How could these be faked? Do you mean that they could give false positives or someone would actually intentionally change them (:smileydevil:)? I can keep looking for something that might exist in VMs only but VMWare did such a good job in the registry my head is starting to hurt.

Oh I've been meaning to ask...is that motherboard you suggested to look for actually all virtual or has this motherboard actually existed as a real one that has been released into production? I just want to know if this actual model was created for VMWare only so that the motherboards can be standardized or if they are after a real MOBO.

Well, they emulate a standard Intel 440BX chipset.

Realize that the guest OS has no idea it is not running on a physical computer... so there is not going to be any file or registry entry which spells that out.

Man these communities are addictive. You guys are fast with these answers. I am learning alot. No one tell my boss I am trying to learn VMWare on company time. Thanks to RD about that. Good thing to know that it is modeled after a real motherboard after all. Got one more key if it makes sense.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards

There should be a subkey and within that a value called Description. It should say something that has VMWare in it. Does that make more sense guys?

Only if you use the default network card AND have the VMware Tools installed. Otherwise, either an AMD PCNet Lance card or an Intel E1000 card is emulated.

Here is a picture

Interesting is that this board can use Intel and AMD of many various versions.

It also accepts 4MB RAM sticks in combination with 1024 MB sticks !

This board in a VM definetely must have some features that do not appear in real metal ?

Maybe if we check ..

If Nic is e1000 or vmxnet or AMD pcnet32

AND board is 440bx

AND soundcard is soundblaster compatible or not present

AND Video-card is VMware SVGA 2 or Standard VGA

AND firewire ports are not present

then very likely we have a VM ?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}

___________________________________

description of vmx-parameters:

VMware-liveCD:

If

Chipset is 440BX

and the CPU is not a Pentium-II / III or the equivalent Celeron

and (just to make sure) the MAC address is in the VMware range

then we have a VM

Is Pentium-II / III or the equivalent Celeron the only real metal CPUs that ever worked with that board ?

___________________________________

description of vmx-parameters:

VMware-liveCD:

Yes

As olilver says,

a mixture of BX mother board and a AMD chip definate VM - the 44-BX was an intel based MB

a mixture of BX motherborad and a XEON definate VM, the BX440 only supported P-III and Celerons

I would ignore MAC address checks and it is rumoured VMware will be allowing none VMware MAC addresses to be used in the VMX file.

another benefit of this check is that it should would be able to identify none windows guests if the correct tools are in the other guests.

Tom Howarth

VMware Communities User Moderator

Motherboard (subkeys) as noted by continuum:

HKLM\HARDWARE\ACPI\FADT\

CPU:

HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Value called ProcessorNameString

What do you think guys?

Does anyone know the strings for pentium 2/3 Celeron ?

I could make a autoit-script then

___________________________________

description of vmx-parameters:

VMware-liveCD:

With checking all those registry string be aware that you might mislabel any machine that is V2P-ed as it probably still has all drivers installed (just not active)

--

Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva