A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #30081  by EP_X0FF
 Thu Mar 09, 2017 9:31 am
Updated guide posted on project github.

https://github.com/hfiref0x/VBoxHardene ... install.md

and for signed version

https://github.com/hfiref0x/VBoxHardene ... _signed.md

Because of this current thread guide now declared obsolete.

Note that 5.1.16 VirtualBox released. Current loader and driver fully compatible with it and since patch generator integrated into loader I think they will be compatible with all future Oracle releases unless they change something really dramatically.
 #30108  by EP_X0FF
 Wed Mar 15, 2017 3:08 am
This is TDL warning as it detected installed VirtualBox. Because TDL uses another VirtualBox driver to perform it task this may lead to conflicts with installed VirtualBox as TDL need to unload all VirtualBox drivers first, replace vboxdrv.sys with it own next, load it, perform driver loading, unload vboxdrv and restore original. From TDL screenshot you can see last line >Original driver restored. So everything worked well.
 #30121  by Trelowin
 Thu Mar 16, 2017 6:15 pm
VMDE-master showed detection. Pafish gave a check log:
[pafish] Start
[pafish] Windows version: 6.1 build 7601
[pafish] CPU: AuthenticAMD Intel(R) Pentium(R) CPU G4400 @ 3.30GHz
[pafish] CPU VM traced by checking the difference between CPU timestamp counters (rdtsc)
[pafish] CPU VM traced by checking the difference between CPU timestamp counters (rdtsc) forcing VM exit
[pafish] Sandbox traced using mouse activity
[pafish] Sandbox traced by checking disk size <= 60GB via GetDiskFreeSpaceExA()
[pafish] Sandbox traced by checking operating system uptime using GetTickCount()
[pafish] VirtualBox traced using Reg key HKLM\HARDWARE\ACPI\DSDT\VBOX__
[pafish] VirtualBox device identifiers traced using WMI
[pafish] End
I corrected detection of a mouse. Replaced Ps/2 a mouse with usb a pad.
Problem detection of the size of a hard drive is clear too.
How to correct remaining holes?
  • 1
  • 19
  • 20
  • 21
  • 22
  • 23
  • 25