Detecting DOSBox from Within the Box(datagirl.xyz)
59 points by atan2 9 hours ago | 4 comments
Dwedit 3 hours ago
The other way to detect DosBox is a one line Qbasic program PRINT VAL("5").

If it's a 64-bit build made using Visual Studio, you get 4.99999999999. Visual Studio doesn't support legacy 80-bit floating point math for that target. Visual Studio also does not support inline assembly to let you make use of the legacy 80-bit floating point instructions.

But if you set the CPU core to "Dynamic", then you get the proper value of "5". Or if you use the MingW builds, those also support 80-bit floating point math and give the correct value of "5".

It is quite embarrassing to ship a CPU emulator with broken floating point math as the default.

tombert 6 hours ago
It never really occurred to me that you'd want to be able to detect if something is running in DOSBox, since I figured that the point was to be as compatible as possible with MS-DOS.

I guess it makes sense to try it anyway. Now I'm wondering how I'd be able to detect something like Concurrent DOS or REAL/32 or REAL/NG.

AshamedCaptain 5 hours ago
For me the opposite. I would have never though that there would be a point to trying to "detect" DOSBox since it would be trivial to do so. After all, DOSBox is not really designed to run MS-DOS, but its own DOS-like thing, and there must be a million small details that you can use to distinguish it from MS-DOS, if you really wanted to. I mean, the default filesystem is not even FAT...

_Even_ if you run the MS-DOS kernel in DOSBox, the builtin DOS literally leaks through in many places (e.g. many API services still available instead of crashing), with only some of the more recent forks even trying to hide it.

anthk 4 hours ago
DOSBox-X might fake it well enough.
bombcar 3 hours ago
I encountered this and hadn’t realized that DOSBox’s main goal was to play games - and that lots of “non game things” didn’t work. But DOSbox-X covered some; I ended up running DOS 5 in VMware.
rwmj 6 hours ago
Testing if you're running under virtualization or emulation is a whole thing. We wrote virt-what to do this for virt and containers. It could do emulators as well if someone was motivated enough. It's basically a giant shell script. https://people.redhat.com/~rjones/virt-what/

There's also an adversarial aspect to this. Some emulators try to avoid detection and a lot of software tries to detect if it's running under virt for various reasons, eg. to stop cheating in games or stop reverse-engineering. (virt-what is deliberately not adversarial, it's very easy to "trick" it if you wanted to do that)

tombert 5 hours ago
Makes sense; when I was doing WGU they explicitly forbid virtual machines, which makes enough sense since if you're in a VM they can't see your full screen. It wouldn't surprise me if nowadays they have some sort of software detector to see if you're in a VM.
eek2121 4 hours ago
There are detectors for VMs, and modifications to allow VMs to evade those detectors. It's an arms race.

Example: There is (was? I don't actively follow the community) a patch set for a particular piece of VM software that made it undetectable to anti-cheat in games.

While I don't use said software (I have a casual interest in it only...would be nice to get more games working on Linux), I have to disclose that I'm against anti-cheat mechanisms. I'm a software engineer, and I've worked on a few smaller games, and know the overall structure of bigger ones, and I don't think I've ever seen a game use good practices in multiplayer. Instead, they usually rely on client side code and lean on anti-cheat software to stop cheaters.

ErroneousBosh 5 hours ago
> when I was doing WGU they explicitly forbid virtual machines,

What's WGU in this context?

> which makes enough sense since if you're in a VM they can't see your full screen

Presumably they can't also see the screen of another device...

tombert 5 hours ago
Sorry, Western Governors University. It's an online school.

When taking a test they have a proctor that's watching you on a webcam, and they make you pan the webcam around the room to ensure that there's no obvious way to cheat, and they make you share your screen to ensure you only have a browser running.

ButlerianJihad 4 hours ago
When I took final exams or industry certifications, I reported in-person to the Testing Center at community college. The center is custom built for secure proctoring exams. You check in with ID, you stash your watch, phone and wallet in a locker, and you use a secure computer in a monitored quiet room.

It’s perfect for all parties, and doesn’t intrude on your personal living space or devices.

ErroneousBosh 4 hours ago
> and they make you pan the webcam around the room to ensure that there's no obvious way to cheat, and they make you share your screen to ensure you only have a browser running.

Well that level of intrusiveness would just make me come up with something overly complicated just so I could prove that I could cheat if I wanted.

tombert 2 hours ago
I think it's more about just trying to keep honest people honest. I could think of a dozen or so ways that I could have cheated, some more convoluted than others, but it's enough effort to where I don't seriously consider it, and I did all my exams legitimately.

That's why they make you share your screen; obviously there's plenty of ways to fool that but the goal is to make it so that cheating requires enough effort to where it's probably less effort just to study and do it right.

bombcar 3 hours ago
The proctors are bored college students or similar - you don’t have to do much to defeat it.

They just want to make it difficult enough to catch most.

bananaboy 1 hour ago
Neat! I’ve detected it with a simple (less reliable) way in the past for a demo (I forget why I needed to do that). It didn’t occur to me to inspect something like a built in command!
4 hours ago