-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Below is an Unix program that will tell you if it is running in a
VMWare virtual machine. If you're interested in a Windows or DOS
version, visit <http://chitchat.tripod.co.jp/vmware/>.
/*
* 4tphi-vmchk.c
* Detects if you are in a VMWare virtual machine.
*
* Written by Andrew Hintz <http://guh.nu>
* and AAron Walters
* Fortify Research Laboratories <http://4tphi.net>
*
* "Oft at the hives of his tame bees
* They would their sugary thirst appease."
*
* This program is based on info and code from:
* http://chitchat.tripod.co.jp/vmware/
* by chitchat_at_lycos.jp
*
* Notes:
* The program can be run as a normal user.
* We tested the program only in x86 Linux.
* The m4dn3ss lives on!
*/
#include <stdio.h>
#include <sys/signal.h>
#if __INTSIZE == 2 /* 16 bit environment */
typedef unsigned int uint16;
typedef unsigned long uint32;
#else /* 32 bit environment */
typedef unsigned short uint16;
typedef unsigned int uint32;
#endif /* __INTSIZE */
void segfault(){
printf("Not running inside VMware.\n");
exit(1);
}
int main(){
uint32 verMajor, verMinor, magic, dout;
signal(SIGSEGV, segfault);
__asm__ __volatile__ ("
mov $0x564D5868, %%eax; /* magic number */
mov $0x3c6cf712, %%ebx; /* random number */
mov $0x0000000A, %%ecx; /* specifies command */
mov $0x5658, %%edx; /* VMware I/O port */
in %%dx, %%eax;
mov %%eax, %0;
mov %%ebx, %1;
mov %%ecx, %2;
mov %%edx, %3;
"
: "=r"(verMajor), "=r"(magic), "=r"(verMinor), "=r"(dout)
);
if (magic == 0x564D5868) {
printf("Running inside VMware. ");
printf("(Version %lu,%lu)\n", verMajor, verMinor);
/* I'm not really sure what the versions mean. */
}
return 0;
}/* end main */
/* end of file */
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBPcq9dpAUypktoF54EQLpHwCePzWr5/TpUnZiwhvf1ctYD3uJv1AAoOl9
YmH+cbL9CDrjR5eL4gjJ2u5w
=nbMf
-----END PGP SIGNATURE-----
Received on Nov 08 2002
Intro
