Does anyone know how to detect if a prog is running under VMware?
Thanks.
Thanks.
Hm.. I think you can check the graphic card .. VMware installs its own generic driver..
but this will only work if the "VMware tools" are installed in that virtual machine
VMware and VMware "boxes" logo are trade marks of VMware, Inc
but this will only work if the "VMware tools" are installed in that virtual machine
VMware and VMware "boxes" logo are trade marks of VMware, Inc
..or even better: logical volumes and maybe the registry ..
here is a nice key
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0
Identifier = VMware Virtual IDE Hard Drive
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0
Identifier = VMware Virtual IDE Hard Drive
and one thing from http://lists.insecure.org/lists/honeypots/2002/Oct-Dec/0029.html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Below is an Unix program that will tell you if it is running in a
VMWare virtual machine. If you're interested in a Windows or DOS
version, visit <[url]http://chitchat.tripod.co.jp/vmware/[/url]>.
/*
* 4tphi-vmchk.c
* Detects if you are in a VMWare virtual machine.
*
* Written by Andrew Hintz <[url]http://guh.nu[/url]>
* and AAron Walters
* Fortify Research Laboratories <[url]http://4tphi.net[/url]>
*
* "Oft at the hives of his tame bees
* They would their sugary thirst appease."
*
* This program is based on info and code from:
* [url]http://chitchat.tripod.co.jp/vmware/[/url]
* by chitchat_at_lycos.jp
*
* Notes:
* The program can be run as a normal user.
* We tested the program only in x86 Linux.
* The m4dn3ss lives on!
*/
#include <stdio.h>
#include <sys/signal.h>
#if __INTSIZE == 2 /* 16 bit environment */
typedef unsigned int uint16;
typedef unsigned long uint32;
#else /* 32 bit environment */
typedef unsigned short uint16;
typedef unsigned int uint32;
#endif /* __INTSIZE */
void segfault(){
printf("Not running inside VMware.\n");
exit(1);
}
int main(){
uint32 verMajor, verMinor, magic, dout;
signal(SIGSEGV, segfault);
__asm__ __volatile__ ("
mov $0x564D5868, %%eax; /* magic number */
mov $0x3c6cf712, %%ebx; /* random number */
mov $0x0000000A, %%ecx; /* specifies command */
mov $0x5658, %%edx; /* VMware I/O port */
in %%dx, %%eax;
mov %%eax, %0;
mov %%ebx, %1;
mov %%ecx, %2;
mov %%edx, %3;
"
: "=r"(verMajor), "=r"(magic), "=r"(verMinor), "=r"(dout)
);
if (magic == 0x564D5868) {
printf("Running inside VMware. ");
printf("(Version %lu,%lu)\n", verMajor, verMinor);
/* I'm not really sure what the versions mean. */
}
return 0;
}/* end main */
/* end of file */
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <[url]http://www.pgp.com[/url]>
iQA/AwUBPcq9dpAUypktoF54EQLpHwCePzWr5/TpUnZiwhvf1ctYD3uJv1AAoOl9
YmH+cbL9CDrjR5eL4gjJ2u5w
=nbMf
-----END PGP SIGNATURE-----
Mmm...I like the last one. I didn't know how to do it, but thought it would be something of that sort (actually I thought it would use an int).
Thank you.
Thank you.
no problemo :alright: