
Ask HN: How to tell if you're in a virtual machine? - bsenftner
Trying to figure out how to identify if an application&#x2F;process is running inside a virtual machine under Windows and Ubuntu. This is for software licensing, so someone cannot license one copy of our enterprise software in a VM and then run infinite copies inside VMs.<p>I am focusing on Windows first, as that is expected to be more complicated. The application is a C++ GUI application, with a typical GUI and such.<p>Since we work in C++, I spent some time looking at the Windows Management Instrumentation (WMI) COM interfaces, but suspect that method can be fooled quite easily. And that method only identifies using the built-in Windows virtualization, and not other virtualization methods as used by VMWare or VirtualBox.<p>I&#x27;ve also seen statements that a timing test is the only reliable method, but with processor speed increases, is that method unstable as well?
======
LinuxBender
One starting point would be stackexchange [1] [2]

[1] - [https://unix.stackexchange.com/questions/89714/easy-way-
to-d...](https://unix.stackexchange.com/questions/89714/easy-way-to-determine-
virtualization-technology)

[2] -
[https://reverseengineering.stackexchange.com/questions/1686/...](https://reverseengineering.stackexchange.com/questions/1686/how-
to-detect-a-virtualized-environment)

~~~
bsenftner
Thanks for these great resources my earlier searching of StackOverflow did not
reveal.

------
bsenftner
Some of that I've learned so far, it look like starting with Windows 10,
version 1607 and Windows Server 2016 the VM Security features of Windows are
automatically enabled when the Hyper-V hypervisor is enabled, and when that is
enabled other VM systems are unable to run due to security logic in Win10.
Further, the Hyper-V hypervisor is running inside a VM, so testing for the
Hyper-V hypervisor being enabled and active is looking like what MS is trying
to push this situation into being a single, simple setting check for being in
a VM or not. More research to follow, which I'll report back here.

------
zzo38computer
I have thought of this kind of things, but for a different reason, which is
hardware and software design to prevent the detection of VM and sandboxing
(and stealth debugging) (if these options are enabled and configured by the
end user). This also has the advantage to ensure that if something changes in
a newer version which the software does not expect, it can be configured to
emulate the older version perfectly, too.

------
Piskvorrr
Mind you, "running in a VM" might not be a sign of piracy: apps exist that
aren't supported any more (even vendor doesn't exist any more!) and wouldn't
run on Vista or newer; or the client doesn't wish to have actual Windows boxes
on the network.

Be very, very sure you are not impinging such legitimate use; people get angry
when their paid-for software decides they're unworthy.

~~~
bsenftner
We don't mind our software running in a VM. What we mind is multiple copies of
the same license on different VMs. When a client purchases a license, the
terms include the option of VM deployments, which trigger additional auditing
rights. So if a client has an air-gapped no-VM license, we want to block that
license from running on a VM.

~~~
Piskvorrr
Ah, okay. That makes sense, thanks for the clarification.

------
fsajkdnjk
i think that if you get the hardware info you will be able to find out some
virtual pieces listed in there.

