Often times you may run across some nasty software that will refuse to run inside a virtual environment. Usually malware is the biggest culprit here, but some legitimate programs may also refuse to install if a virtual machine environment is detected. Fortunately VMware has created a work around to prevent software from detecting a virtual machine.
Unless you are experimenting with malware, before you even think of thwarting detection of a virtual machine make sure that the software you are trying to fool does not have a prevent you by doing so via it's license agreement. Sometimes coupon printing software will explicitly prevent installation in a virtual environment for obvious reasons.
Requirements
- VMware Workstation (tested with 7.1.4)
- Microsoft Windows (tested with XP Professional SP3)
- This HelpFile assumes you are experienced with using VMware Workstation
Install a Fresh Copy of Windows XP
This work around works best if you create a brand new virtual machine. We are also going to create our new virtual machine with VMware's work around right from the beginning.
First, start up VMWare, get your Windows CD (or ISO image), then create a custom virtual machine. DO NOT use easy install when prompted, instead select the manual method.
Save your new virtual machine, but don't boot it just yet. Close VMware and open up the Virtual Machine's VMX configuration file and add in the following to the end.
isolation.tools.getPtrLocation.disable = "TRUE"
isolation.tools.setPtrLocation.disable = "TRUE"
isolation.tools.setVersion.disable = "TRUE"
isolation.tools.getVersion.disable = "TRUE"
monitor_control.disable_directexec = "TRUE"
monitor_control.disable_chksimd = "TRUE"
monitor_control.disable_ntreloc = "TRUE"
monitor_control.disable_selfmod = "TRUE"
monitor_control.disable_reloc = "TRUE"
monitor_control.disable_btinout = "TRUE"
monitor_control.disable_btmemspace = "TRUE"
monitor_control.disable_btpriv = "TRUE"
monitor_control.disable_btseg = "TRUE"
Save and close the file, then reopen your virtual machine and boot from the Windows CD or ISO image. Go through the installation using whatever preferences you want.
When Windows is done installing, go ahead and sign into your brand new virtual desktop. However, don't install VMWare tools just yet. Even if you tried to install them, they will not install. This isn't going to look like a virtual machine due to the options we added to the VMX configuration file.
Take it One Step Further
The options we added to the VMX configuration file are to prevent programs from detecting a virtual environment using several complex techniques with address space, program counters, and memory. It's all pretty technical but it does the job, and most software will probably be fooled at this point. However there is one technique which is rather simple yet clever that the above won't prevent.
One piece of software was looking at the names of the disk controllers and searching for anything that resembles a virtual disk controller. The program was only performing this check during install. It's safe to say that any program using a check this simple will probably do it only once during initial installation. However, never underestimate the evil of a human being.
To get around this pesky little road block, open regedit and navigate to HKLM\SYSTEM\CurrentControlSet\Services\Disk\Enum
Locate the value that shows the Virtual Disk Controller Name and double click on it to open. Copy and paste the full name somewhere (like notepad on the guest OS). Then edit the the value to remove the words Vmware and Virtual. Save and run the program's setup.
The setup should now continue as if it where executing on a physical computer. When it's complete, go ahead and restore the registry value back to it's original name (otherwise Windows won't boot properly).
Test and see if your program still runs, if it does then you are done. If the program does not run then it's probably too smart for this trick. If that is the case, then you'll have to permanently rename the hardware. Such a task is currently beyond the scope of this HelpFile.
Install VMware Tools
At this point if your evil little software program is working properly inside a virtual machine, then it's probably safe to remove the anti-virtual machine options from the VMX configuration file.
Shut down your virtual machine, close VMware and remove the options from the VMX file. Then restart your virtual machine and install VMware tools.
Finally, test your program one last time, if it runs then you've successfully thwarted detection of a virtual environment. If it does not run, then you'll probably need to remove VMware tools and re-enable those anti-virtual machine options permanently.