Windows C++ / Checking Pipe
Author | Thomas Roccia (fr0gger) |
Platform | Windows |
Language | C++ |
Technique | Checking Pipe |
Description:
In this code, we use the open function to attempt to open the \.\pipe\cuckoo named pipe for reading. If the named pipe exists and can be opened, the open function will return a file descriptor greater than or equal to zero. In this case, we conclude that we are running on a virtual machine, and we print a message indicating this. If the named pipe does not exist, the open function will return a negative value, and we conclude that we are running on a physical machine. In both cases, we print a message indicating the type of machine we are running on.
Code
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
int main()
{
// Attempt to open the Cuckoo named pipe
int fd = open("\\\\.\\pipe\\cuckoo", O_RDONLY);
if (fd >= 0) {
// The named pipe exists, so we are running on a virtual machine
printf("We are running on a virtual machine.\n");
close(fd);
} else {
// The named pipe does not exist, so we are running on a physical machine
printf("We are running on a physical machine.\n");
}
return 0;
}
Created
December 13, 2022
Last Revised
April 22, 2024