From 34d4a2e1c4e6181ecd178116a5f2f77e5c67cf5d Mon Sep 17 00:00:00 2001 From: CyberGreg05 Date: Tue, 27 Feb 2024 19:13:04 +0300 Subject: [PATCH] Checking raw ThermalZoneInfo performance counters with WMI --- al-khaser/Al-khaser.cpp | 1 + al-khaser/AntiVM/Generic.cpp | 13 +++++++++++++ al-khaser/AntiVM/Generic.h | 3 ++- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/al-khaser/Al-khaser.cpp b/al-khaser/Al-khaser.cpp index dbacb71..152a424 100644 --- a/al-khaser/Al-khaser.cpp +++ b/al-khaser/Al-khaser.cpp @@ -214,6 +214,7 @@ int main(int argc, char* argv[]) exec_check(®istry_services_disk_enum, TEXT("Checking Services\\Disk\\Enum entries for VM strings ")); exec_check(®istry_disk_enum, TEXT("Checking Enum\\IDE and Enum\\SCSI entries for VM strings ")); exec_check(&number_SMBIOS_tables, TEXT("Checking SMBIOS tables ")); + exec_check(&perf_raw_data_counters_thermalzoneinfo_wmi, TEXT("Checking raw ThermalZoneInfo performance counters with WMI ")); } /* VirtualBox Detection */ diff --git a/al-khaser/AntiVM/Generic.cpp b/al-khaser/AntiVM/Generic.cpp index 03c7702..ff0e378 100755 --- a/al-khaser/AntiVM/Generic.cpp +++ b/al-khaser/AntiVM/Generic.cpp @@ -2011,4 +2011,17 @@ BOOL number_SMBIOS_tables() free(smbios); } return result; +} + +/* +Check Win32_PerfRawData_Counters_ThermalZoneInformation for entries +*/ +BOOL perf_raw_data_counters_thermalzoneinfo_wmi() +{ + int count = wmi_query_count(_T("SELECT * FROM Win32_PerfRawData_Counters_ThermalZoneInformation")); + if (count == 0) + { + return TRUE; + } + return FALSE; } \ No newline at end of file diff --git a/al-khaser/AntiVM/Generic.h b/al-khaser/AntiVM/Generic.h index 3d9c4d9..85341ed 100755 --- a/al-khaser/AntiVM/Generic.h +++ b/al-khaser/AntiVM/Generic.h @@ -49,4 +49,5 @@ BOOL cim_voltagesensor_wmi(); BOOL pirated_windows(); BOOL registry_services_disk_enum(); BOOL registry_disk_enum(); -BOOL number_SMBIOS_tables(); \ No newline at end of file +BOOL number_SMBIOS_tables(); +BOOL perf_raw_data_counters_thermalzoneinfo_wmi(); \ No newline at end of file