Merge pull request ayoubfaouzi#212 from LordNoteworthy/Noteworthy

Add Is Windows Genuine Check
lck0 · Jun 4, 2020 · 8c7a5f3 · 8c7a5f3
2 parents 5ff2a16 + ad06d71
commit 8c7a5f3
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,11 @@
 
 #### 0.80
 
+- Add Windows Genuine check. 
+- Improve GetOSDisplayString by adding Windows Server 2019.
+- Fixed the encoding of some files thanks to @not-matthias.
+- Add Missing manifest makes version checks return incorrect values.
+- Fix EnumProcessModulesEx crash on XP and some versions of Win7.
 - Fixed path names in vmware_files() and vbox_files() due to wow64 fs redirection.
 - Fixed string comparaison in check_adapter_name().
 - Anti anti-debug trick: trap flag.

diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-## Al-Khaser v0.79
+## Al-Khaser v0.80
 
 ![Logo](https://www.mindmeister.com/files/avatars/0035/8332/original/avatar.jpg)
 
@@ -123,7 +123,7 @@ Please, if you encounter any of the anti-analysis tricks which you have seen in
 - Sandbox known product IDs (todo)
 - Color of background pixel (todo)
 - Keyboard layout (Win32/Banload) (todo)
-
+- Genuine Windows installation.
 
 
 ### Anti-Virtualization / Full-System Emulation
@@ -315,7 +315,7 @@ Please, if you encounter any of the anti-analysis tricks which you have seen in
 
 
 
-## Contributors
+## Authors
 - [mrexodia](http://mrexodia.cf): Main developer of [x64dbg](http://x64dbg.com/)
 - [Mattiwatti](https://github.com/Mattiwatti): Matthijs Lavrijsen
 - [gsuberland](https://twitter.com/gsuberland): Graham Sutherland

diff --git a/al-khaser/Al-khaser.cpp b/al-khaser/Al-khaser.cpp
@@ -28,7 +28,7 @@ int main(void)
 	resize_console_window();
 
 	/* Display general informations */
-	_tprintf(_T("[al-khaser version 0.79]"));
+	_tprintf(_T("[al-khaser version 0.80]"));
 
 	print_category(TEXT("Initialisation"));
 	API::Init();
@@ -146,6 +146,7 @@ int main(void)
 		exec_check(&cim_voltagesensor_wmi, TEXT("Checking CIM_VoltageSensor with WMI "));
 		exec_check(&cim_physicalconnector_wmi, TEXT("Checking CIM_PhysicalConnector with WMI "));
 		exec_check(&cim_slot_wmi, TEXT("Checking CIM_Slot with WMI "));
+		exec_check(&pirated_windows, TEXT("Checking if Windows is Genuine "));
 	}
 
 	/* VirtualBox Detection */

diff --git a/al-khaser/AntiVM/Generic.cpp b/al-khaser/AntiVM/Generic.cpp
@@ -1490,3 +1490,30 @@ BOOL cim_voltagesensor_wmi()
 	return FALSE;
 }
 
+/*
+Checks whether the specified application is a genuine Windows installation.
+
+*/
+
+#define WINDOWS_SLID                                                \
+            { 0x55c92734,                                           \
+              0xd682,                                               \
+              0x4d71,                                               \
+              { 0x98, 0x3e, 0xd6, 0xec, 0x3f, 0x16, 0x05, 0x9f }    \
+            }
+
+BOOL pirated_windows()
+{
+	CONST SLID AppId = WINDOWS_SLID;
+	SL_GENUINE_STATE GenuineState;
+	HRESULT hResult;
+
+	hResult = SLIsGenuineLocal(&AppId, &GenuineState, NULL);
+
+	if (hResult == S_OK) {
+		if (GenuineState != SL_GEN_STATE_IS_GENUINE) {
+			return TRUE;
+		}
+	}
+	return FALSE;
+}
diff --git a/al-khaser/AntiVM/Generic.h b/al-khaser/AntiVM/Generic.h
@@ -42,4 +42,4 @@ BOOL cim_sensor_wmi();
 BOOL cim_slot_wmi();
 BOOL cim_temperaturesensor_wmi();
 BOOL cim_voltagesensor_wmi();
-
+BOOL pirated_windows();
diff --git a/al-khaser/pch.h b/al-khaser/pch.h
@@ -42,6 +42,7 @@
 #include <SetupAPI.h>
 #include <algorithm>
 #include <cctype>
+#include <slpublic.h> // SLIsGenuineLocal
 
 #pragma comment(lib, "wbemuuid.lib")
 #pragma comment(lib, "Shlwapi.lib")
@@ -53,6 +54,7 @@
 #pragma comment(lib, "Winmm.lib")
 #pragma comment(lib, "setupapi.lib")
 #pragma comment(lib, "powrprof.lib")
+#pragma comment(lib, "Slwga.lib")
 
 #include "Shared/Common.h"
 #include "Shared/VersionHelpers.h"