VMware Communities
DanielKYantis
Contributor
Contributor
‎07-31-2016 07:47 AM

Prevent a program knowing it's in a VM

"This program can not by run within a VM environment"

What?! What's the point of VMWare Fusion if the only program I wanted to use gives me this message?

How can I prevent VMWare Fusion from showing it's a VM? Or better yet how to prevent the program knowing it's in a VM?

I'm not trying to hack or cheat... I just don't use or own a Windows Laptop (Just several MacBook Pros) and the program only runs on Windows.

The main program will continue to run on the intended Windows machine (it's a Photo Booth) but I want to do edits and templates on my laptop (Mac).

I've called their tech support and they suggest getting a USB dongle. However, I already paid for the program and the activation works fine on the Windows machine.

I would have to trade my code (2 machines) for the dongle (only 1 machine). The problem is I just want to edit on my Mac not use it as the production machine.

They allow edits in trial mode but I can't even get into trial mode within the VM. They suggest using BootCamp! But that really limits my Mac.

So in the end, I just want the program not to know it's in VM so that I can run it in trial mode so that I can do template edits that I can then send to the actual production machine in the field (sometimes many miles away so I can't just move the dongle over). and I can't remote access while the Photo Booth is being used at an event. I would do the edits as needed and then just send the edited file via a very short remote access rather than 30 minutes while I edit the template.

0 Kudos
4 Replies
vmxmr
Expert
Expert
‎07-31-2016 09:39 AM

That's a great question.

-> By the way, which application are you running that is causing the issue? (You don't have to worry about secrecy here - you already contacted them to ask about the issue.)

I can think of multiple different ways that a program can detect that it is running in a virtual environment. It is hard to know which of them (if not multiple checks) that your application is using. As a start, many devices are virtualized in VMware Fusion. Here are some examples from the Device Manager within my Windows 7 64-bit virtual machine:

Disk drives: VMware, VMware Virtual S SCSI Disk Device

Display adapters: VMware SVGA 3D

DVD/CD-ROM Drives: NECVMWar VMware SATA CD01 ATA Device

etc... the list is very long.

Besides virtualized devices, there are other ways for a program to detect that it is running in a virtualized environment. Malware (viruses) often behave differently or quit running in virtualized environments to prevent anti-virus companies from analyzing their behavior, for example. Here are a couple links for software developers. I found them in a quick web search. They show developers how to detect that their programs are running in virtualized environments:

anti debugging - How to detect a virtualized environment? - Reverse Engineering Stack Exchange

vmware - Detect virtualized OS from an application? - Stack Overflow

In short, if the application developers have done a decent job to write the code that detects virtualized environments (and I bet that they have), it will be nearly impossible for you to trick the application into thinking otherwise, especially running in any VMware environment.

0 Kudos
DanielKYantis
Contributor
Contributor
‎07-31-2016 10:25 AM

That really sucks!

Darkroom Booth 2.5

And they said they would not allow me 1 USB Dongle and 1 code activation instead of 2 codes...

0 Kudos
ColoradoMarmot
Champion
Champion
‎08-05-2016 10:49 AM

There is no way to prevent detection - a lot of malware does this to prevent being analyzed in a sandbox.

This is intentional by the company, because VM's can be cloned and distributed.  I'm sure that your 2 licenses only allow 1 to be used at once, hence the dongle approach (only works on one at a time).

0 Kudos
Venom83
Enthusiast
Enthusiast
‎02-08-2017 10:34 PM

Hi Daniel,

While you can try to circumvent the technique implemented in the software to detect that it is in a VM, I am not sure it is legal. Make sure to read the EULA carefully.

That being said, from a purely technical point of view, you can use ProcMon from Sysinternals to analyze software behavior and track its requests to the registry and file system.

It is usually a pretty complex procedure, but it allows you to find all the program activities and find out what you need to "fake" to make it believe it is a real PC.

It will be very tricky as you don't know in advance how many checks are being performed and those checks can be performed by external executables and not by the program executable.

You can then use MS ACT (already included in MS ADK) to trick those calls or simply modify the related registry entries using a batch file and revert after the program had been closed.

To anyone else reading this, please know that in 99% of the times that you see software refusing to run specifically in a virtual environment (with error message or without), it is probably malware.

Leonid

0 Kudos