KernelMode.info

You also don't set "Legacy" for Paravirtualization inteface as suggested here ->http://www.kernelmode.info/forum/viewto ... =11&t=3478. Your VM will be detected by hypervisor bit. Increase size of RAM to 2Gb, increase size of VHD to 60 gb and move your mouse when this tool "scans". The only leftover will be rdtsc "detect" but it is bullshit by design and cannot be used to detect vm. Problem with this /b/ tool is that it copy-pasted methods from any kind of shit in internet without even half-understanding wtf it is doing. We did vm detector that out perform this scope of bullshit 2 years ago.

Hi,

I have BSOD issues with Tsugumi. My configuration: Win10 host, Virtualbox 5.0.12. To load Tsugumi, I had to set Testsigning on via bcdedit, otherwise the driver fails to load (this is not included in the install guide).

After loading Tsugumi, the VM starts, it works fine for hours, and suddenly, the Win10 host crashes (usually reboots). According to the Whocrashed program, it is always ci.dll, which is responsible for code-integrity.

If I start the VM without Tsugumi, everything is stable for days.

Do you have a recommendation? Your help is appreciated.

Disable patchguard, load windows in debug mode. This bsod is (probably) because loader wasn't designed to be used in test mode, resulting in inproper dse values handling.

EP_X0FF wrote:Disable patchguard, load windows in debug mode. This bsod is (probably) because loader wasn't designed to be used in test mode, resulting in inproper dse values handling.

This solved the issue, thank you!

For future reference to others these are the detailed steps to get it working:

1. Disable SecureBoot if enabled
2. Run in an elevated CMD prompt: bcdedit /debug on
3. Reboot
4. Run https://github.com/hfiref0x/DSEFix in an elevated CMD prompt
5. Start tsugumi loader in the same CMD prompt
6. Wait 10 sec
7. Run DSEFix -e
8. Enjoy

Hello,
dsefix embedded in this vbox loader, you don't need to use it twice.

Best Regards,
-rin

Correct, vboxldr has embedded dsefix and use it during tsugumi loading.

rinn wrote: dsefix embedded in this vbox loader, you don't need to use it twice.

True, it was not working for me because Windows was not in Debug mode.
Cheers

is there any patch for 5.0.14 available? thanks!

kmd wrote:is there any patch for 5.0.14 available? thanks!

Nothing extraordinary new/fixed in this update. You can skip it. No need in installing every available update if you ok with current vbox.

Hi,

I'm looking for a way to harden Cuckoo sandbox machines that are running on Ubuntu host using vbox.
Is there any guide / documentation for hardening win7 64bit vm on VBOX installed on Linux hypervisor ?

I want to get rid from "80ee:cafe" & "80ee:beef" device ids.

Thanks,