Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-14-2004, 03:27
me0007
 
Posts: n/a
How can I detect whether a 'Virtual machine' is currently running?

Is there any way to detect whether an app is running in a virtual machine (like in vmware or Virtual PC)?

Thanks for any ideas.
Reply With Quote
  #2  
Old 06-14-2004, 03:35
doug
 
Posts: n/a
Yes, check http://z0mbie.host.sk for VMWare detection and http://www.woodmann.net/forum/showthread.php?t=5991 for VirtualPC
Reply With Quote
  #3  
Old 06-14-2004, 20:02
redbull redbull is offline
Friend
 
Join Date: Mar 2004
Posts: 160
Rept. Given: 17
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 6 Times in 6 Posts
redbull Reputation: 5
Im trying to work out BOCHS detection.......
Reply With Quote
  #4  
Old 06-15-2004, 05:14
archphase
 
Posts: n/a
yes as doug already said you can use z0mbies article and also in 29A#7 there was article @ http://29a.host.sk/29a-7/Articles/29A-7.029
Reply With Quote
  #5  
Old 06-15-2004, 17:49
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 820
Rept. Given: 48
Rept. Rcvd 391 Times in 86 Posts
Thanks Given: 24
Thanks Rcvd at 105 Times in 53 Posts
Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399
note that Z0mbies method doesn't work on VirtualPC 2004.

There's a simpler way to check it. Look at below script, taken from elsewhere

PHP Code:
Debug Off
Break On
Dim $iRC
,$Msg,$Kix
$iRC
=SetOption('Explicit','On')
$iRC=SetOption('NoVarsInStrings','On')
Dim $VMWUser,$VMWPath,$VMWVer,$VMWToolsVer,$HKLMSCCS,$HKLMSMWCV,$CVMVer,$CVMMapper,$CVMMapperVer
$Kix          
SubStr(@KIX,1,4)
If 
$Kix "4.22"  
   
$Msg MessageBox('This Script requires at least KiXtart 4.22 ','Version Check',4112)  
   
Quit()
EndIf

$HKLMSCCS     'HKLM\SYSTEM\CurrentControlSet'
$HKLMSMWCV    'HKLM\Software\Microsoft\Windows\CurrentVersion'
$VMWUser      Trim(ReadValue($HKLMSMWCV '\Run','VMware User Process'))
$VMWPath      ReadValue($HKLMSMWCV '\App Paths\vmware.exe','Path')
$VMWVer       GetFileVersion($VMWPath +'\vmware.exe','ProductVersion')
$VMWToolsVer  GetFileVersion(ReadValue($HKLMSCCS '\Services\VMware Tools Service','ImagePath'),'ProductVersion')
$CVMVer       GetFileVersion(Left(ReadValue('HKLM\SOFTWARE\Classes\Virtual.PC.Floppy\DefaultIcon',""),-5),'ProductVersion')
$CVMMapper    ReadValue($HKLMSCCS '\Services\VPCMap','DisplayName')
$CVMMapperVer GetFileVersion(ReadValue($HKLMSCCS '\Services\VPCMap','ImagePath'),'ProductVersion')
'VMWare Running: ' $VMWToolsVer
'VMWare Installed: ' $VMWVer
'Connectix Running: ' $CVMMapperVer
'Connectix Installed: ' $CVMVer 
it's for a particular scripting lang, but it can be easily understood to see which reg keys it is checking.
It works on VPC 2004 also.

I think that the VPCMap.exe file is always present into a VirtualPC
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com

Last edited by Shub-Nigurrath; 06-15-2004 at 17:56.
Reply With Quote
  #6  
Old 06-16-2004, 17:44
huanxifo
 
Posts: n/a
Crackproof Your Software.pdf

There is a book in this forum's ftp /share/e-books/
Pavol Cerven - Crackproof Your Software
The book describe some methods to detect softice,virtual pc yet.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sentinel SHK Virtual Machine phroyt General Discussion 3 08-30-2020 09:21
Virtual Machine Detection (Themida/WinLicense) Kingstaa General Discussion 1 03-02-2014 17:11
Cracking inside a virtual machine yaa General Discussion 3 11-20-2003 19:54


All times are GMT +8. The time now is 18:42.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )