John Howard - Senior Program Manager in the Hyper-V team at Microsoft

Senior Program Manager, Hyper-V team, Windows Core Operating System Division.

Blogs

Virtual Machine detection from guests

  • Comments 6
  • Likes

There are a few "known" hacks to determine if a program is running under a Virtual Machine, unfortunately none of these supported by Microsoft.

The most common one is the WMI query to find the motherboard manufacturer - if it is Microsoft, then, as of today at least, given that Microsoft don't manufacture motherboards, is relatively reliable.

However, there's a couple of other ones I found out about yesterday which I wasn't aware of (similarly unsupported). Just to show I'm not biased also, they both also detect VMWare.

First up is Red Pill by Joanna Rutkowska which uses the SIDT processor instruction:

http://invisiblethings.org/papers/redpill.html

Secondly, there's VmDetect which is a simple .Net utility.
http://www.codeproject.com/system/VmDetect.asp



Note: I haven't tested these solutions and you're entirely on your own for support if you choose to rely on these mechanism in any applications you write. Also, neither mention Virtual Server explicitly - just Virtual PC. However, I haven't tested this whether either tool identifies Virtual Server.

Comments
  • Neat!

  • Hi John,

    first of all, great blog :)

    Sorry for the bump in this blogpost, but i'm having a little question :)

    I'm currently designing a deployment solution which is gonna install the vm additions automatically when os is deployed on VPC/VServer or Hyper-V. But here's the trick...

    Do you know a way how to check if a guest is running on Hyper-V, Virtual PC or Virtual Server. Because the WMI query for manufacturer and model is not working, for all three products it's Microsoft Corporation and Virtual Machine. But because the different products have different additions, I wouldn't want to install the VirtualServer additions on a guest that's running on Hyper-V :)

    Thanks in advance :)

    mail: h.hofs at loginconsultants.nl

  • Henk - thanks :)

    I don't have a good answer unfortunately, at least not one which I've tried. Would it be possible to query the BIOS date from win32_bios as an option and do conditional stuff based on the date that's returned? I confess though, I haven't got a list of what dates are returned for each version. At least the Hyper-V date should be different to VS/VPS (I hope....) (05/05/08 20:35:58 Ver:08.00.02)

    Would that work?

    Thanks,

    John.

  • Hey John,

    I ran the command below on a hyperv guest...

    wmic:root\cli>path win32_bios get name

    Name

    BIOS Date: 05/05/08 20:35:56  Ver: 08.00.02

    Virtual PC 2007 gives this though:

    wmic:root\cli>path win32_bios get name

    Name

    BIOS Date: 02/22/06 20:54:49  Ver: 08.00.02

    Virtual Server 2005 R2:

    wmic:root\cli>path win32_bios get name

    Name

    BIOS Date: 02/22/06 20:54:49  Ver: 08.00.02

    So this will be one way of diffentiating between hyper-v and VPC/VS. Next question though:

    Do VPC and VS need different Additions or can the same additions be used for both VPC and VS?

  • Henk - generally you use the latest version of the additions regardless of whether VPC or VS. Both work on both platforms. However, it's been a while since I've been working with VPC and VS as I'm in the Hyper-V team now, so I can't be authoritative that it remains the case. I'm certainly not aware of anything which has caused that generalization to break.

    Cheers,

    John.

  • Hey John,

    I am having one query.is that i am calling wmi api method to retrieve the data of Hyper-V hypervisor.I am unable to get a method which will give me details like platform and version of Hyper-V .Could you please let me know which method should i use to get the details.

    Answer will be appreciable.

    Thanks,

    Prasanna

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment