/winedetector

Detect if user uses wine using various methods

Primary LanguageC++MIT LicenseMIT

WineDetector

Detect if user uses wine using various methods

linux wine output:
image

linux portproton output:
image

windows output (thanks Belka):
image
todo: windows v0.3.0 screenshot

Methods

Drives test

If you open wine file manager you can find drive with letter Z: which have your linux fs on it This checker checks if user have drive Z with folder bin on it

Registry test

Wine has many register keys so it's easy to detect it

Services test

You can notice that wine creates services with name WinedeviceX
image

Process test

Sometimes winedevice.exe can be found on wine (for me it works only in portproton)

Files test

C:\windows\syswow64\wineboot.exe - it's all what you need to know

DLL Exports Test

Thanks to shavitush for this information about this

Some system dlls have suspicious exports:

Legacy Api Test

https://www.hexacorn.com/blog/2016/03/27/detecting-wine-via-internal-and-legacy-apis/