Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
I've been messing around over the last week making a tool that will frisk a remote machine. It's been a fun project, a couple of items I got hung up on were if the machine was server core and if it was a VM.
I mean who would knowingly TS to a server if they knew it was server core? As for the VM, it's nice to know before-hand so you don’t request a debugger to be attached to a virtual server ;).
Well here are some snippets for those two things, hope it helps those trying to do similar queries...
Server Core:
Basically you just need to look at the OperatingSystemSKU value and if it E (hex) or 14 (decimal) then its server core. This and all the other SKU numbers are listed here: https://msdn2.microsoft.com/en-us/library/ms724358.aspx
System.Management.ConnectionOptions objconn = new System.Management.ConnectionOptions();
objconn.Impersonation = System.Management.ImpersonationLevel.Impersonate;
objconn.EnablePrivileges = true;
System.Management.ManagementScope exmangescope = new System.Management.ManagementScope(@"\\" + srvName + @"\root\cimv2", objconn);
System.Management.ObjectQuery objquery = new System.Management.ObjectQuery("SELECT * FROM Win32_OperatingSystem");
System.Management.ManagementObjectSearcher objsearch = new System.Management.ManagementObjectSearcher(exmangescope, objquery);
System.Management.ManagementObjectCollection queryCollection = objsearch.Get();
foreach (System.Management.ManagementObject stringer in queryCollection)
{
serverCoreval = stringer["OperatingSystemSKU"].ToString();
//Console.WriteLine(serverCoreval);
}
Virtual Machine:
If the VM is either Vista/Windows 2008 it's a simple reg query:
if (buildInt >= 6000)
{
sysInfo = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, srvName).OpenSubKey(@"SYSTEM\CurrentControlSet\Control\SystemInformation").GetValue("SystemProductName").ToString();
if (sysInfo.Contains("Virtual"))
{
vmCheck = 1;
}
}
If the VM is downlevel then it's a WMI query
else if (buildInt == 3790)
{
System.Management.ConnectionOptions objconn = new System.Management.ConnectionOptions();
objconn.Impersonation = System.Management.ImpersonationLevel.Impersonate;
objconn.EnablePrivileges = true;
System.Management.ManagementScope exmangescope = new System.Management.ManagementScope(@"\\" + srvName + @"\root\cimv2", objconn);
System.Management.ObjectQuery objquery = new System.Management.ObjectQuery("SELECT * FROM Win32_ComputerSystem");
System.Management.ManagementObjectSearcher objsearch = new System.Management.ManagementObjectSearcher(exmangescope, objquery);
System.Management.ManagementObjectCollection queryCollection1 = objsearch.Get();
foreach (System.Management.ManagementObject stringer in queryCollection1)
{
sysInfo = stringer["Model"].ToString();
//System.Console.WriteLine(sysinfo);
}
if (sysInfo.Contains("Virtual"))
{
vmCheck = 1;
}
Technorati Tags: windows 2008,Server Core,C#,Virtualization
Comments
- Anonymous
January 01, 2003
The comment has been removed - Anonymous
September 02, 2009
Thanks for the post. I was wondering : Is there a way to determine in any way if the operating system your run on (not on a server, but on a normal desktop/lapto pc) is a virtual mashine/cloned pc ? We would like to make sure people are not running our software on cloned/virtual mashines and if we can find a way to identify it we can show a messagebox and end the application. Any help will be much appreciated.