A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #30236  by valerkruz
 Mon Apr 17, 2017 11:30 am
Thanks for reply.
i got stuff about VBoxDD.dll but i cant understand why values didnt changed even for just one VM even if i put "random" values here:
Code: Select all
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor" "Asus"
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVersion" "MB52.88Z.0088.B05.0904162222"
%vboxman% setextradata "%1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseDate" "08/10/13"
maybe i did something wrong?
 #30245  by valerkruz
 Tue Apr 18, 2017 5:45 pm
Hi again, sorry for long reply.
I did all steps from github tutor , but after all i got that error - NtCreateFile(\Device\VboxDrvStub) failed: 0xc0000034 and etc, command net start vboxdrv didnt help. do u know how to fix that?
 #30256  by zukamazuka
 Sat Apr 22, 2017 5:37 pm
Hi.

I have such problem: after loading your loader, bignox do not work. If I reboot PC, bignox works properly, but if I load loader again it corrupts bignox working.
The question is - how can I unload the loader from memory without rebooting? Are there any commands to do this?

Thanks.
 #30260  by EP_X0FF
 Sun Apr 23, 2017 4:22 am
zukamazuka wrote:Hi.

I have such problem: after loading your loader, bignox do not work. If I reboot PC, bignox works properly, but if I load loader again it corrupts bignox working.
The question is - how can I unload the loader from memory without rebooting? Are there any commands to do this?

Thanks.
If you want to stop monitoring driver, open elevated command line prompt, navigate to VBoxLdr folder and run loader.exe with /s switch, e.g. loader.exe /s. To reenable monitoring just re-run loader without parameters elevated (as admin).

There is not way to unload drivers safely if they are loaded by TDL.

If the above still not help then the reason is the system file cache/standbylist flush used by loader and causing bug in this program.
 #30264  by EP_X0FF
 Sun Apr 23, 2017 4:34 am
Starting from May 6 this thread will be no longer maintained on this forum.

If you have bugreports/suggestions/questions etc - use project https://github.com/hfiref0x/VBoxHardenedLoader/issues to report them.
For the news and updates - see project github page https://github.com/hfiref0x/VBoxHardenedLoader/
  • 1
  • 21
  • 22
  • 23
  • 24
  • 25