A forum for reverse engineering, OS internals and malware analysis
Searched query: antivm
... Date: 0x510A24D8 [Thu Jan 31 08:01:28 2013 UTC] EP: 0x40a927 .text 0/5 CRC: Claimed: 0xb0ee2, Actual: 0xb0ee2 DLL: False Sect: 5 AntiDbg: Yes AntiVM: VMware trick Packer: No Resource entries ================================================================================ Name RVA Size Lang ...
This thread is now closed. This thread was about VM detection mitigation and was for VirtualBox version up to 4.3.12 (incl). Current 4.3.14 and 4.3.15 versions both are malware friendly and this cannot be simple reconfigured by VBoxManage no matter what skid "examples" available in the web told you....
Just in case if someone interested about what we speak: fortunately this is open source, saving time needed for reverse. Their latest trunk with hardened crap (routines shared between VirtualBox.exe, VBoxDrv.sys and VBoxRT.dll) http://www.virtualbox.org/svn/vbox/trunk/src/VBox/HostDrivers/Support/ h...
EP_X0FF wrote:... as we still have to re-check all things are OK in case if Oracle drugdillers deliver more cocaine to VBox dev's.Hahaha, I sincerely hope Oracle/VBox guys read this and it hurts...
We've successfully patched hardened VirtualBox starting from build 95226, up to 95286 (and inc.latest svn build with "advanced unhooking" crap they implemented) without any binary modifications on disk and with NO reaction from their crapware protection. Details will be posted later, with official r...
Hello, I vore for driver. Firmware data can be in region protected by PatchGuard (as we do not even consider x86-32 versions). Besides, hiding driver must rely on a lot of undocumented staff like OS dependent offsets, structures etc, not to mention driver will be unsigned so you will be forced to tu...
I vore for driver.
Maybe. However sometimes VBox updates really can help - like in case of this bug http://www.kernelmode.info/forum/viewtopic.php?p=18930#p18930 long time used to detect VBox and fixed only in 4.3.4. What if something like this exists in 4.3.12? One thing I can certainly say right now - old style vbox...
No. When they will release anything that actually *work* - not doing these from clean install, http://i.imgur.com/xtG4nLN.png we will look if vbox is still can be patched anyhow. If not, well then we have these workarounds: 1) do not use it at all 2) write hiding driver that will do patching on the...
No. When they will release anything that actually *work* - not doing these from clean install, http://i.imgur.com/xtG4nLN.png we will look if vbox is still can be patched anyhow. If not, well then we have these workarounds: 1) do not use it at all 2) write hiding driver that will do patching on the ...