A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #29779  by newcomer
 Fri Dec 23, 2016 9:38 pm
good afternoon,

Regarding,
Code: Select all
wmic cpu get processorid
wmic bios get serialnumber
seems wmic don't work correctly even in Virtualbox.

The other issue is about
Code: Select all
VBoxInternal/Devices/pcbios/0/Config/BiosRom
when apply copy of your bios, some info inf msinfo32 showing in correctly. (Note, I don't apply any other options only psbios.bin). In attachments you will find screenshots with problems.
  • Registry entries is missing.
    SMBIOS string is missing in msinfo32
    Some string is displayed wrong (marked with red)
Why does it happen? Is anyway to solve a problem?

Also is it possible to set different video bios, of example emulation nvidia or amd card? Try to set from real card, but it is not applied.

The second question about
Code: Select all
VBoxInternal/Devices/pcbios/0/Config/DmiChassisType
VBoxInternal/Devices/pcbios/0/Config/DmiBoardBoardType
VBOX manual told that this parameters need to be integer. My laptop returns them via dmidecode - Type: Motherboard and Type: Portable - for each according. So how this can be handle to set them up?
Attachments
(713.23 KiB) Downloaded 34 times
 #29791  by EP_X0FF
 Tue Dec 27, 2016 4:42 am
newcomer wrote:The other issue is about
Code: Select all
VBoxInternal/Devices/pcbios/0/Config/BiosRom
when apply copy of your bios, some info inf msinfo32 showing in correctly. (Note, I don't apply any other options only psbios.bin). In attachments you will find screenshots with problems.
From your description and screenshots - you didn't set all settings listed in script file. This ain't gonna work separately.
Also is it possible to set different video bios, of example emulation nvidia or amd card? Try to set from real card, but it is not applied.
No. I already answered this question. Changing BIOS doesn't change hardware. You can't use any other BIOS.
The second question about
Code: Select all
VBoxInternal/Devices/pcbios/0/Config/DmiChassisType
VBoxInternal/Devices/pcbios/0/Config/DmiBoardBoardType
VBOX manual told that this parameters need to be integer. My laptop returns them via dmidecode - Type: Motherboard and Type: Portable - for each according. So how this can be handle to set them up?
This is numeric ID that interpreted to description string. List of it can be found here -> http://www.dmtf.org/sites/default/files ... _3.0.0.pdf (SMBIOS Specification), page 36 & for chassis at page 38.
 #29858  by newcomer
 Sat Jan 14, 2017 6:07 pm
E_X0FF wrote:
newcomer wrote:The other issue is about
Code: Select all
VBoxInternal/Devices/pcbios/0/Config/BiosRom
when apply copy of your bios, some info inf msinfo32 showing in correctly. (Note, I don't apply any other options only psbios.bin). In attachments you will find screenshots with problems.
From your description and screenshots - you didn't set all settings listed in script file. This ain't gonna work separately.
Good afternoon,

returning to message from Fri Dec 23, 2016 9:38 pm about missing registry entries and smbios information. I fill out configuration file with original info gathered from real pc, so no fake or generated info (attach it). As commented before if you don't apply psbios.bin file all registry entries and smbios forwarding works fine, after applying
Code: Select all
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/BiosRom" "%vmscfgdir%pcbios.bin"
some info is missing.
Also make some checks on Debian, dmidecode returns error - No SMBIOS nor DMI entry point found,sorry
Screenshot with missing registry entries and msinfo have attached before.
Attachments
(154.69 KiB) Downloaded 34 times
 #29886  by EP_X0FF
 Thu Jan 26, 2017 5:31 pm
newcomer wrote:Good afternoon,

what is the purpose of new file, Kasumi, included in patch?
This is VirtualBox patch table generator. As input parameter it takes filepath to VBoxDD.dll. Output file then can be used by loader. As you may guess the only thing changing with each new version of loader is the internal patch table list. New version of VBox - new entry in this list. By using this generator you can use same loader version with future VBox versions by just giving it generated table.
 #29906  by EP_X0FF
 Wed Feb 01, 2017 4:58 pm
Loader v 1.8.0 released.

Changelog:

1) Patch generator integrated into loader, so we hope from now there is no need to update it every time new VirtualBox version released.
2) Build configurations and code updated to be ready for code signing. Signed versions are not included in public build (for signing you need kernel mode code signing certificate).
For more info about code signing see https://github.com/hfiref0x/VBoxHardene ... igning.txt
3) Documentation updated.

For default github unsigned version installation and usage didn't changed, manual as before here -> https://github.com/hfiref0x/VBoxHardene ... README.txt
For signed version installation and usage instuctions here -> https://github.com/hfiref0x/VBoxHardene ... SIGNED.txt (the only difference in the way of loading Tsugumi monitoring driver and work with it).

Note that Windows 10 TH2 updated PatchGuard and it will trigger BSOD with unsigned Tsugumi.sys loaded by TDL.

With Best Regards to my old good friend - Fyyre (http://fyyre.ivory-tower.de/).
  • 1
  • 17
  • 18
  • 19
  • 20
  • 21
  • 25