Reputation: 1522
Can a process running inside a virtual machine get information on processes running outside the virtual machine?
Lets say I am running Windows 7 with two major processes I will call V and P.
V is a virtual machine running another instance of Windows 7, while P is the process that I want information about and both are on the 'top-level' operating system.
Can a process, C, which is being run by the Windows 7 inside V, get information about processes such as P from within V? In other words, can a process being run inside a virtual machine get any information about processes being run by the operating system which is also maintaining the virtual machine process? I feel like it would rely on the ability of the virtual machine process, if it is not programmed to specifically retrieve such information then it will not be possible.
I have read another topic about the difficulty of even detecting whether a process is being run by a virtual machine or not. Some feel it is not reliable or possible. I am not sure that there is a standard way to find this out yet, I believe the post was roughly 4 or 5 years ago.
So can this be done by process C, or will there need to be more standard routines to accomplish this task?
Upvotes: 1
Views: 3710
Answers (1)
Reputation: 4012
I don't believe it's possible for an operating system running under a virtual machine manager (e.g. (VMWare et al) to directly access information relating to the host operating system because by default most virtual machine managers attempt to fully isolate the host and guest systems.
That being said most virtual machine managers have mechanisms which allow the virtual machine to share data and communicate with the host system. By using these mechanisms it is possible for the host operating system to convey information about itself to the guest.
Option 1: A shared file
With shared networking between the host and the guest it would be possible to have the host system write the information to a file in the shared location and have the guest open and parse this file using CreateFile and a UNC path e.g. \\host\sharename\file.txt
Option 2: Data transfer via a socket or named pipe
Shared networking between the host and the guest would allow you to use the Windows Sockets or Named Pipe APIs to create TCP or UDP sockets, or a named pipe through which data can be exchanged.
This approach would involve a server application running on the host application, which writes the process information you're after to the socket or pipe, where it can be read by the guest system which runs a client process.
Option 3: Remote Windows Management Instrumentation (WMI) Query
WMI provides a standard means of getting information and interacting with many aspects of the windows operating system including information about processes.
This is probably the most complex option because by default WMI does not accept queries from remote hosts (ie. your VM), so the host machine would need to be configured to allow remote WMI queries.
Once configured WMI is easily usable via the WMI command line client (wmic.exe) so you could invoke it with a query like this:
In this example:
%HOST_NAME%Is the name of the system hosting your Windows 7 VM%TARGET_PROCESS%is the process name of the process you want
information about
wmi \node:%HOST_NAME% process where name='%TargetProcess%' get executablepath
This particular query gets the executable path of %TargetProcess% but there are many more properties available as per the documentation for the Win32_Process WMI Class documentation1.
Option 4: Shared clipboard
Some virtual machine managers allow the guest system to access the host's clipboard so information can be exchanged between applications running on the guest and host.
I appreciate it's probably the least conventional option but you could conceivably use the Windows Clipboard API to write the process info to the host's clipboard, and then read the information into a process on the guest system.
1NB:Although the Win32_Process class documentation lists properties in title case (ExecutablePath) I found they only worked properly in a wmic query when written in all lower case (executablepath)
Upvotes: 1
Related Questions
- Detect execution within Virtual-Machine, in Linux?
- How can a process try to access other process's memory in Linux virtual memory system
- How to get process list of running Linux VM using volatility?
- Difference between virtual machine process and host os process?
- Is it possible to transfer a process from a native machine to a virtual machine?
- Access (read/write) to virtual memory process from another application
- DCL information between process and subprocess
- How to monitor a process running in Linux virtual machine from host windows machine?
- Is there a way to get a list of processes running on a local virtual machine?
- debugging code run in a virtual machine using the host