KernelMode.info

EP_X0FF wrote:Loader updated for VirtualBox 4.3.28, UEFI patch included. Setup and configuring is the same.

Hi, EP_X0FF!

thanks for your great job. And everything is OK with stuff under "data" directory, and the BIOS logo is cool~~

when i start vm(host os is Win7-64, guest os is WinXP-32), the system informed me to install driver for "Base system bus" and "VGA Controller". But I cant install them automatically(I mean click the next button, next button, ....)

Does that mean i should retrieve the DSDT, VideoBios.bin of my own machine and so on?

and if so, how can i generate ones of my machine?

Best wishes!
Luke

Hello,

you should use default VGA driver. There is no special VGA driver for VBox except that in vbox additions which you should never install if you plan to play with malware.

Just ignore these messages.

EP_X0FF wrote:Hello,

you should use default VGA driver. There is no special VGA driver for VBox except that in vbox additions which you should never install if you plan to play with malware.

Just ignore these messages.

did u approach all these things by set the DSDT? I wonder how did u get the pcbios, videorom ... which will be referred in *.vbox files.

icecoobe wrote:

EP_X0FF wrote:Hello,

you should use default VGA driver. There is no special VGA driver for VBox except that in vbox additions which you should never install if you plan to play with malware.

Just ignore these messages.

did u approach all these things by set the DSDT?

Additionally even after heavy reconfiguring some virtual machine devices data still will point on Oracle - PCI HWID (hardware identificators). For more info about possible vm detection methods see our VMDE.

The only way we can change these ID - memory patch of the VBoxDD.dll where located most of VM related logic.

+ for working in UEFI mode required to patch UEFI video driver, so it will take our new HWIDs instead of hardcoded VBox IDs.

I wonder how did u get the pcbios, videorom ... which will be referred in *.vbox files.

Some of them stored inside VBoxDD2.dll and declared as exported symbols. Some just ripped off other modules.

VirtualBox 5 is out. Seems heavy changes since 4.3.28. Patch will be released ASAP and if it still possible.

Loader updated for VirtualBox 5.0.0 (http://download.virtualbox.org/virtualb ... 73-Win.exe), UEFI patch included. Setup and configuring the same.

Loader updated for VirtualBox 5.0.2 (http://download.virtualbox.org/virtualb ... 96-Win.exe), warning patch data extended for VBox newest changes, UEFI patch included. Setup and configuring the same. Uninstall any previous version and do reboot before using new.

Thank you very much EP_X0FF.

Your work is exceptional..

And extremely helpful even for the newbies like me.

Cheers.

Updated to support 5.0.8.

Yep I skipped 5.0.4, 5.0.6 as I see no point in updating so often when no actual or visible changes in VBox as now. And VBox 5.0.10 also released. Will look on it and if something interesting changed/added - loader will be updated.

thank you for this useful post. i use virtual machine for malware analysis with cuckoo. my questions are:
1. when i install virtual box (after disable networking, i get a msg: would you like to install this device software? Oracle corporation universal serial bus ... should i install it or it would give evidence to malware?
2. how can i use host-only network between guest and host? should i only use NAT?
3. will you post same topic but for linux x64 later?
thank you