# === Copyright (C) 20XX "PS.VMDetector" by zetod1ce [github.com/ztd38f] === # <# [!] ДИСКЛЕЙМЕР [!] Автор полностью отказывается от какой-либо ответственности за использование данного скрипта. Скрипт предоставляется "КАК ЕСТЬ", может быть изменён или дополнен в любое время без уведомления. Использование допускается только для личного обучения в строго контролируемой среде под надзором профессионалов. Всё использование осуществляется исключительно на ваш страх и риск. [!] DISCLAIMER [!] The author fully disclaims any responsibility for the use of this script. The script is provided "AS IS" and may be changed or updated at any time without notice. Use is permitted only for personal educational purposes in a strictly controlled environment under professional supervision. All use is entirely at your own risk. #> function PS.VMDetector { # Check processes function Check-ProcessPresence([string[]]$processes){foreach($proc in $processes){if (gps $proc -ea 0){return $true}}$false} # Check services function Check-ServicePresence([string[]]$services){foreach($svc in $services){if (gsv $svc -ea 0){return $true}}$false} # Check registry keys function Check-RegistryKeyPresence([string[]]$keys){foreach($key in $keys){if (Test-Path "Registry::$key"){return $true}}$false} # Check if registry value matches pattern function Check-RegistryValuePattern([string]$key,[string]$value,[string]$pattern){try {(gp "Registry::$key" $value -ea 1).$value -match $pattern} catch{$false}} # Get registry value as string function Get-RegistryValueText([string]$key,[string]$value){try {(gp "Registry::$key" $value -ea 1).$value} catch{$null}} # Detect Parallels function Detect-Parallels { $biosVersion = Get-RegistryValueText "HKLM\HARDWARE\DESCRIPTION\System" "SystemBiosVersion" $videoBiosVersion = Get-RegistryValueText "HKLM\HARDWARE\DESCRIPTION\System" "VideoBiosVersion" if ($biosVersion -match "parallels" -or $videoBiosVersion -match "parallels"){return $true} $false } # Detect Hyper-V function Detect-HyperV { if (Get-RegistryValueText "HKLM\SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters" "PhysicalHostNameFullyQualified"){return $true} $microsoftKeys = gci "Registry::HKLM\SOFTWARE\Microsoft" -name if ($microsoftKeys -contains "Hyper-V" -or $microsoftKeys -contains "VirtualMachine"){return $true} $biosVersion = Get-RegistryValueText "HKLM\HARDWARE\DESCRIPTION\System" "SystemBiosVersion" if ($biosVersion -match "virtual" -or $biosVersion -eq "Hyper-V"){return $true} if (Check-RegistryKeyPresence $keys){return $true} if (Check-ServicePresence @("vmicexchange")){return $true} $false } # Detect VMware function Detect-VMware { $vmwareServices = @("vmdebug","vmmouse","VMTools","VMMEMCTL","tpautoconnsvc","tpvcgateway","vmware","wmci","vmx86") if (Check-ServicePresence $vmwareServices){return $true} $systemMaker = Get-RegistryValueText "HKLM\HARDWARE\DESCRIPTION\System\BIOS" "SystemManufacturer" if ($systemMaker -match "vmware"){return $true} $scsiPort = Get-RegistryValueText "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0" "Identifier" if ($scsiPort -match "vmware"){return $true} if (Check-RegistryValuePattern "HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000" "DriverDesc" "cl_vmx_svga|VMWare"){return $true} $vmwareProcesses = @("vmtoolsd","vmwareservice","vmwaretray","vmwareuser") if (Check-ProcessPresence $vmwareProcesses){return $true} $false } # Detect VirtualBox function Detect-VirtualBox { $vboxProcesses = @("vboxservice","vboxtray") $vboxServices = @("VBoxMouse","VBoxGuest","VBoxService","VBoxSF","VBoxVideo") if (Check-ServicePresence $vboxServices -or Check-ProcessPresence $vboxProcesses){return $true} $vboxKeys = @("HKLM\HARDWARE\ACPI\DSDT\VBOX__") if (Check-RegistryKeyPresence $vboxKeys){return $true} for ($i=0; $i-le2; $i++){if (Check-RegistryValuePattern "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port $i\Scsi Bus 0\Target Id 0\Logical Unit Id 0" "Identifier" "vbox"){return $true}} $biosVersion = Get-RegistryValueText "HKLM\HARDWARE\DESCRIPTION\System" "SystemBiosVersion" $videoBiosVersion = Get-RegistryValueText "HKLM\HARDWARE\DESCRIPTION\System" "VideoBiosVersion" if ($biosVersion -match "vbox" -or $videoBiosVersion -match "virtualbox"){return $true} $systemProductName = Get-RegistryValueText "HKLM\HARDWARE\DESCRIPTION\System\BIOS" "SystemProductName" if ($systemProductName -match "virtualbox"){return $true} $false } # Detect Xen function Detect-Xen { $xenProcesses = @("xenservice") $xenServices = @("xenevtchn","xennet","xennet6","xensvc","xenvdb") if (Check-ProcessPresence $xenProcesses -or Check-ServicePresence $xenServices){return $true} $xenKeys = @("HKLM\HARDWARE\ACPI\DSDT\Xen") if (Check-RegistryKeyPresence $xenKeys){return $true} $systemProductName = Get-RegistryValueText "HKLM\HARDWARE\DESCRIPTION\System\BIOS" "SystemProductName" if ($systemProductName -match "xen"){return $true} $false } # Detect QEMU/Bochs function Detect-QEMU { $biosVersion = Get-RegistryValueText "HKLM\HARDWARE\DESCRIPTION\System" "SystemBiosVersion" $videoBiosVersion = Get-RegistryValueText "HKLM\HARDWARE\DESCRIPTION\System" "VideoBiosVersion" if ($biosVersion -match "qemu" -or $videoBiosVersion -match "qemu"){return $true} $scsiPort = Get-RegistryValueText "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0" "Identifier" $systemMaker = Get-RegistryValueText "HKLM\HARDWARE\DESCRIPTION\System\BIOS" "SystemManufacturer" if ($scsiPort -match "qemu|virtio" -or $systemMaker -match "qemu"){return $true} if (Check-RegistryValuePattern "HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0" "ProcessorNameString" "qemu"){return $true} $qemuKeys = @("HKLM\HARDWARE\ACPI\DSDT\BOCHS_") if (Check-RegistryKeyPresence $qemuKeys){return $true} $false } # Exit if VM detected if (Detect-Parallels -or Detect-HyperV -or Detect-VMware -or Detect-VirtualBox -or Detect-Xen -or Detect-QEMU){exit} else {return $false} }; PS.VMDetector