Detect if user uses wine using various methods
linux wine output:
linux portproton output:
windows output (thanks Belka):
todo: windows v0.3.0 screenshot
If you open wine file manager you can find drive with letter Z: which have your linux fs on it This checker checks if user have drive Z with folder bin on it
Wine has many register keys so it's easy to detect it
You can notice that wine creates services with name WinedeviceX
Sometimes winedevice.exe can be found on wine (for me it works only in portproton)
C:\windows\syswow64\wineboot.exe - it's all what you need to know
Thanks to shavitush for this information about this
Some system dlls have suspicious exports:
- ntdll.dll!wine_get_version
- ntdll.dll!wine_get_host_version
- kernel32.dll!wine_get_unix_file_name
- .. and others
https://www.hexacorn.com/blog/2016/03/27/detecting-wine-via-internal-and-legacy-apis/