"Karl Mitschke" <karlmitschke@newsgroup> wrote:
>> i can detect a Microsoft virtual guest by the following:
>> # this part determine whether the computer itself is a virtual guest #
>> How do i determine the virtual guest is a VMWARE guest ? Are there any
>> registries to indicate ?
> Get-WmiObject Win32_ComputerSystem -Comp <computername>
> Will show the following for VMWare:
> Manufacturer : VMware, Inc.
> Model : VMware Virtual Platform
Dressing up the command Karl provided to provide a boolean result for
computer "hostname" on a VMWare box:
if ((get-wmiobject win32_computersystem -comp
Other choices would be to investigate the peripheral vendor tags and such,
but fishing the computer model value out of WMI is far easier.
I won't guarantee the validity of the setting, however...not because I know
that it can be forged, but because I don't know that it can't. Assuming
that you have some reason to trust the system not to counterfeit a
non-virtual machine, though, the test should be good enough for most uses.
(Side note: one of the problems that malware researchers have in examining
attack code is that the nasty-guy programmers often try to figure out if
their attack code is running in a virtual machine, and to lie dormant if
so...meaning that the researchers try to prevent programs on their honeypots
from being able to detect that it's on a VM. Some of the
am-I-on-a-virtual-machine tests used by malware are downright cute...pity
that the <censored> can't be brought over to the bright side.)