Interested in how to detect the presence of VMware / VirtualServer I came across this bit of code to detect whether an application is being run in virtual environment.

int swallow_redpill (){
unsigned char m[2+4], rpill[] = "\x0f\x01\x0d\x00\x00\x00\x00\xc3";
*((unsigned*)&rpill[3]) = (unsigned)m;
((void(*)())&rpill)();
return (m[5]>0xd0) ? 1 : 0;
}
This works by abusing the SIDT instruction which stores the contents of the Interrupt Descriptor Table Register (IDTR) . It can be executed in ring3 revealing a sensitive register used by the OS. Because there can only be one IDTR the VM software needs to relocate the guest VM IDTR to a new point, which is software predictable.

Kudos to Invisible Things for an interesting read. There are some expansions on this code over at TrapKit for anyone who’s interested.

If you havn’t already heard, Windows 2008 hit RTM today. You can read a brief story and see pictures of the room where it all happens (Room 26 – “the shipping room”) on the teams technet blog. The Hyper-V version isn’t out yet, but no doubt will be in the next few months.

If you’re thinking about upgrading sometime in the near future you’ll probably want to take a look at this page. Ohh, and Vista SP1 also hit RTM today.

Product Key Finder 1.1 has now been released. New features in this version are:

• Silent Mode (/q)
• Data Mode (/d)
• Vectors used for data storage

Thanks to some recent submissions from Dan Rowe support for a few more applications has also been added. For more information on this release see the Product Key Finder page.

This application will not generate license keys, it will recover them from your system. It will not help you pirate software.