Windows C++ / Checking Pipe

Author Thomas Roccia (fr0gger)
Platform Windows
Language C++
Technique Checking Pipe

Description:

In this code, we use the open function to attempt to open the \.\pipe\cuckoo named pipe for reading. If the named pipe exists and can be opened, the open function will return a file descriptor greater than or equal to zero. In this case, we conclude that we are running on a virtual machine, and we print a message indicating this. If the named pipe does not exist, the open function will return a negative value, and we conclude that we are running on a physical machine. In both cases, we print a message indicating the type of machine we are running on.

Code

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>

int main()
{
    // Attempt to open the Cuckoo named pipe
    int fd = open("\\\\.\\pipe\\cuckoo", O_RDONLY);
    if (fd >= 0) {
        // The named pipe exists, so we are running on a virtual machine
        printf("We are running on a virtual machine.\n");
        close(fd);
    } else {
        // The named pipe does not exist, so we are running on a physical machine
        printf("We are running on a physical machine.\n");
    }

    return 0;
}

Created

December 13, 2022

Last Revised

April 22, 2024