How to tell if app runs in virtual PC ?

10-30-2009

Hi,

is it somehow possible an application to know whether it runs in a virtual
PC or on a 'normal' physically existing PC ?
What would be the best method to detect a virtual PC ?

thanks

10-30-2009

On Fri, 30 Oct 2009 23:29:47 +0200, "Hotmail_H_" <harpo_@hotmail.com>
wrote:

>Hi,
>
>is it somehow possible an application to know whether it runs in a virtual
>PC or on a 'normal' physically existing PC ?
>What would be the best method to detect a virtual PC ?
>

That is actually very difficult, but there are methods that might
work, at least for the majority of cases.
One is to use WMI calls to Windows and read things like the BIOS
name/version, the Disk maker etc.
For example if you ask for Win32_DiskDrive in a VMWare virtual machine
you will get this as Model: VMWare Virtual IDE Hard Drive
Win32_BIOS reports: VMWare + a long string of hex code

This is a clue to the fact that you are running in a virtual machine.

There are also other ways, for example you can get a more direct way
of detection by reading this:
http://www.invisiblethings.org/papers/redpill.html

I used this and made a detection application that properly detects
both VPC2007 and VMWare Workstation guests.

--

Bo Berglund (Sweden)

10-31-2009

Hotmail_H_ wrote:

> is it somehow possible an application to know whether it runs in a virtual
> PC or on a 'normal' physically existing PC ?
> What would be the best method to detect a virtual PC ?

Yes, a process can detect if it is running in VirtualPC. While VMs make
good platforms to test untrusted software, some malware can detect they
are running inside a VM, a sandbox, or under reduced permissions (which
are not defined in the OS but instead by other security software, like
GeSWall). They can then choose to remain quiescent to not expose
themselves. So you don't see the pest engage in its activity inside the
VM but once it is outside and on your host OS then its activates. There
isn't a lot of malware that detects if it is running inside a VM but
there is some.

http://taviso.decsystem.org/virtsec.pdf
http://www.seclab.tuwien.ac.at/papers/detection.pdf
http://www.eecs.umich.edu/virtual/papers/king06.pdf

VMs are primarily designed for isolation. They provide good
anti-malware protection when testing unknown software but they are not
perfect protection. Same pretty much goes for all security software.
If the security software completely prohibited the introduction of
malware, the host would be unusable to you as a general-purpose
computing platform.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
UAC Virtual PC	Jeff Gaines	Windows 64 Bit	8	10-24-2009 07:01 PM
MS Virtual PC 2007 - virtual hard disk	Jon	Windows Vista Installation	2	09-16-2007 08:36 AM
Yet Another 80070241 Error	MMarable	Windows Vista Installation	4	08-09-2006 06:48 PM
Vista Beta2 (5384) runs great on an Amd X2 chip...	Pablo	Windows Vista Performance	1	07-11-2006 07:11 PM
MS Virtual PC and Windows Vista Beta 2	Ed Fitzgerald	Windows Vista Installation	1	06-12-2006 12:19 AM