Option Explicit
'---------------------------------------------------------------------------------------
' Module        : mVirtualized
' Author        : Karcrack
' Date          : 09/09/09
' Used for?     : Detect Virtualized Machines... like VMWare/V.PC/QEmu...
' Tested On     :
'                   - Virtual PC 2007, 1.0      (Tested by: KIASH!)
'                   - VMWare ,6.5.3.185404      (Tested by: SkyWeb!)
'
' Reference     :
'                   :http://www.cs.nps.navy.mil/people/faculty/irvine/publications/2000/VMM-usenix00-0611.pdf
'                   :http://invisiblethings.org/papers/redpill.html
'                   :http://www.ntsecurity.nu/onmymind/2007/2007-02-27.html
'                   :http://blog.assarbad.net/wp-content/uploads/2006/11/redpill_getting_colorless.pdf
'---------------------------------------------------------------------------------------
 
'USER32
Private Declare Function CallThunk8 Lib "USER32" Alias "CallWindowProcW" (ByRef cThunk As Currency, Optional ByVal Param1 As Long, Optional ByVal Param2 As Long, Optional ByVal Param3 As Long, Optional ByVal Param4 As Long) As Long
 
Public Function ImVirtualized() As Boolean
    Dim tIDT(2 + 4)     As Byte
 
'    mov ecx, [esp+4]\
'    sidt [ecx]       |->; -439297879751758.3221@
'    retn            /
 
    Call CallThunk8(-439297879751758.3221@, ByVal VarPtr(tIDT(0)))
    ImVirtualized = (tIDT(5)  > &HD0)
End Function

Es muy recomendable leer los links citados en los comentarios para mas info sobre el tema

Cualquier duda... preguntar!

Saludos