VBoxAntiVMDetectHardened mitigation X64 only

Forum for announcements and questions about tools and software.
User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Wed Mar 29, 2017 2:16 pm

Various new scan features added since 8.1 such as checking of driver objects, loaded modules list, various callbacks. In above case I suspect KPP detect callback outside any known driver which is kind of logical addition to previous checks.
Ring0 - the source of inspiration

Trelowin
Posts: 10
Joined: Tue Mar 14, 2017 12:14 pm

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by Trelowin » Wed Mar 29, 2017 5:17 pm

Thanks for the help. All began to work. I have one more question.
Whether it is possible to add to vm on win 7 the virtual videocard?

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Thu Mar 30, 2017 6:00 am

Short and easy answer - no. It is still virtual machine with hardcoded virtual devices.
Ring0 - the source of inspiration

newcomer
Posts: 18
Joined: Sun Nov 20, 2016 8:45 pm

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by newcomer » Thu Apr 06, 2017 9:28 am

Good afternoon,

Have a little mess around setting up Cd-rom vendor

Code: Select all

%vboxman% setextradata "%1" "VBoxInternal/Devices/ahci/0/Config/Port1/ATAPIVendorId" "string:Hitachi-LG"
Get error form Virtualbox AHCI configuration error: "ATAPIVendorId" is longer than 16 bytes (VERR_INVALID_PARAMETER). But as can you see it is only 10th symbol long. Where is a trick?

Also give advice how can implement patch for linux, to add this strings

Code: Select all

%vboxman% setextradata "%1" "VBoxInternal/Devices/acpi/0/Config/DsdtFilePath" "%vmscfgdir%ACPI-DSDT.bin"
%vboxman% setextradata "%1" "VBoxInternal/Devices/acpi/0/Config/SsdtFilePath" "%vmscfgdir%ACPI-SSDT1.bin"

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Thu Apr 06, 2017 2:50 pm

Your AtapiVendorID string length is 18. Remove unknown "string:" part.
Ring0 - the source of inspiration

newcomer
Posts: 18
Joined: Sun Nov 20, 2016 8:45 pm

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by newcomer » Thu Apr 06, 2017 6:36 pm

EP_X0FF wrote:Your AtapiVendorID string length is 18. Remove unknown "string:" part.

Code: Select all

string:
is just helps to define 100% that value is a string, sometime put value in quotes is not enouhg. No count anyway in VirtualBox. Even if you remove string, result will be same. I tested dozen dmi tables gazered from real notebooks, and seem that actual size you can add is 8 bytes (8 symbols).If amount of bytes is greater, you will see an error. So i wonder how this info passes to Virtualbox , is it count each symbol for 2 bytes?

Also can you give a path, how can add patch parameters for linux (debian) (asks about this in previous post.)

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Fri Apr 07, 2017 3:21 am

According to source szInquiryVendorId is 8 bytes char array. The message you see is a VirtualBox bug because of copy-pasting content of nearby warning messages inside source.

For your second question use https://www.virtualbox.org/manual/ch09. ... geacpicust, it works on Linux.
Ring0 - the source of inspiration

newcomer
Posts: 18
Joined: Sun Nov 20, 2016 8:45 pm

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by newcomer » Fri Apr 07, 2017 4:58 am

Code: Select all

VBoxManage setextradata "VM nam" "VBoxInternal/Devices/acpi/0/Config/CustomTable" "/path/to/table.bin"
So this stirng for linux, will be equal for this two strings in Windows

Code: Select all

%vboxman% setextradata "%1" "VBoxInternal/Devices/acpi/0/Config/DsdtFilePath" "%vmscfgdir%ACPI-DSDT.bin"
%vboxman% setextradata "%1" "VBoxInternal/Devices/acpi/0/Config/SsdtFilePath" "%vmscfgdir%ACPI-SSDT1.bin"

valerkruz
Posts: 4
Joined: Fri Apr 14, 2017 11:22 am

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by valerkruz » Sat Apr 15, 2017 4:17 pm

Hello!

Thanks for a great work, but can you also answer a few questions:
1) For example, if i need to launch more that 1 VM how can i use this stuff, because if i tried to start 3 VMs and its have changed hardware and its works also if i place different pcbios.bin or ACPI-DSDT.bin for each VM.
So the question is - how to change hardware values, because if i changing it in comands like

Code: Select all

%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor" "Asus"
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVersion" "MB52.88Z.0088.B05.0904162222"
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseDate" "08/10/13"
it didnt works.
as i understand *.bin values also must be changes, but how i can change *.bin?

Thanks !

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Sun Apr 16, 2017 12:37 pm

It will work for 3 or 333 vm machines. You CAN'T randomize each VM completely because VBoxDD.dll is the SAME for all of VM's.
Ring0 - the source of inspiration

Locked