The goal of this transformation is to ensure that -- during execution -- the program is running ina "safe" environment. By "safe" we mean that we are not being monitored in any way. More specifically, that program will check that it is not being debugged, not being emulated, not being run inside a virtual machine, etc.
Option | Arguments | Description |
---|---|---|
--Transform | CheckEnvironment | Check if we are being run in an environment where we are being monitored. |
--CheckEnvironmentCount | INTSPEC | How many checkers to insert. Default=1. |
--CheckEnvironmentSandboxes | gdb, lldb, bochs, vmware, virtualBox, qemu, pin, cuckoo | The list of sandbxes that should be detected. Default=None.
|
--CheckEnvironmentResponseKinds | abort, modifyGlobal, random, plugin | Comma-separated list of ways to respond when a check fails. Default=None.
|