VBoxAntiVMDetectHardened mitigation X64 only

Forum for announcements and questions about tools and software.
valerkruz
Posts: 4
Joined: Fri Apr 14, 2017 11:22 am

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by valerkruz » Mon Apr 17, 2017 11:30 am

Thanks for reply.
i got stuff about VBoxDD.dll but i cant understand why values didnt changed even for just one VM even if i put "random" values here:

Code: Select all

%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor" "Asus"
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVersion" "MB52.88Z.0088.B05.0904162222"
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseDate" "08/10/13"
maybe i did something wrong?

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Mon Apr 17, 2017 11:52 am

How do you call it? Is it really legacy bios vm?
Ring0 - the source of inspiration

valerkruz
Posts: 4
Joined: Fri Apr 14, 2017 11:22 am

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by valerkruz » Mon Apr 17, 2017 12:24 pm

yes, i did it step by step like described in guide from github

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Mon Apr 17, 2017 2:56 pm

Exclude from script line with custom bios file. Any changes?
Ring0 - the source of inspiration

valerkruz
Posts: 4
Joined: Fri Apr 14, 2017 11:22 am

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by valerkruz » Tue Apr 18, 2017 5:45 pm

Hi again, sorry for long reply.
I did all steps from github tutor , but after all i got that error - NtCreateFile(\Device\VboxDrvStub) failed: 0xc0000034 and etc, command net start vboxdrv didnt help. do u know how to fix that?

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Wed Apr 19, 2017 4:44 am

run "sc query vboxdrv" from elevated command prompt and post results.
Ring0 - the source of inspiration

zukamazuka
Posts: 2
Joined: Tue Jan 17, 2017 7:49 am

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by zukamazuka » Sat Apr 22, 2017 5:37 pm

Hi.

I have such problem: after loading your loader, bignox do not work. If I reboot PC, bignox works properly, but if I load loader again it corrupts bignox working.
The question is - how can I unload the loader from memory without rebooting? Are there any commands to do this?

Thanks.

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Sun Apr 23, 2017 4:22 am

zukamazuka wrote:Hi.

I have such problem: after loading your loader, bignox do not work. If I reboot PC, bignox works properly, but if I load loader again it corrupts bignox working.
The question is - how can I unload the loader from memory without rebooting? Are there any commands to do this?

Thanks.
If you want to stop monitoring driver, open elevated command line prompt, navigate to VBoxLdr folder and run loader.exe with /s switch, e.g. loader.exe /s. To reenable monitoring just re-run loader without parameters elevated (as admin).

There is not way to unload drivers safely if they are loaded by TDL.

If the above still not help then the reason is the system file cache/standbylist flush used by loader and causing bug in this program.
Ring0 - the source of inspiration

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Sun Apr 23, 2017 4:34 am

Starting from May 6 this thread will be no longer maintained on this forum.

If you have bugreports/suggestions/questions etc - use project https://github.com/hfiref0x/VBoxHardenedLoader/issues to report them.
For the news and updates - see project github page https://github.com/hfiref0x/VBoxHardenedLoader/
Ring0 - the source of inspiration

zukamazuka
Posts: 2
Joined: Tue Jan 17, 2017 7:49 am

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by zukamazuka » Mon Apr 24, 2017 5:22 pm

It helped.

Thank you!

Locked