Hi
Using Delphi:
1-Is there any way to know if my programs running from virtual drive?
2-Or how can I get “ATIP”
thank you.

| Сообщение посчитали полезным:

What do you mean by "virtual drive"? Something like TrueCrypt? Also, when you say "running from" do you mean "launched from"? Does this actually matter?

| Сообщение посчитали полезным:

He means virtual drive like in alcohol or daemon tools
Used in games protection

-----
Лень - это подсознательная мудрость

| Сообщение посчитали полезным:

Is there any way to know this using any language? Try to determine disk access times (like starforce does)

| Сообщение посчитали полезным:

Try to determine disk access times
How to do that?

| Сообщение посчитали полезным:

RedAbishai пишет:
Is there any way to know this using any language? Try to determine disk access times (like starforce does)

StarForce using *LOW LEVEL nATIVE ACCESS* to hardware, he enumerate you hardware and using native access, instead vendor drivers (or drivers what included in windows xp package)!
so is`t be better way:

trust vendor of Hardware or USE SHIT FROM STARFORCE Company?
[i]abatu
it is a commercial information, so learn the delphi mutch better to Bring same code!

| Сообщение посчитали полезным:

so learn the delphi mutch better to Bring same code

How to learn the Delphi? You can’t found such information in any book or help in Delphi,
And I think forums created to help each other.

| Сообщение посчитали полезным:

abatu:
How to learn the Delphi? You can’t found such information in any book or help in Delphi,
And I think forums created to help each other.

READ MSDN on Microsoft.com

May be it helps you:

!CODE NOW!

function check_driver_in_memory: boolean;
var
hFile: Thandle;
begin
result := false;
hFile := CreateFileA('\.\EngineDevice0', GENERIC_READ or GENERIC_WRITE,
FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, 0);
if (hFile <> INVALID_HANDLE_VALUE) then
begin
CloseHandle(hFile);
result := TRUE;
end;
end;

!CODE END!


"\.\EngineDevice0" - here replace that to the alcohol or daemon SCISI driver and then try to check
The names of cd-roms installed in computer, then try to compare the signs from alcohol device set!

| Сообщение посчитали полезным:

"\.\EngineDevice0" - here replace that to the alcohol or daemon SCISI driver and then try to check
The names of cd-roms installed in computer, then try to compare the signs from alcohol device set!
Sorry i didn't get what you mean!!!!
Please can you show me an example???

| Сообщение посчитали полезным:

vmware detection


sorry, not so simple translated =))

I have not verified =)

| Сообщение посчитали полезным:

The Alcohol and daemon tools using same access driver named: SPTD

Exampl.:

step 1
Check SPTD driver in the Computer Memory (function that i'll write upper)
!CODE NOW!

procedure Kernel;
begin
if check_driver_in_memory then
// start your function if found
Else
exit; // nothing found
end;

!CODE END!

Recently in post i`ll wrote:
compare the signs from alcohol device set
~~~~~~~~~~~~~~~~~~~~~~~~~~~

then you install alcohol cd/dvd emulator he install the driver and in alcohol you may select numbers of devices (cd/dvd) and <b>NAME</b> of CD/DVD-rom (see alcohol setting!), collect 10 or 20 name set and compare!

"\.\EngineDevice0" - here insert the sptd driver name in memory,
ill not have a pc and not give you now a proper name of driver.


ps: sorry for my 'low level' english - im russian ( and I`ll write it in the pocket PC - using pen, then using program and transtale 'hand - write' to symbols and post here )

| Сообщение посчитали полезным:

sER пишет:
vmware detection

he ask a emulator cd/dvd, not a vmdetection in TASM

joke:
try to detect a real pc or die fixing you ripper brain!

:that is more simple in C

!code now!

#include <windows.h>

#define VM "vmware"
#define VM_DETECTED "detected"
#define VM_NOT_DETECTED "not detected"
#define VM_NOT_RECOGNZD "detected, but not recognized"

__declspec(naked) get_vm()
{
__asm{
mov ecx, 0Ah ; get_version
mov eax, 564d5868h; 'VMXh' ; magic
mov dx, 5658h; 'VX' ; magic

in eax, dx ; specially processed io cmd
; output: EAX/EBX/ECX = data
cmp ebx, 'VMXh' ;
je under_VMware ;under_VMware
xor eax,eax
ret
under_VMware:
ret
}
}

main()
{

__try { printf("%s %s\n",VM, (get_vm())?VM_DETECTED:VM_NOT_RECOGNZD); }

__except(1) {printf("%s %s\n",VM, VM_NOT_DETECTED);}


!code end!

writed by kris kaspersky

| Сообщение посчитали полезным:

First of all
1-I appreciative your efforts.
2-You can post in Russian I understand it but can’t write.
3-The most important didn’t work:

function check_driver_in_memory: boolean;
var
hFile: Thandle;
begin
result := false;
hFile := CreateFileA('\.\sptd.sys', GENERIC_READ or GENERIC_WRITE,
FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, 0);
if (hFile <> INVALID_HANDLE_VALUE) then
begin
CloseHandle(hFile);
result := TRUE;
end;
end;

procedure Kernel;
begin
if check_driver_in_memory then
showmessage('Detected');
Else
exit; // nothing found
end;

then on button click
Kernel;

but nothing had happened, what I’m doing wrong?
thank you.

| Сообщение посчитали полезным:

1) remove .sys from line
2) sptd.sys - hooks access to the all that have name sptd
3) my function work fine, but driver (sptd.sys) try to resist indefication on hard drive (try to load alcohol and exit, then go to "windows\system32\drivers" and try access to sptd.sys - try to open in notepad :s1
4) If you have advanced knowlege in hooks, injection - it is no problem to bring UNHOOKER code...
5) if you NOT pass 4 step try to find and using "RkU3.7.300.502.zip"
6) RkU is ROOTKIT UNHOOKER - try to unhook api hooked by sptd.sys

| Сообщение посчитали полезным:

to abatu:

You try to UNDERSTEND a HARD WISDOM Knowlege, WhERE IS NO PUBLICK CODE AND NOBODY HELPS WRITE IT !

Where a many others targets to test: Virtual CD <9.0, Farstone Virtual cd 11.x, Game Jake 5.x, Elby Clone CD/dvd

and finally i'll repeat to you TWICE: WHAT INFORMATION IS NOT FOR PUBLIC and COST MANY $$$$$$

because if you have some CODE sniplet how to detect eMULATOR SALE it in STARFORCES and SECUROM VENDORS

ps: MY CODE 200% WORK - ill using it in my own projects....

| Сообщение посчитали полезным:

G00ba
Please check your Личные сообщения.

| Сообщение посчитали полезным: