locked
Detecting virtual environment from within? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

     

    I was wondering if anybody knows about foolproof way to detect that application is running inside the virtual environment from the application running inside it?

    What I'm after is for example similiar backdoor I/O port that VMware provides to virtual machines and I guess MS too with Virtual Server / Hyper-V, technique that tells in 100% accuracy that environment is virtual. I do know about that registry key called sft-managed-services but detection method using it depends on said key appearing in SFT, which e.g. pre 4.0 packages do not have.

     

    br,

    Kalle

    Monday, June 23, 2008 11:32 AM
    Moderator

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    2 ways I can think of..

    1. Enumerate the SFT_MNT environment variable and see if you have list access to the root of that drive. If true then your app/process was launched virtually; if false (or the environment variable does not exist), then your app is probably not running virtually. (not exactly fool-proof)

    2. Have your application enumerate its parent processes recursively. If one of the parent processes is sftdcc.exe then your app was launched virtually. (kinda fool-proof if you also enumerate the validity of     the imagepath of sftdcc.exe)

    I hope with App-V 4.5 there's a "cleaner" way of doing this using the API....
    Tuesday, June 24, 2008 9:03 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    2 ways I can think of..

    1. Enumerate the SFT_MNT environment variable and see if you have list access to the root of that drive. If true then your app/process was launched virtually; if false (or the environment variable does not exist), then your app is probably not running virtually. (not exactly fool-proof)

    2. Have your application enumerate its parent processes recursively. If one of the parent processes is sftdcc.exe then your app was launched virtually. (kinda fool-proof if you also enumerate the validity of     the imagepath of sftdcc.exe)

    I hope with App-V 4.5 there's a "cleaner" way of doing this using the API....
    Tuesday, June 24, 2008 9:03 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks Tanin, number 1 I also figured out after posting my original question but never really thought about the 2, which is absolutely true.

     

    As for the 4.5, I don't think there's gonna be any improvements in this particular front as only (AFAIK) programmatically enhancements in 4.5 relates to WMI interface which basically duplicates sftmime's functionality.

     

    br,

    Kalle

     

    Thursday, June 26, 2008 8:15 AM
    Moderator