通过取得MAC地址判断是否在VM中

自己随手写的，自测试通过:

bool AntiVMware::AD_VM_CheckMacAddr()
{
	const long MAX_COMMAND_SIZE = 10000;  
	TCHAR szFetCmd[] = _T("ipconfig /all");// 获取MAC的命令行

	SECURITY_ATTRIBUTES sa = {sizeof(SECURITY_ATTRIBUTES), NULL, TRUE};

	HANDLE hReadPipe, hWritePipe; //创建管道
	BOOL bRet = CreatePipe(&hReadPipe, &hWritePipe, &sa, 0);
	if (!bRet)
	{
		return false;
	}

	//返回进程信息
	PROCESS_INFORMATION pi;     // 返回进程信息

	//控制命令行窗口信息
	STARTUPINFO si = {sizeof(STARTUPINFO)};
	GetStartupInfo(&si);
	
	si.hStdError = hWritePipe;
	si.hStdOutput = hWritePipe;
	si.wShowWindow = SW_HIDE;   //隐藏命令行窗口
	si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
	//创建获取命令行进程
	bRet = CreateProcess(NULL, szFetCmd, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi);
	char szBuffer[MAX_COMMAND_SIZE+1] = {0};
	CString strBuffer;
	if (bRet)
	{
		WaitForSingleObject(pi.hProcess, 100);//这里不要设为INFINITE，不然有些机器会卡死！
		unsigned long count;
		bRet = ReadFile(hReadPipe, szBuffer, MAX_COMMAND_SIZE, &count, 0);
		if (!bRet)
		{
			//关闭所有句柄
			CloseHandle(hWritePipe);
			CloseHandle(hReadPipe);
			CloseHandle(pi.hProcess);
			CloseHandle(pi.hThread);

			return false;
		}
		else
		{
			//char szSearch1[] = "00-05-69";
			//char szSearch2[] = "00-0C-29";
			//char szSearch3[] = "00-50-56";
			//如果unicode环境内先转换成unicode
            CString strBuffer;
#ifdef UNICODE
			int len = MultiByteToWideChar(CP_ACP, 0, szBuffer,-1, NULL, 0);
			wchar_t *pBuf = new wchar_t[len+1];
			::ZeroMemory(pBuf, len+1);
			MultiByteToWideChar(CP_ACP, 0, szBuffer, -1, pBuf, len);
			strBuffer = pBuf;
			delete[] pBuf;
			pBuf = NULL;
#else
			strBuffer = szBuffer;
#endif
			// 一行行取出来，取得第一行包括"物理地址"或"Physical Address"的内容
			// 因为如果有vmware，它的"物理地址"或"Physical Address"同样在字符串中
			// 不过在主机后面

			int nStar = 0;
			int nEnd = 0;
			bool bFind = false; //找到mac地址那一行
			CString strChild;
			nEnd = strBuffer.Find(_T("\r\n"), nStar);
			while (nEnd != -1)
			{
				if (nEnd != nStar)
				{
					strChild = strBuffer.Mid(nStar, nEnd-nStar);
					if (-1 != strChild.Find(_T("物理地址"))||
						-1 != strChild.Find(_T("Physical Address")))
					{
						bFind = true;
						break;
					}
				}

				nStar = nEnd + 2;
				nEnd = strBuffer.Find(_T("\r\n"), nStar);
			}

			if (nStar != strBuffer.GetLength() &&
				!bFind)//在未找到时，取最后的一行
			{
				strChild = strBuffer.Right(strBuffer.GetLength() - nStar);
			}

			//这里判断strChild是否为VMWare的Mac地址
			if (!strChild.IsEmpty())
			{
				if (-1 != strChild.Find(_T("00-05-69"))||
					-1 != strChild.Find(_T("00-0C-29"))||
					-1 != strChild.Find(_T("00-50-56"))
					)
				{
					//关闭所有句柄
					CloseHandle(hWritePipe);
					CloseHandle(hReadPipe);
					CloseHandle(pi.hProcess);
					CloseHandle(pi.hThread);

					return true;
				}
			}
		}
	}


	//关闭所有句柄
	CloseHandle(hWritePipe);
	CloseHandle(hReadPipe);
	CloseHandle(pi.hProcess);
	CloseHandle(pi.hThread);

	return false;
}

 

bool AntiVMware::AD_VM_OtherCheckMacAddr()
{
	PIP_ADAPTER_INFO pAdapterInfo = NULL;
	TCHAR szMac[32] = {0};

	DWORD AdapterInfoSize = 0;
	DWORD dwErr = GetAdaptersInfo(NULL, &AdapterInfoSize);

	if (0 != dwErr &&
		ERROR_BUFFER_OVERFLOW != dwErr)
	{
		return false;
	}

	// 分配网卡信息内存
	pAdapterInfo = (PIP_ADAPTER_INFO)GlobalAlloc(GPTR, AdapterInfoSize);
	if (NULL == pAdapterInfo)
	{
		return false;
	}

	if (ERROR_SUCCESS != GetAdaptersInfo(pAdapterInfo, &AdapterInfoSize))
	{
		GlobalFree(pAdapterInfo);

		return false;
	}

	if ((0 == pAdapterInfo->Address[0])&&
		(0x05 == pAdapterInfo->Address[1])&&
		(0x69 == pAdapterInfo->Address[2]))
	{
		GlobalFree(pAdapterInfo);

		return true;
	}

	if ((0 == pAdapterInfo->Address[0])&&
		(0x0C == pAdapterInfo->Address[1])&&
		(0x29 == pAdapterInfo->Address[2]))
	{
		GlobalFree(pAdapterInfo);

		return true;
	}

	if ((0 == pAdapterInfo->Address[0])&&
		(0x50 == pAdapterInfo->Address[1])&&
		(0x56 == pAdapterInfo->Address[2]))
	{
		GlobalFree(pAdapterInfo);

		return true;
	}

    GlobalFree(pAdapterInfo);
	return false;
}