To detect if your program is running inside a VMware virtual machine, all you need is four assembly instructions to communicate with it's backdoor I/O port:
mov eax, 564D5868h
mov ecx, 0Ah
mov edx, 5658h
in eax, dx
A description of this port, specific to VMware virtual machines, can be found at VM Back. Take into account that if you try to do this on a non-VMware system, a global protection fault will occur.
I wrote examples for Windows in MASM32 (vmware-asm.zip) and C (vmware-c.zip), as a starting point for future experiments.
Comments