 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Virtual PC / February 2005How to programmatically detect if inside Virtual Machine
A while back I posted an question in "microsoft.public.virtualpc" on how a process could programmatically determine if it is running inside a Virtual machine (either Virtual PC or server). See http://groups.google.ca/groups?hl=en&lr=&threadm=eXr87ZgiEHA.2436%40TK2MSFTNGP09 .phx.gbl&rnum=1&prev=/groups%3Fhl%3Den%26lr%3D%26q%3Dwin32_baseboard%2Bvirtual%2 Bmachine%2Bgroup%253Amicrosoft.public.*%26btnG%3DSearch The outcome of that query was that I was told that the only known way of doing this was by examining the "Manufacturer" and "Product" properties of the "Win32_BaseBoard" WMI class and looking for the values "Microsoft Corporation" and "Virtual Machine" respectively. Unfortunately I am running into a few problems using this method at boot time, due to service dependencies and the length of time it takes WMI to initialize correctly. So I thought I would ask if someone from Microsoft could give me a _definitive_ answer on the detection method. If there is an alternative to using WMI, I would be really grateful of being informed of it, even if it involves using assembler. Thanks > A while back I posted an question in "microsoft.public.virtualpc" on how a > process could programmatically determine if it is running inside a Virtual [quoted text clipped - 16 lines] > > Thanks /* VMM detector, based on SIDT trick * written by joanna at invisiblethings.org * * should compile and run on any Intel based OS * * http://invisiblethings.org */ #include <stdio.h> int main () { unsigned char m[2+4], rpill[] = "\x0f\x01\x0d\x00\x00\x00\x00\xc3"; *((unsigned*)&rpill[3]) = (unsigned)m; ((void(*)())&rpill)(); printf ("idt base: %#x\n", *((unsigned*)&m[2])); if (m[5]>0xd0) printf ("Inside Matrix!\n", m[5]); else printf ("Not in Matrix.\n"); return 0; } This doesn't work as intended -- all it does is detect if a VM is running on the machine, not if you are trying to execute a program inside the VM. Host with no VPC or VMWare: Not in Matrix. (Not in VM) Host with VPC or VMWare, but no VM's running: Not in Matrix Host with VMWare of VPC and a VM running: In Matrix (Supposedly in a VM) Guest in a above host: In Matrix. You wouldn't want to detect the host as a VM and not allow things to run based on that. - Bob Comer >> A while back I posted an question in "microsoft.public.virtualpc" on how >> a process could programmatically determine if it is running inside a [quoted text clipped - 34 lines] > return 0; > } I just did some more testing, and it looks like the host's values are inconsistent, so it may show up as inside, or outside. It probably has something to do with whether the VM is taking that cycle or not. The guest always looks to be "Inside", so maybe it is a way to test, but how many iterations would you need to see if it were a VM or not... (Seems a messy to do it this way to me...) - Bob Comer > This doesn't work as intended -- all it does is detect if a VM is running > on the machine, not if you are trying to execute a program inside the VM. [quoted text clipped - 48 lines] >> return 0; >> } I too have found the behaviour of the "RedPill" solution to be inconsistent. But thanks to both of you for your help. Still hoping for someone from Microsoft to repond to this query. Will > I too have found the behaviour of the "RedPill" solution to be inconsistent. > But thanks to both of you for your help. > > Still hoping for someone from Microsoft to repond to this query. > > Will You might find this interesting: http://blogs.msdn.com/virtual_pc_guy/archive/2005/01/24/359650.aspx > > I too have found the behaviour of the "RedPill" solution to be inconsistent. > > But thanks to both of you for your help. [quoted text clipped - 5 lines] > You might find this interesting: > http://blogs.msdn.com/virtual_pc_guy/archive/2005/01/24/359650.aspx Thanks David that works like a charm :) Unfortunately though it only works if Virtual Machine Additions are installed, and only for SP1 on Virtual PC 2004. I am still hopeful that there will be a more 'generic' method. Thanks again, Will If reading the registry is OK for you, then what about looking at the SystemBiosVersion string in HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System? After all, what are the chances that a real motherboard has a bios creation date that is set to 08/14/03 19:41:02 and is version 08.00.02? :-) The version number and date/time might change from one SP to another, but then you'd just need to add an extra check to your routine. This probably reguires that the guests are running Windows 2000 as a minimum since I'm a bit unsure if the key is available on earlier versions of Windows. Martin Moustgaard > > > I too have found the behaviour of the "RedPill" solution to be inconsistent. > > > But thanks to both of you for your help. [quoted text clipped - 15 lines] > Thanks again, > Will > A while back I posted an question in "microsoft.public.virtualpc" on how a > process could programmatically determine if it is running inside a Virtual > machine (either Virtual PC or server). > ..... <snip> ..... I have a device driver and the way I check if in a VM is to write to a hardware performance counter, read back the value and compare it to what I wrote. VPC doesn't virtualize the performance counters so you always get back zeros regardless of what you write to the counter. That seems to work for me, at least running under VPC, but it requires a device driver. I have not tried it under Virtual Server 2005. Enio. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.