VMware or VirtualBox is not installed.")

if __name__ == "__main__":
    detect_fake_vm_service()
	import subprocess
	import platform
	import winreg

	def get_running_processes():
	if platform.system().startsWith("Windows"):
	cmd = "tasklist"
	result = subprocess.check_output(cmd, shell=True).decode()
	else:
	print(f"Doesn't work on {platform.system()}")
	exit()
	return result

	def check_registry_keys():
	vmware_key = r'SOFTWARE\VMWare, Inc.\VMWare Tools'
	virtualbox_key = r'SOFTWARE\Oracle\VirtualBox Guest Additions'

	vmware_installed = False
	virtualbox_installed = False

	try:
	reg = winreg.ConnectRegistry(None, winreg.HKEY_LOCAL_MACHINE)

	try:
	winreg.OpenKey(reg, vmware_key)
	vmware_installed = True
	except FileNotFoundError:
	pass

	try:
	winreg.OpenKey(reg, virtualbox_key)
	virtualbox_installed = True
	except FileNotFoundError:
	pass
	except Exception as e:
	print(f"An error occurred while accessing the registry: {e}")

	return vmware_installed, virtualbox_installed

	def check_virtualbox_and_vmware_processes(processes):
	virtualbox_processes = ["vboxservice", "VBoxTray", "VBoxClient", "VBoxControl"]
	vmware_processes = ["vmtoolsd", "vmwaretray", "vmwareuser"]

	found_virtualbox_process = any(process.lower() in processes.lower() for process in virtualbox_processes)
	found_vmware_process = any(process.lower() in processes.lower() for process in vmware_processes)

	return found_virtualbox_process, found_vmware_process

	def detect_fake_vm_service():
	processes = get_running_processes()
	vmware_installed, virtualbox_installed = check_registry_keys()
	found_virtualbox_process, found_vmware_process = check_virtualbox_and_vmware_processes(processes)

	if vmware_installed and virtualbox_installed:
	if found_virtualbox_process and found_vmware_process:
	print("Fake VM detected: Both VMware and VirtualBox services are running.")
	else:
	print("Both VMware and VirtualBox are installed, but services are not running.")
	else:
	print("Not a fake VM: Either VMware or VirtualBox is not installed.")

	if __name__ == "__main__":
	detect_fake_vm_service()