# [Wine] Re: How can I detect WINE from my program?

andreaplanet wineforum-user at winehq.org
Wed Jun 3 00:49:43 CDT 2009

oiaohm wrote:
> Again presuming far too much andreaplanet if wine is sandbox by system security the Z:\ does not tell you go every where so any detection that path will fail.

Also with a fully active Firewall & Antivirus (where every executable must be authorized manually by the end-user) a Windows system is mostly secure against attacks. But this is not the common case, that's why viruses and trojans are still doing damages on Windows.

The default installation of Wine has Z:\ active, so the majorty of Wine installations has vulnerabilities from someone who targets a Wine-Linux system. And simple relocation doesn't help since I can use winepath to get the current path. I even don't need the access to the full / path but my default home directory is enough, since I'm a "bad guy" my code contains also a copy of the native /bin/ln executable located in C:, so I only have to run

C:\ln -s / /home/currentuser/.wine/dosdevices/v:

After I did some damage (on v: which point to /) I can safely remove that symlink again. But maybe this is even not necessary since a symlink created in such a way is not visible in the WineConfiguration program. And you get the current user path through the environment or through winepath.

But.. why all this hassle? Since I am attacking a linux system I only need to have my malicious code compiled as a native Linux binary. No need to have any symlink at all.
So another good way to know if I'm running on Wine/Linux is to run my own compiled linux executable, if it runs then I'm on linux. I just discovered yesterday that it is possible to run native linux executables within wine.

oiaohm wrote:
> The complete idea that you have to add something to detect wine is wrong.

Many small issues in Wine will never be fixed because
- it's not worth (or)
- there are too few developers to fix everything (or)
- the wine community does not want to fix something by design (or)
- some issues are just impossible to fix due to technical reasons

In such cases a workaround is the only solution (also just a messagebox saying that a specific feature is not available), and such workaround require to know if I'm running under Wine or not.
And since there exists already many ways to know if I'm running on Wine. Why not offer a official standard way that will work reliable for the good guys? Bad guys will find out in any case.