Page 25 of 25
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Mon Apr 17, 2017 11:30 am
by valerkruz
Thanks for reply.
i got stuff about VBoxDD.dll but i cant understand why values didnt changed even for just one VM even if i put "random" values here:
Code: Select all%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor" "Asus"
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVersion" "MB52.88Z.0088.B05.0904162222"
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseDate" "08/10/13"
maybe i did something wrong?
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Mon Apr 17, 2017 11:52 am
by EP_X0FF
How do you call it? Is it really legacy bios vm?
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Mon Apr 17, 2017 12:24 pm
by valerkruz
yes, i did it step by step like described in guide from github
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Mon Apr 17, 2017 2:56 pm
by EP_X0FF
Exclude from script line with custom bios file. Any changes?
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Tue Apr 18, 2017 5:45 pm
by valerkruz
Hi again, sorry for long reply.
I did all steps from github tutor , but after all i got that error - NtCreateFile(\Device\VboxDrvStub) failed: 0xc0000034 and etc, command net start vboxdrv didnt help. do u know how to fix that?
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Wed Apr 19, 2017 4:44 am
by EP_X0FF
run "sc query vboxdrv" from elevated command prompt and post results.
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Sat Apr 22, 2017 5:37 pm
by zukamazuka
Hi.
I have such problem: after loading your loader, bignox do not work. If I reboot PC, bignox works properly, but if I load loader again it corrupts bignox working.
The question is - how can I unload the loader from memory without rebooting? Are there any commands to do this?
Thanks.
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Sun Apr 23, 2017 4:22 am
by EP_X0FF
zukamazuka wrote:Hi.
I have such problem: after loading your loader, bignox do not work. If I reboot PC, bignox works properly, but if I load loader again it corrupts bignox working.
The question is - how can I unload the loader from memory without rebooting? Are there any commands to do this?
Thanks.
If you want to stop monitoring driver, open elevated command line prompt, navigate to VBoxLdr folder and run loader.exe with /s switch, e.g. loader.exe /s. To reenable monitoring just re-run loader without parameters elevated (as admin).
There is not way to unload drivers safely if they are loaded by TDL.
If the above still not help then the reason is the system file cache/standbylist flush used by loader and causing bug in this program.
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Sun Apr 23, 2017 4:34 am
by EP_X0FF
Starting from May 6 this thread will be no longer maintained on this forum.
If you have bugreports/suggestions/questions etc - use project
https://github.com/hfiref0x/VBoxHardenedLoader/issues to report them.
For the news and updates - see project github page
https://github.com/hfiref0x/VBoxHardenedLoader/
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Mon Apr 24, 2017 5:22 pm
by zukamazuka
It helped.
Thank you!