Home > Delphi > Virtual Machine Detection

Virtual Machine Detection

April 29, 2008 Leave a comment Go to comments

Marshall Fryman posts some code snippets on how to detect if application running under virtualized environment, such as VMWare, Virtual PC, Wine, etc.

So, I’ve made a demo based on the code he provided, and here some snapshots.

Native Environment

Virtual PC

VMWare GSX Server

VMWare Workstation

Wine

Advertisement
Categories: Delphi Tags: , , , ,
  1. Marshall Fryman
    May 5, 2008 at 11:05 pm
    Reply

    Do you have a Parallels install? I found a security researcher who claimed that you could detect Parallels using an interrupt. I haven’t found anyone who has shown specifically how the call works (or even anyone else who documents that this exists). Since I really don’t do asm very well, I haven’t been able to decide what xxxxx should be. Well, that plus I don’t have a Parallels install. 🙂

    The article is here : http://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf (pages 5 & 6). Any chance you grok asm enough to decipher what should be passed ?

  2. bprasetio
    May 6, 2008 at 9:38 am
    Reply

    Thank you for pointing me to the article, first I have to get Parallels and others described in the article. I think it will be a lot of funs (and stresses??) about detecting many virtual machines. 😀

  3. Marshall Fryman
    May 7, 2008 at 3:26 am
    Reply

    np, let me know if you need anything.

    m

  4. abdollah nouri
    December 5, 2010 at 7:05 pm
    Reply

    hi
    where can i download codes?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: