Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Detect software-based Virtual Machine in VB6
Public Function VirtualMachineProtect() As Boolean
'VMs are easily detectable by registry and library checkup
On Error Resume Next
Dim hKey As Long, hOpen As Long, hQuery As Long, hSnapShot As Long
Dim me32 As MODULEENTRY32
Dim szBuffer As String * 128
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId)
me32.dwSize = Len(me32)
Module32First hSnapShot, me32
Do While Module32Next(hSnapShot, me32) <> 0
If InStr(1, LCase(me32.szModule), "sbiedll.dll") > 0 Then 'Sandboxie
VirtualMachineProtect = true
ElseIf InStr(1, LCase(me32.szModule), "dbghelp.dll") > 0 Then 'ThreatExpert
VirtualMachineProtect = true
End If
Loop
CloseHandle (hSnapShot)
If VirtualMachineProtect = False Then
hOpen = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion", 0, KEY_ALL_ACCESS, hKey)
If hOpen = 0 Then
hQuery = RegQueryValueEx(hKey, "ProductId", 0, REG_SZ, szBuffer, 128)
If hQuery = 0 Then
If InStr(1, szBuffer, "76487-337-8429955-22614") > 0 Then 'Anubis
VirtualMachineProtect = true
ElseIf InStr(1, szBuffer, "76487-644-3177037-23510") > 0 Then 'CWSandbox
VirtualMachineProtect = true
ElseIf InStr(1, szBuffer, "55274-640-2673064-23950") > 0 Then 'JoeBox
VirtualMachineProtect = true
End If
End If
End If
RegCloseKey (hKey)
End If
End Function
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.