A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #2182  by Meriadoc
 Sun Aug 22, 2010 4:43 pm
Comparison of platform virtual machines http://en.wikipedia.org/wiki/Comparison ... l_machines
EP_X0FF wrote:Note: enable this setting in vmx configuration file to bypass VMware identification (VMX backdoor) by some lazy malware.

monitor_control.restrict_backdoor = "TRUE"
It would be interesting to see what other tricks people use to counter vm detection in vmx config, registry etc and whether it breaks anything.
isolation.tools.getPtrLocation.disable = "TRUE"
isolation.tools.setPtrLocation.disable = "TRUE"
isolation.tools.setVersion.disable = "TRUE"
isolation.tools.getVersion.disable = "TRUE"
monitor_control.disable_directexec = "TRUE"
monitor_control.disable_chksimd = "TRUE"
monitor_control.disable_ntreloc = "TRUE"
monitor_control.disable_selfmod = "TRUE"
monitor_control.disable_reloc = "TRUE"
monitor_control.disable_btinout = "TRUE"
monitor_control.disable_btmemspace = "TRUE"
monitor_control.disable_btpriv = "TRUE"
monitor_control.disable_btseg = "TRUE"
(superseded by ScoopyNG)
 #2207  by EP_X0FF
 Mon Aug 23, 2010 12:31 pm
Thanks all, first post updated, some direct links added.
 #2408  by Meriadoc
 Fri Aug 27, 2010 9:41 pm
Live View

Home http://liveview.sourceforge.net/index.html
Download http://sourceforge.net/projects/liveview/files/
Live View and source code is subject to Gnu Public License
Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to "boot up" the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk. Because all changes made to the disk are written to a separate file, the examiner can instantly revert all of his or her changes back to the original pristine state of the disk. The end result is that one need not create extra "throw away" copies of the disk or image to create the virtual machine.
 #2622  by EP_X0FF
 Fri Sep 03, 2010 11:18 am
This topic created for making a collection of links to software virtual machines. It contains posts moved from Virtual Machines sticky topic.
If you have any links not listed in that topic, please post them here, I'll update sticky topic list.
 #2722  by EP_X0FF
 Fri Sep 10, 2010 11:15 am
List updated, thank you.