hi, can someone help me translating this functions from c++ to delphi, because i not a c++ coder:

here you go:

bool IsAnubis()
{
	PROCESSENTRY32 pe32;
	pe32.dwSize = sizeof(PROCESSENTRY32);
	DWORD PID = 0, PPID = 0, expPID = 0;
	HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if(Process32First(hSnapshot, &pe32))
	{
		while(Process32Next(hSnapshot, &pe32))
		{
			PID = pe32.th32ProcessID;
			if(PID == GetCurrentProcessId())
			{
				PPID = pe32.th32ParentProcessID;
			}
			if(!strcmp(pe32.szExeFile, "explorer.exe")) 
			{
				expPID = pe32.th32ProcessID;
			}
		}
		CloseHandle(hSnapshot);
	}
	if(PPID != expPID)
	{
		return TRUE;
	}
	else
	{
		return FALSE;
	}
}

bool IsNormanSandBox()
{
	CHAR szUserName[MAX_PATH];
	DWORD dwUserNameSize = sizeof(szUserName);
	GetUserName(szUserName, &dwUserNameSize);
	if(!strcmp(szUserName, "CurrentUser"))
	{
		return TRUE;
	}
	else
	{
		return FALSE;
	}
}

bool IsSunbeltSandBox()
{
	CHAR szFileName[MAX_PATH];
	GetModuleFileName(NULL, szFileName, MAX_PATH);
	if(!strcmp(szFileName, "C:\\file.exe"))
	{
		return TRUE;
	}
	else
	{
		return FALSE;
	}
}

bool IsVirtualPC()
{
	__try
	{
		__asm
		{
			mov eax, 1
			_emit 0x0F
			_emit 0x3F
			_emit 0x07
			_emit 0x0B
			_emit 0xC7
			_emit 0x45
			_emit 0xFC
			_emit 0xFF
			_emit 0xFF
			_emit 0xFF
			_emit 0xFF
		}
	}
	__except(1)
	{
		return FALSE;
	}
	return TRUE;
}

bool IsVMware()
{
	DWORD _EBX;
	__try
	{
		__asm
		{
			push ebx
			mov eax, 0x564D5868
			mov ebx, 0x8685D465
			mov ecx, 0x0A
			mov dx, 0x5658
			in eax, dx
			mov _EBX, ebx
			pop ebx
		}
	}
	__except(1)
	{
		return FALSE;
	}
	return _EBX == 0x564D5868;
}

thanks in advance

There are plenty of similar translations all over, especilly the isvmware and isvirtual pc - google for them - as for the process list - there are plenty of examples of that too

This article has been dead for over six months. Start a new discussion instead.