VirtualPyDetector (VPD) is a Python library designed to detect virtualized and sandboxed environments. It uses a multi-layered approach, combining several techniques to improve detection accuracy. This tool is useful for security analysis, malware research, and other applications requiring robust environment detection.
Currently, VPD focuses on detecting:
- Virtual Machines (VMs)
- Debuggers
Future development may include detection of:
- Sandboxes (Currently, limited checks are present)
- Multi-Layered Analysis: Employs various detection techniques (see below) for enhanced accuracy.
- Cross-Platform Compatibility: Supports Windows, macOS, and Linux (with varying levels of completeness). Some features may not function on all platforms.
- Simple API: Easy to integrate into existing Python projects.
Currently, the simplest way to use VirtualPyDetector is to copy VirtualPyDetector.py into your project directory. (Future versions may offer a more formal installation method via pip).
see this file in example.py for examples.
VPD uses a combination of the following techniques:
- CPU Information: Checks for known virtual machine CPU vendor strings.
- MAC Address Analysis: Examines MAC addresses for known virtual machine OUI prefixes.
- Device Driver Enumeration: Identifies known virtual machine device drivers.
- System Processes: Checks for known virtual machine processes.
- Timing Anomalies: Detects timing differences that may indicate virtualization.
- Debugger Detection: Checks for the presence of debuggers.
- Registry Analysis: Checks for known virtual machine registry keys.
- File System Analysis: Checks for known virtual machine files.
- Evasion: Advanced virtualization environments may be able to evade detection.
- False Positives: It's possible to get false positives in some cases.
- Platform Specificity: Some detection methods are platform-specific.
- Ongoing Development: This project is under active development, and detection methods may change.
Contributions are welcome! Please feel free to submit pull requests or open issues to discuss potential improvements.