Share via

Detecting Microsoft virtual machines

From time to time it is handy to be able to detect that you are running inside of a virtual machine (for instance - you may have maintenance scripts that you want to run on all of your computers - but have them behave differently inside of your virtual machines). The easiest way to detect that you are inside of a virtual machine is by using 'hardware fingerprinting' - where you look for hardware that is always present inside of a given virtual machine. In the case of Microsoft virtual machines - a clear indicator is if the motherboard is made by Microsoft:

Dim Manufacturer

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\" & strComputer & "rootcimv2")

Set colItems = objWMIService.ExecQuery("Select * from Win32_BaseBoard")

For Each objItem in colItems
Manufacturer = objItem.Manufacturer

if Manufacturer = "Microsoft Corporation" then
wscript.echo "In Microsoft virtual machine"
wscript.echo "Not in Microsoft virtual machine"
end if

The above script uses WMI to find out the motherboard manufacturer information. If the motherboard is made by "Microsoft Corporation" then you are inside of one of our virtual machines. Now to preemptively answer some questions that I can see people having about this:

  1. But I have seen some cool generic scripts to detect virtual machines - why don't you use that?

    Yes - there are various methods out there. They usually rely on detecting common shortcuts taken by today's virtualization offerings. But just because these shortcuts are common doesn't mean that they are necessary - nor does it mean that they will always be reliable for detecting the presence of a virtual machine. Hardware finger-printing is the most reliable - but it is a vendor specific solution.

  2. But if people can easily detect that they are inside of a virtual machine - won't they be able to do special evil things?

    I seriously hope not. One of the key tenets of virtual machine design is to ensure that the virtual machine is completely isolated from other virtual machines and from the host operating system. This means that there should be nothing that can be done inside of a virtual machine to adversely affect the host or other virtual machines.

Anyway - enjoy the script :-)