That will do Hal.

function myIsLocalhostVM()
	{
		$VMTools = Get-Service VMTools -EA 0
		if ( -not $VMTools ) 
			{ return $false }
		else
			{ return $true };
	}

Or,

function myIsLocalhostVM { if ( Get-Service VMTools ) { return $true } }

[vExpert|http://www.vmware.com/communities/vexpert/], PowerShell MVP, VI Toolkit forum moderator

Author of the book: Managing VMware Infrastructure with PowerShell

Co-Host, PowerScripting Podcast (http://powerscripting.net)

Need general, non-VMware-related PowerShell Help? Try the forums at PowerShellCommunity.org

If you can't run the VMware Tools service, for whatever reason, on your Windows guest, you could use the BIOS SerialNumber.

function myIslocalhostVM{
  if ((Get-WmiObject Win32_BIOS).SerialNumber -match "VMware"){return $true}
}

Nice one, Luc.

--

Hal Rottenberg / hal@halr9000.com<mailto:hal@halr9000.com> / halr9000.com<http://halr9000.com>

Microsoft MVP (PowerShell) / VMware vExpert

Co-Host, PowerScripting Podcast / Director, PowerShellCommunity.org

"Managing VMware Infrastructure with PowerShell: TFM", due in April!

Follow me on Twitter: http://twitter.com/halr9000

Good find.

If I know LucD he did not just find it :smileygrin: he most likely knew it already LOL

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth VCP / vExpert

VMware Communities User Moderator

Blog: www.planetvm.net

Contributing author for the upcoming book "VMware Virtual Infrastructure Security: Securing ESX and the Virtual Environment”.

5 points if someone rewrites this: http://mark.michaelis.net/Blog/WowCIsAmazing.aspx.

http://blogs.msdn.com/powershell/archive/2006/04/25/583236.aspx

http://www.leeholmes.com/blog/PowerShellPInvokeWalkthrough.aspx

Chris, you are asking to re-write the Red Pill exploit in PS.

That is in fact not a big problem since one can easily use any .Net language with the CompileAssemblyFromSource method.

But is there really a point in doing this ?

I can only see the Red Pill being used in honeypots, not in 'regular' guests. For me there is no real value in accepting your challenge (albeit it an interesting exercise).

I might need the exercise in ps pinvoke...

I think checking against the existence of VMWare Tools service might raise a false positive in at least one situation:

converting a VM to a real computer and the service isn't uninstalled.

OTOH, I had just tried to install VMWare Tools (using ISO image provided by WorkStation 6.5.2) in a real PC and I noticed that the setup.exe refused to go on, saying that the computer isn't virtual. So that means there's an official way to detect if one's inside a VMWare VM. The question is: is VMWare going to release an official tool to check if one is within a VM.

Did you have a chance to test this theory also against a *nix client ?

What theory? What do you mean by client? Guest Linux?

I meant if you tried to install the VMware Tools on a physical *nix client (Linux guest indeed).

Did it also say that it wasn't a virtual client ?

Oh, that, my friend, I'm afraid I couldn't fulfill your wish, as I don't have any real and spare PC having Linux. All my Linux are within VM.

Hope somebody else could do this test and tell you the answer.