How to detect if my application is running in a virtual machine?

Question

How can I detect (.NET or Win32) if my application is running in a virtual machine?

Answer 1

this C++ code will detect Vmware Products such as express,esx,fusion or workstation

// VMWareDetector.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include "windows.h"
#include <conio.h>
void CheckVM(void); 
int main()
{
    CheckVM(); 
    _getch(); 
    return 0;
}

void CheckVM(void)
{
    unsigned int    a, b;

    __try {
        __asm {

            // save register values on the stack
            push eax
            push ebx
            push ecx
            push edx

            // perform fingerprint
            mov eax, 'VMXh' // VMware magic value (0x564D5868)
            mov ecx, 0Ah // special version cmd (0x0a)
            mov dx, 'VX' // special VMware I/O port (0x5658)

            in eax, dx // special I/O cmd

            mov a, ebx // data 
            mov b, ecx // data (eax gets also modified
                       // but will not be evaluated)

                       // restore register values from the stack
                       pop edx
                       pop ecx
                       pop ebx
                       pop eax
        }
    }
    __except (EXCEPTION_EXECUTE_HANDLER) {}
    printf("\n[+] Debug : [ a=%x ; b=%d ]\n\n", a, b);
    if (a == 'VMXh') { // is the value equal to the VMware magic value?
        printf("Result  : VMware detected\nVersion : ");
        if (b == 1)
            printf("Express\n\n");
        else if (b == 2)
            printf("ESX\n\n");
        else if (b == 3)
            printf("GSX\n\n");
        else if (b == 4)
            printf("Workstation\n\n");
        else
            printf("unknown version\n\n");
    }
    else
        printf("Result  : Not Detected\n\n");
}

Answer 2

Remember you should not just check popular VM model,manufacturer name from wmi, You should also check difference between reality and virtualization.
VM don't have much features.
1) check-if-cpu-temperature-information-is-available

wmic /namespace:\\root\WMI path MSAcpi_ThermalZoneTemperature get CurrentTemperature
//On Real PC
//CurrentTemperature
//3147

//On VM
//Node - Admin
//Error:
//Description not supported

Tested on vmware,virtualbox,windows server,app.any.run sandbox.

2) Win32_PortConnector

Get-WmiObject Win32_PortConnector
//On Vm it is null

//On real pc it looks something like that
Tag                         : Port Connector 0
ConnectorType               : {23, 3}
SerialNumber                :
ExternalReferenceDesignator :
PortType                    : 2

Answer 3

This C function will detect VM Guest OS: (Tested on Windows, compiled with Visual Studio)

#include <intrin.h>

    bool isGuestOSVM()
    {
        unsigned int cpuInfo[4];
        __cpuid((int*)cpuInfo,1);
        return ((cpuInfo[2] >> 31) & 1) == 1;
    }

Answer 4

The easiest way I found to figure out whether my C# app is running on a vmware VM or not is to check the MAC address of the NIC card(s). If it's a VMware VM it would always be: 00:50:56:XX:YY:ZZ

You may enumerate through the NICs as resolved here.