Using exception handlers in MASM (To detect a Virtual Machine)

[pcMike]

I want my Win32 application to detect if it is running under Virtual PC or VMware, and found a how-to guide on it here:

http://www.codeproject.com/Articles/9823/Detect-if-your-program-is-running-inside-a-Virtual

They provide example code in C++ (with inline asm)  but I don't know how to convert the exception handlers into asm. Can someone show me how it's done?

How to detect Virtual PC

Code Select Expand


// IsInsideVPC's exception filter
DWORD __forceinline IsInsideVPC_exceptionFilter(LPEXCEPTION_POINTERS ep)
{
  PCONTEXT ctx = ep->ContextRecord;

  ctx->Ebx = -1; // Not running VPC
  ctx->Eip += 4; // skip past the "call VPC" opcodes
  return EXCEPTION_CONTINUE_EXECUTION;
  // we can safely resume execution since we skipped faulty instruction
}

// High level language friendly version of IsInsideVPC()
bool IsInsideVPC()
{
  bool rc = false;

  __try
  {
    _asm push ebx
    _asm mov  ebx, 0 // It will stay ZERO if VPC is running
    _asm mov  eax, 1 // VPC function number

    // call VPC
    _asm __emit 0Fh
    _asm __emit 3Fh
    _asm __emit 07h
    _asm __emit 0Bh

    _asm test ebx, ebx
    _asm setz [rc]
    _asm pop ebx
  }
  // The except block shouldn't get triggered if VPC is running!!
  __except(IsInsideVPC_exceptionFilter(GetExceptionInformation()))
  {
  }

  return rc;
}



How to detect VMWare

Code Select Expand


bool IsInsideVMWare()
{
  bool rc = true;

  __try
  {
    __asm
    {
      push   edx
      push   ecx
      push   ebx

      mov    eax, 'VMXh'
      mov    ebx, 0 // any value but not the MAGIC VALUE
      mov    ecx, 10 // get VMWare version
      mov    edx, 'VX' // port number

      in     eax, dx // read port
                     // on return EAX returns the VERSION
      cmp    ebx, 'VMXh' // is it a reply from VMWare?
      setz   [rc] // set return value

      pop    ebx
      pop    ecx
      pop    edx
    }
  }
  __except(EXCEPTION_EXECUTE_HANDLER)
  {
    rc = false;
  }

  return rc;
}


Mike

[qWord]

you need to set up an exception handler (SEH) for that. Look here: http://www.masmforum.com/board/index.php?topic=12908.0

[Magnum]

I have not been able to get any VmWare working yet, so I can't test this.

Could someone test this for me and let me know which o.s. you used as well ?

Vielen Dank,
                      Andy

Code Select Expand


; Detect if under VmWare
;
; Det_VmWare.asm  by Prof4
;
include \masm32\include\masm32rt.inc   

.data
   
WaterMark   db  "SiegeWorks 2013 ð__ð" ; Alt 240 char
%Date       db  " &@Date " ; Compile date
%time       db  " &@Time"
%version    db  " Masm Version &@Version"

.data?

.code

assume fs:nothing


start:

; Setting a new Structured Exception Handling

xor eax, eax                      ; zero out eax register
push offset SEH_handler   ; put the stack pointer to the new handler
push dword ptr fs: [eax]   ; put the stack pointer to the old handler
mov fs: [eax], esp             ; register new SEH-handler


mov eax, 564D5868h ; VMware hypervisor magic value
mov ecx, 10                ; command for obtaining VMWare version information
mov dx, 5658h           ; VMWARE_HYPERVISOR_PORT
in eax, dx                   ; Read from port

SEH_handler:

mov esi, [esp +0ch]; context pointer register

assume esi: PTR CONTEXT
mov [esi]. regEip, offset continue

continue:

invoke ExitProcess,0

end     start



[x64Core]

I have not been able to get any VmWare working yet, so I can't test this.

Could someone test this for me and let me know which o.s. you used as well ?

Vielen Dank,
                      Andy

Code Select Expand


; Detect if under VmWare
;
; Det_VmWare.asm  by Prof4
;
include \masm32\include\masm32rt.inc   

.data
   
WaterMark   db  "SiegeWorks 2013 ð__ð" ; Alt 240 char
%Date       db  " &@Date " ; Compile date
%time       db  " &@Time"
%version    db  " Masm Version &@Version"

.data?

.code

assume fs:nothing


start:

; Setting a new Structured Exception Handling

xor eax, eax                      ; zero out eax register
push offset SEH_handler   ; put the stack pointer to the new handler
push dword ptr fs: [eax]   ; put the stack pointer to the old handler
mov fs: [eax], esp             ; register new SEH-handler


mov eax, 564D5868h ; VMware hypervisor magic value
mov ecx, 10                ; command for obtaining VMWare version information
mov dx, 5658h           ; VMWARE_HYPERVISOR_PORT
in eax, dx                   ; Read from port

SEH_handler:

mov esi, [esp +0ch]; context pointer register

assume esi: PTR CONTEXT
mov [esi]. regEip, offset continue

continue:

invoke ExitProcess,0

end     start



Hello,

Code is working on WMWare 8 + Windows XP SP3