Detecting Virtualization

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • togikan
    New Member
    • Jul 2010
    • 5
    #1

    Detecting Virtualization

    Is there an intrinsic to detect that program on virtual pc or native pc. I have a function to do this with inline assembler but to do this on 64 bit I need intrinsics because no 64bit support for inline assembler.

    Regards,
    T H K
    Tags: 64 bit, detect, intrinsic, virtual machine, virtualization
    • Oralloy
      Recognized Expert Contributor
      • Jun 2010
      • 988
      #2
      You could fumble through the op-codes and just in-line code them as hex constants in your in-line assembler.

      I've used this sort of ugly "fix" before to use in-line assembly, when the full op-code set is not supported.

      It works, but be careful how you go about it.

      Alternately, and I think this is the better way, create a funtion using assembly language (e.g. VirtualMachineT est.asm), build it, create a header file to declare it (e.g. VirtualMachineT est.h), have your C++ program call the function, and add the object module to your linker parameters.

      Good Luck!

        Comment

        • togikan
          New Member
          • Jul 2010
          • 5
          #3
          Thanks Oralloy,
          I'm going on 2nd way now looking to convert this code :)

          bool IsInsideVMWare( void)
          {
          bool rc = true;

          __try
          {
          __asm
          {
          push edx
          push ecx
          push ebx

          mov eax, 'VMXh'
          mov ebx, 0 // any value but not the MAGIC VALUE
          mov ecx, 10 // get VMWare version
          mov edx, 'VX' // port number

          in eax, dx // read port
          // on return EAX returns the VERSION
          cmp ebx, 'VMXh' // is it a reply from VMWare?
          setz [rc] // set return value

          pop ebx
          pop ecx
          pop edx
          }
          }
          __except(filter (GetExceptionCo de()))
          {
          rc = false;
          }

          return rc;
          }

          But here is the problem now, how can i declare a boolean "rc" and how return value? Actually I'm not sure i need these.
          Last edited by togikan; Jul 30 '10, 11:40 AM. Reason: boolean variable? :)

            Comment

            • Oralloy
              Recognized Expert Contributor
              • Jun 2010
              • 988
              #4
              toquikan,

              You need to have a return of some sort. Either you will have to save it in a variable that is shared with your C++ code, or you will have to do a return code.

              My suggestion is that you find a x64 assembly code example and use that as the basis of your code. If I remember from my x86 code, the integer return value goes into a standard register. If you declare the function as returning bool in C++, it should work just fine.

              So you will have a header module like this:
              IsInsideVMWare. h
              Code:
              //
//  IsInsideVMWare.h
//    function to detect host operating environment - inside VM ware or not
//

#if !defined(__ISINSIDEVMWARE_H__)
#define __ISINSIDEVMWARE_H__
  extern "C" bool IsInsideVMWare(void);
#endif
              And your ASM module will be appropriately strucutred.

              As I recall, there are special name conversion conventions under Microsoft's compilers for "C" code function names. I believe that the name you'll have to export from your ASM module is _IsInsideVMWare (note the prefixed underscore). But, please don't hold me to this.

              Luck!

                Comment

                Previous template Next
                Working...