2009/12/30 Stéphane Charette <[email protected]>: > Spent the night trying various inline assembly to attempt to detect > when my application is running within a VM. > > Couple of things to note: the web is full of really bad and really > ***WRONG*** example code from people thinking they're being crafty. > Some code is of course geared towards just Windows + VMWare, but there > is a surprisingly large amount of example code calling things like > SIDT and SGDT with just 2 bytes to store the result. I may not be an > assembly programmer, but it doesn't take much Googling at AMD and > Intel's sites to see that even at best-case when running in i386, it > needs at least 6 bytes, while in AMD64 you'd need 10 bytes. > > I'm guessing things have progressed in the last few years, where some > of the VM detection example code that made headlines when they were > first discovered no longer applies...or perhaps only ever applied to > VMWare? Things I tried include: > > - SIDT (aka "red pill" and "snoopy_doo") > - SGDT (upper byte always 0xff for me, whether native or in VirtualBox) > - SLDT (always returns zero for me, whether native or in VirtualBox) > - STR (always returns 0x0040 whether native or in VirtualBox) > > I'm worried the only "solution" (and I use the term lightly) is to do > something crazy like walking the PCI table or the DMI BIOS information > looking for certain strings. Can someone recommend something better? >
There is no way to ultimately know that this is a VM or not. Some future (or rare) emulator/virtualizer will always render your detection code useless. As for current versions of VirtualBox - the best way to detect it is by PCI ID of it's video card; "VirtualBox Graphics Adapter". -- -Alexey Eromenko "Technologov" _______________________________________________ vbox-dev mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-dev
