Try comparing the dlls with the originals in a decent hex editor and you'll see the differences. Easy enough to replicate for the 32 bit versions, since it's all just string changes (great idea nevertheless, saved me a lot of trouble :)).
A forum for reverse engineering, OS internals and malware analysis
Searched query: antivm
Try comparing the dlls with the originals in a decent hex editor and you'll see the differences. Easy enough to replicate for the 32 bit versions, since it's all just string changes (great idea nevertheless, saved me a lot of trouble :)).
EP_X0FF wrote:It would be nice to have these for educational purposes.MAXS wrote:Someone has patches for x86 version of VBox...fc to find difference with original files and hexeditor to do the same for 32 bit dlls.
No plans for patching x86 dlls as we don't use 32 bit VBox.
EP_X0FF wrote:Patched dlls for Win64 VirtualBox-4.2.10-84105. Backup original Vbox files and replace with attached. Due to patch digital signature is broken, however it is not important and do not affect Vbox work.Thanks a lot...
Patched dlls for Win64 VirtualBox-4.2.10-84105. Backup original Vbox files and replace with attached. Due to patch digital signature is broken, however it is not important and do not affect Vbox work.
... variant "I". In this thread mostly attached "F" variant. Analyze code, not how and where it connects. Usual Andromeda encrypted strings related to AntiVM/SandboxIE. Ќ…ЊюяяPяuґяUр…А…pяяяяuґяUмhdll hdll.hsbie‹ДPяUьѓД…А…© З…|юяя j h.dllhpi32hadva‹ДPяUи‰EАѓД…А„Y hѕ<л‡яuАимъяя‰EФ…А„A hG1ћяuАиФъяя‰EР…А„) ...
... variant "I". In this thread mostly attached "F" variant. Analyze code, not how and where it connects. Usual Andromeda encrypted strings related to AntiVM/SandboxIE. Ќ…ЊюяяPяuґяUр…А…pяяяяuґяUмhdll hdll.hsbie‹ДPяUьѓД…А…© З…|юяя j h.dllhpi32hadva‹ДPяUи‰EАѓД…А„Y hѕ<л‡яuАимъяя‰EФ…А„A hG1ћяuАиФъяя‰EР…А„) ...
I downloaded 10 samples and none works...Maybe debug them and patch the antivm stuff ?
Decide what you want - reversing/researching malware or playing in comfortable homemade/twitter virus analyst. VM (Vbox, Vmware etc) is just a emulation environment, anything else (usb support, additions, d3d support and rest of the crap) is not important. I have no idea what kind of bugs you exper...
I solved the problem, now USB in Repair mode is working... :mrgreen:
Only thing that has to be installed is Extension Pack for VirtualBox :lol:
Decide what you want - reversing/researching malware or playing in comfortable homemade/twitter virus analyst. VM (Vbox, Vmware etc) is just a emulation environment, anything else (usb support, additions, d3d support and rest of the crap) is not important. I have no idea what kind of bugs you experi...