Option Explicit
'---------------------------------------------------------------------------------------
' Module : mVirtualized
' Author : Karcrack
' Date : 09/09/09
' Used for? : Detect Virtualized Machines... like VMWare/V.PC/QEmu...
' Tested On :
' - Virtual PC 2007, 1.0 (Tested by: KIASH!)
' - VMWare ,6.5.3.185404 (Tested by: SkyWeb!)
'
' Reference :
' :http://www.cs.nps.navy.mil/people/faculty/irvine/publications/2000/VMM-usenix00-0611.pdf
' :http://invisiblethings.org/papers/redpill.html
' :http://www.ntsecurity.nu/onmymind/2007/2007-02-27.html
' :http://blog.assarbad.net/wp-content/uploads/2006/11/redpill_getting_colorless.pdf
'---------------------------------------------------------------------------------------
'USER32
Private Declare Function CallThunk8 Lib "USER32" Alias "CallWindowProcW" (ByRef cThunk As Currency, Optional ByVal Param1 As Long, Optional ByVal Param2 As Long, Optional ByVal Param3 As Long, Optional ByVal Param4 As Long) As Long
Public Function ImVirtualized() As Boolean
Dim tIDT(2 + 4) As Byte
' mov ecx, [esp+4]\
' sidt [ecx] |->; -439297879751758.3221@
' retn /
Call CallThunk8(-439297879751758.3221@, ByVal VarPtr(tIDT(0)))
ImVirtualized = (tIDT(5) > &HD0)
End Functionhttp://www.advancevb.com.ar/?p=332
Es muy recomendable leer los links citados en los comentarios para mas info sobre el tema :D
Cualquier duda... preguntar! ;)
Saludos ::)