How to tell if you're in a virtual machine?

Question

Trying to figure out how to identify if an application/process is running inside a virtual machine under Windows and Ubuntu. This is for software licensing, so someone cannot license one copy of our enterprise software in a VM and then run infinite copies inside VMs.I am focusing on Windows first, as that is expected to be more complicated. The application is a C++ GUI application, with a typical GUI and such.Since we work in C++, I spent some time looking at the Windows Management Instrumentation (WMI) COM interfaces, but suspect that method can be fooled quite easily. And that method only identifies using the built-in Windows virtualization, and not other virtualization methods as used by VMWare or VirtualBox.I've also seen statements that a timing test is the only reliable method, but with processor speed increases, is that method unstable as well?

LinuxBender · Accepted Answer

One starting point would be stackexchange [1] [2][1] - https://unix.stackexchange.com/questions/89714/easy-way-to-d...[2] - https://reverseengineering.stackexchange.com/questions/1686/...

bsenftner · Answer

Some of that I've learned so far, it look like starting with Windows 10, version 1607 and Windows Server 2016 the VM Security features of Windows are automatically enabled when the Hyper-V hypervisor is enabled, and when that is enabled other VM systems are unable to run due to security logic in Win10. Further, the Hyper-V hypervisor is running inside a VM, so testing for the Hyper-V hypervisor being enabled and active is looking like what MS is trying to push this situation into being a single, simple setting check for being in a VM or not. More research to follow, which I'll report back here.

zzo38computer · Answer

I have thought of this kind of things, but for a different reason, which is hardware and software design to prevent the detection of VM and sandboxing (and stealth debugging) (if these options are enabled and configured by the end user). This also has the advantage to ensure that if something changes in a newer version which the software does not expect, it can be configured to emulate the older version perfectly, too.

Piskvorrr · Answer

Mind you, "running in a VM" might not be a sign of piracy: apps exist that aren't supported any more (even vendor doesn't exist any more!) and wouldn't run on Vista or newer; or the client doesn't wish to have actual Windows boxes on the network.Be very, very sure you are not impinging such legitimate use; people get angry when their paid-for software decides they're unworthy.

fsajkdnjk · Answer

i think that if you get the hardware info you will be able to find out some virtual pieces listed in there.