Hi All,
Does anybody know of a file or registry setting I could remotely check for on a Windows server to see if it is a VM. This would need to be common across Windows NT 4.0, 2000 and 2003 some of which do not have VMtools installed.
Thanks,
Steve
Another question is - do you expect to be cheated ?
Draconis - the DeviceClass Entries can easily be faked - you could detect VMs which are physical machines in reality.
___________________________________
description of vmx-parameters:
How could these be faked? Do you mean that they could give false positives or someone would actually intentionally change them (:smileydevil:)? I can keep looking for something that might exist in VMs only but VMWare did such a good job in the registry my head is starting to hurt.
Oh I've been meaning to ask...is that motherboard you suggested to look for actually all virtual or has this motherboard actually existed as a real one that has been released into production? I just want to know if this actual model was created for VMWare only so that the motherboards can be standardized or if they are after a real MOBO.
Well, they emulate a standard Intel 440BX chipset.
Realize that the guest OS has no idea it is not running on a physical computer... so there is not going to be any file or registry entry which spells that out.
Man these communities are addictive. You guys are fast with these answers. I am learning alot. No one tell my boss I am trying to learn VMWare on company time. Thanks to RD about that. Good thing to know that it is modeled after a real motherboard after all. Got one more key if it makes sense.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
There should be a subkey and within that a value called Description. It should say something that has VMWare in it. Does that make more sense guys?
Only if you use the default network card AND have the VMware Tools installed. Otherwise, either an AMD PCNet Lance card or an Intel E1000 card is emulated.
Here is a picture
Interesting is that this board can use Intel and AMD of many various versions.
It also accepts 4MB RAM sticks in combination with 1024 MB sticks !
This board in a VM definetely must have some features that do not appear in real metal ?
Maybe if we check ..
If Nic is e1000 or vmxnet or AMD pcnet32
AND board is 440bx
AND soundcard is soundblaster compatible or not present
AND Video-card is VMware SVGA 2 or Standard VGA
AND firewire ports are not present
then very likely we have a VM ?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}
___________________________________
description of vmx-parameters:
If
Chipset is 440BX
and the CPU is not a Pentium-II / III or the equivalent Celeron
and (just to make sure) the MAC address is in the VMware range
then we have a VM
Is Pentium-II / III or the equivalent Celeron the only real metal CPUs that ever worked with that board ?
___________________________________
description of vmx-parameters:
Yes
As olilver says,
a mixture of BX mother board and a AMD chip definate VM - the 44-BX was an intel based MB
a mixture of BX motherborad and a XEON definate VM, the BX440 only supported P-III and Celerons
I would ignore MAC address checks and it is rumoured VMware will be allowing none VMware MAC addresses to be used in the VMX file.
another benefit of this check is that it should would be able to identify none windows guests if the correct tools are in the other guests.
Tom Howarth
VMware Communities User Moderator
Motherboard (subkeys) as noted by continuum:
HKLM\HARDWARE\ACPI\FADT\
CPU:
HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Value called ProcessorNameString
What do you think guys?
Does anyone know the strings for pentium 2/3 Celeron ?
I could make a autoit-script then
___________________________________
description of vmx-parameters:
With checking all those registry string be aware that you might mislabel any machine that is V2P-ed as it probably still has all drivers installed (just not active)
--
Wil