• 12

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

The virt-what script will identify many different types of hypervisors and container technologies. It's pre-packaged for most major Linux distributions (e.g. apt-get install virt-what or yum install virt-what) and its output is suitable for use in shell scripts. It correctly performs its detection from inside the virtual guest.

Current types of virtualization detected:

  • hyperv Microsoft Hyper-V
  • kvm Linux Kernel Virtual Machine (KVM)
  • lxc Linux Containers
  • openvz OpenVZ or Virtuozzo
  • powervm_lx86 IBM PowerVM Lx86 Linux/x86 emulator
  • qemu QEMU (unaccelerated)
  • uml User-Mode Linux (UML)
  • virtage Hitachi Virtualization Manager (HVM) Virtage LPAR
  • virtualbox VirtualBox
  • virtualpc Microsoft VirtualPC
  • vmware VMware
  • xen Xen
  • xen-dom0 Xen dom0 (privileged domain)
  • xen-domU Xen domU (paravirtualized guest domain)
  • xen-hvm Xen guest fully virtualized (HVM)

The Puppet tool facter uses virt-what internally to determine the type of virtualization in use, so if you are using Puppet, you already have this installed.

  • 7
Reply Report
      • 2
    • This is a wonderful solution... that doesn't work on anything that isn't Linux (or doesn't have a linux-like /proc). All the world is not a Linux box...
    • @voretaq7 It only uses /proc to detect Linux containers and UML; it uses dmidecode and calling Intel's CPUID instruction from assembly for everything else. It should be portable to BSD with minimal modification.

On Linux, it is possible to look for tell-tale signs of virtualisation depending on the type of hypervisor used. You can typically start by looking in /proc/cpuinfo for the CPU type. Some hypervisors report fake CPU types such as "QEMU Virtual CPU". If it is running VZ, you can find /proc/user_beancounters that report resource usage. With Xen, you will find a /proc/xen directory.

So, it is possible to guess if you are running under some sort of virtualisation.

  • 6
Reply Report
      • 2
    • @siran - it's possible to lie but like I said, that's just a place to start, and it is a process of elimination. @lg - you can check /proc/vmware to know that it is running vmware.

If you can run perl scripts (depending on your OS), there's one called imvirt which can detect quite a few based on various system info (/proc/cpuinfo, dmidecode, etc.) - it sounds like you're on ubuntu, so there are packages for Jaunty, Karmic and Lucid, or you can grab it from Sourceforge.

  • 3
Reply Report

There are things that were looked at by the antivirus companies for detecting blue pill virus variants.

Basically it's extremely hard for a VM to match the real time clock with the CPU counters. If you have access to install a driver, you should be able to put the system into no interrupts and watch the counters. If you have a virtualised system then your clock will drift in chunks when the VM is switched out by the hypervisor (which is supposedly impossible based on the interrupt bit).

  • 1
Reply Report
    • As I said, write a driver, disable interrupts in your driver, then create a real time loop that is watching the RTC on the system. If it ever drifts by more than the real time cycles that you should have allocated then you are in a VM. Note that you couldn't wait too long in your driver otherwise you'll probably break some hardware that has to process interrupts to work.

Trending Tags