Page 24 of 25
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Wed Mar 29, 2017 2:16 pm
by EP_X0FF
Various new scan features added since 8.1 such as checking of driver objects, loaded modules list, various callbacks. In above case I suspect KPP detect callback outside any known driver which is kind of logical addition to previous checks.
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Wed Mar 29, 2017 5:17 pm
by Trelowin
Thanks for the help. All began to work. I have one more question.
Whether it is possible to add to vm on win 7 the virtual videocard?
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Thu Mar 30, 2017 6:00 am
by EP_X0FF
Short and easy answer - no. It is still virtual machine with hardcoded virtual devices.
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Thu Apr 06, 2017 9:28 am
by newcomer
Good afternoon,
Have a little mess around setting up Cd-rom vendor
Code: Select all%vboxman% setextradata "%1" "VBoxInternal/Devices/ahci/0/Config/Port1/ATAPIVendorId" "string:Hitachi-LG"
Get error form Virtualbox
AHCI configuration error: "ATAPIVendorId" is longer than 16 bytes (VERR_INVALID_PARAMETER). But as can you see it is only 10th symbol long. Where is a trick?
Also give advice how can implement patch for linux, to add this strings
Code: Select all%vboxman% setextradata "%1" "VBoxInternal/Devices/acpi/0/Config/DsdtFilePath" "%vmscfgdir%ACPI-DSDT.bin"
%vboxman% setextradata "%1" "VBoxInternal/Devices/acpi/0/Config/SsdtFilePath" "%vmscfgdir%ACPI-SSDT1.bin"
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Thu Apr 06, 2017 2:50 pm
by EP_X0FF
Your AtapiVendorID string length is 18. Remove unknown "string:" part.
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Thu Apr 06, 2017 6:36 pm
by newcomer
EP_X0FF wrote:Your AtapiVendorID string length is 18. Remove unknown "string:" part.
is just helps to define 100% that value is a string, sometime put value in quotes is not enouhg. No count anyway in VirtualBox. Even if you remove string, result will be same. I tested dozen dmi tables gazered from real notebooks, and seem that actual size you can add is 8 bytes (8 symbols).If amount of bytes is greater, you will see an error. So i wonder how this info passes to Virtualbox , is it count each symbol for 2 bytes?
Also can you give a path, how can add patch parameters for linux (debian) (asks about this in previous post.)
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Fri Apr 07, 2017 3:21 am
by EP_X0FF
According to source szInquiryVendorId is 8 bytes char array. The message you see is a VirtualBox bug because of copy-pasting content of nearby warning messages inside source.
For your second question use
https://www.virtualbox.org/manual/ch09. ... geacpicust, it works on Linux.
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Fri Apr 07, 2017 4:58 am
by newcomer
Code: Select allVBoxManage setextradata "VM nam" "VBoxInternal/Devices/acpi/0/Config/CustomTable" "/path/to/table.bin"
So this stirng for linux, will be equal for this two strings in Windows
Code: Select all%vboxman% setextradata "%1" "VBoxInternal/Devices/acpi/0/Config/DsdtFilePath" "%vmscfgdir%ACPI-DSDT.bin"
%vboxman% setextradata "%1" "VBoxInternal/Devices/acpi/0/Config/SsdtFilePath" "%vmscfgdir%ACPI-SSDT1.bin"
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Sat Apr 15, 2017 4:17 pm
by valerkruz
Hello!
Thanks for a great work, but can you also answer a few questions:
1) For example, if i need to launch more that 1 VM how can i use this stuff, because if i tried to start 3 VMs and its have changed hardware and its works also if i place different pcbios.bin or ACPI-DSDT.bin for each VM.
So the question is - how to change hardware values, because if i changing it in comands like
Code: Select all%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor" "Asus"
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVersion" "MB52.88Z.0088.B05.0904162222"
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseDate" "08/10/13"
it didnt works.
as i understand *.bin values also must be changes, but how i can change *.bin?
Thanks !
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Sun Apr 16, 2017 12:37 pm
by EP_X0FF
It will work for 3 or 333 vm machines. You CAN'T randomize each VM completely because VBoxDD.dll is the SAME for all of VM's.