Determine when running in a virtual machine

delphi vmware virtualization virtualbox virtual-pc
18,614

Solution 1

I wrote a series of articles last year on this, with source code. VMware and Wine detection are here. Virtual PC is here. All three of these have pretty iron-clad detection because there are documented callbacks to the hypervisor (in the case of Wine, an extension to a standard DLL). I put up an untested VirtualBox detector (don't have it installed to test with) in the comment section. Parallels might be detectable using a callback also but I don't have it installed. The link for the documentation (which is poor since it's from a security researcher focusing on exploits) but located here if you have it installed and are interested. There's also a PPT here that has some information on detecting Sandbox, Bochs, and Xen. Not a lot of code in it but it might give you a starting point if you have to detect those.

Solution 2

Code Project shows a way to Detect if your program is running inside a Virtual Machine that goes in much detail on how to accomplish it to give a good understanding

Solution 3

I think the best approach to this is to check the hardware profiles. Virtualized hardware usually uses part of the companies name. If you check the motherboard description while in Virtual PC, you will notice it is made by "Microsoft Corporation". Likewise in VMWare, your ethernet adapter will be prefixed with VMNet.

Solution 4

This thread on the SysInternals forums has a couple of answers (in Delphi, of course), including a single IsVM function. I've tested on XP and Win2003 hosted on both XP and Vista in VMWare with good results.

Solution 5

To determine the machine is physical or VM

dmidecode | egrep -i 'manufacturer|product'

If the dmidecode command not found install the respective rpm.

This is tested under EXSI, VMWARE and hyperv machines.

Share:
18,614
Joel
Author by

Joel

Developer Advocate for Embarcadero Technologies Invented and patented swipe to unlock in 2000. See US Patent # 8352745 & 6766456, and others. Host of the Podcast at Delphi.org. (mostly a blog with occasional episodes). Preferred Languages: Delphi / Object Pascal C++ JavaScript C# / .NET Java

Updated on June 15, 2022

Comments

  • Joel
    Joel almost 2 years

    Is there an official way for an application to determine if it is running in VMWare or Virtual PC (or whatever Microsoft is calling it now)? The code I have seen is usually a hack that took advantage of some odd behavioral side effect in a specific version of VMWare or Virtual PC.

    Ideally Delphi code, but if you can link to an official explanation then I am sure I can convert it.

  • John T
    John T about 15 years
    There is also virtualbox, and VMWare among others.
  • Joel
    Joel about 15 years
    I had looked at that link before, but being that it was 4 years old and didn't really site any sources so I wasn't sure if it was still valid. Virtualization software has changed a lot since then.
  • Michael Madsen
    Michael Madsen about 15 years
    Correct, which is where everything gets a bit iffy if you want to check those as well - you need to look at the hardware info provided by these other VMs to see what special value you can look for there. However, the question asks for VPC, and that code handles it. I would argue that WMI is, regardless of VM, the best bet for a unified way of getting the required info, though, as all you need to change is the query and field name you're checking.
  • a_h
    a_h about 15 years
    it has changed a lot, but that example checks the register that hypervisor uses for interupts and being a person that knows some info about hypervisors, that part still has yet to change
  • Joel
    Joel about 15 years
    OK, I will test these on the latest virtual machines. Thanks!
  • Bruce McGee
    Bruce McGee about 15 years
    These tests work with VMWare Workstation 5 up to the latest. I don't use VPC.
  • Joel
    Joel about 15 years
    These were the articles I remembered reading about it. Thanks! The code is even in Delphi.
  • mistertodd
    mistertodd almost 15 years
    It should be noted that it's not using some officially documented scheme to detect the presence of VirtualPC. It's using instructions that should be invalid on the real hardware, that VPC uses for communication to the outside. Nothing is to say that those instructions can't change in the future, or that Intel couldn't release a CPU that then uses those "unused" instructions.
  • Stéphane
    Stéphane over 14 years
    The problem with RedPill and likewise similar techniques such as the initial scoopy_doo is that it produces false-positives when run on multi-core systems. Google for "NoPill" for additional details.
  • Stéphane
    Stéphane over 14 years
    Also keep in mind that most virtualization software will let you modify the MAC address to anything you want. Thus, this technique is not reliable.
  • tobsen
    tobsen over 13 years
    Also, other techniques are obsolete or produce false positives: charette.no-ip.com:81/programming/2009-12-30_Virtualization/‌​…
  • 0xC0000022L
    0xC0000022L almost 12 years
    @skamradt: Have you seen this? -> blog.assarbad.net/20061105/redpill-getting-colorless

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Detect virtualized OS from an application?
How to Install Ubuntu server inside Windows
How to run.vhd file ( virtual PC image ) in ubuntu 11.10
How do I run Windows 8 via virtualization?
Can I virtualize a pre-installed Windows 7?
Extra mouse buttons not working in virtualization (VMware/VirtualBox, ubuntu host)
How to avoid CRITICAL_STRUCTURE_CORRUPTION errors with VirtualBox inside VMWare
How i can install BusyBox on Virtual Machine?
run two VMs (VMWare Wst and Virtualbox) parallel at the same time
Host system resets (crashes) when using VMWare or VirtualBox and 64-bit guest systems