I am trying to find a way to programatically detect that my program runs on a virtual machine, as far as I know there is no common way for parallels to do that.
Windows 8 task manager performance tab displays a "Virtaulization" option, what does it mean? When i run windows 8 in a virtual machine it changes to virtual processors and virtual machine: yes, so some how windows 8 detects that it is running inside a virtual machine, how does windows 8 detect that it is running in a virtual machine? Is it possible to get this information programatically? I tried both on parallels and vm ware and both works fine.
You should take a look at this interesting article Red Pill... or how to detect VMM using (almost) one CPU instruction by Joanna Rutkowska which used to be here but is now dead and can only be viewed with the waybackmachine here and Virtualization: Red Pill or Blue? by Steven McElwee which also used to be here but can now only be viewed here.
Heres the code:
int swallow_redpill()
{
unsigned char m[2+4], rpill[] = "\x0f\x01\x0d\x00\x00\x00\x00\xc3";
*((unsigned*)&rpill[3]) = (unsigned)m;
((void(*)())&rpill)();
return (m[5]>0xd0) ? 1 : 0;
}
It should return 1 if running in a virtual machine and 0 if not.
Edit: It may return false-positives on modern cpus and its apparently better to combine a couple of tests together to make sure the result is real.
On VMware you could check for the CD drive vendor- should be "VMware" or "VMware, Inc." or something like this.
I don't know about VMware workstation but on ESXi your MAC address generally starts with "00:50:56". You could make use of this, too.
Have a look at virt-what. Maybe you can port it to Windows.
And maybe How to detect install is running on a VM? can help you.
Related
I'm trying to install and use VirtualBox in a lab with heterogeneous computers. In one machine (with Intel E5500) it works perfectly. In all others (most wwith E2180) it doesn't work. Why is it happening?
All machines have Windows 7 32 bits.
Log: https://pastebin.com/nfbPYGP7
You might want to try and modify your settings.
In System /// Acceleration panel look for “enable VT-x”. When enabled your VM will take advantage of the hardware VT-x circuits but it might be the problem for your E2180 as it does not implement this Technology.
Processor E2180 vs
Processor E5500
My question is regarding the possibility of an particular thing. I have Debian installed on my system and have win 8 as an virtual os using virtual box
Is it possible to bypass linux completely or partially and boot directly into the Win 8 virtual OS? maybe creating an entry into grub or something like that
I'm pretty sure that we can not do that, because the virtual box itself is installed on the Debian so we need the Debian to start the virtual box and then the virtual OS.
No, you cannot. The best you can get to is converting the Virtualbox .vdi to a partition, but even then it isn't likely to boot. See this answer.
I was looking for doing the same thing I found couple good guides on the web
https://www.maketecheasier.com/log-into-a-virtualbox-session-in-ubuntu/
https://askubuntu.com/questions/404665/how-to-start-virtual-box-machines-automatically-when-booting
I have a Kubuntu 12.10 64bit as host and CentOS 6 32bit as guest system on VMware player 5 on a Dell Latitude E6510.
Despite the installation of VMware tools, the clipboard exchange is not working.
I use a very similar guest system within VirtualBox and there cliboard exchange works fine.
Has someone experienced the same with a configuration similar to mine?
And is it possible, that the guest system causes the problem instead of the player?
I've found thaht suspending and then re-playing the VM will re-enable clipboard exchange.
Clipboard exchange will then work both between VMs and the Host machine as well as between VMs themselves.
(VMWare Player 5.0, Windows 7)
After having installed several constellations like that, I experienced, that in general it works, I can exchange the clipboard in both ways and even the desktop size adapts to the size of the VM window, but still from time to time having a situation, where it doesn't work and also heard of many other people who experienced that.
So, if someone can enlighten me on that point, I'll be happy, but I'm closing my question hereby.
If we assume we have only the binary, we can use windbg to drop into assembly and see what’s going on. Since windows guests run in fully emulated mode, it should be straightforward to trace in the guest.
If we want to trace what is happening in the virtualization layer, i.e. hypervisor, it will be a bit difficult. It depends on what kind of machine we are running on. These days all machines are 64 bit with VMX enabled which allow the hypervisor to intercept guest instructions on the fly, since processor virtualization is implemented in hardware.
Since it is just a trap by which the guest drops into hypervisor it is almost impossible to tell when the guest has entered the hypervisor and when its back. However we probably will not achieve much by tracing any code in the hypervisor.
In a VMX enabled machine only page table write changes and IOPL changes will go to hypervisor. Everything else is handled in the guest itself.
For all practical application debugging windbg should be fine.
Can we Trace the running Process(.exe) & its Instructions at guest OS using WinDbg??
Please help on this...
Im really appreciating your time on this ..
Thank you .. :)
I'm not entirely sure what you're asking, but if you're asking if you can run windbg on a virtualized machine, then yes, it works just like it does on a physical machine.
If you want to attach to the process that is running the virtual machine itself, but look at a process that is inside of the guest os, then the answer is no.
I've been hearing a lot about about how the new version of VMWare Fusion can run virtual operating systems in "headless mode".
A Google search makes it clear that other virtualisation products also have similar features, however, I have not been able to find a good description of what this actually means? What is happening when you do this?
Headless mode means that the virtual machine is running in the background without any foreground elements visible (like the Vmware Fusion application)
You would have no screen to see running the front end; i.e. the screen/console would not be visible, even though the operating system is running, and would typically have to access the machine via SSH.
For anyone that is interested, you can activate headless mode in VMWare Fusion by running the following command in Terminal.app
defaults write com.vmware.fusion fluxCapacitor -bool YES