Jump to content
Tuts 4 You
madskillz

(Info Request) - VMProtect VM Detection

Rate this topic

Recommended Posts

madskillz

Hi

Does anyone know how to bypass the VM detection on vmprotect binaries?

"Sorry, this application can not run under a Virtual Machine "

@White Are you the same author of this post?

https://www.52pojie.cn/thread-623603-1-1.html

If not can someone share that file or explain on how to do it.

Regards

 

Share this post


Link to post
Share on other sites
Mahmoudnia

@madskillz
Try VBoxHardenedLoader

https://github.com/hfiref0x/VBoxHardenedLoader

 

Share this post


Link to post
Share on other sites
madskillz

I have already, vmprotect uses some other trick.

Share this post


Link to post
Share on other sites
zixkhalid

i have the same problem with vmprotect +1

Share this post


Link to post
Share on other sites
JohnWho

VM vendor strings like "VMware" or "VBox" has been appended to tons of hardware related registry entries, try look there.

Share this post


Link to post
Share on other sites
atom0s

A very common method of detecting VMWare,  based on what JohnWho said above, is the video card information/driver information for the video card in the registry. It is generally labeled with VMWare in the name and a lot of VM detections look for it.

  • Like 1

Share this post


Link to post
Share on other sites
zixkhalid

any good links talk about how to bypass this stuff in details ?

Share this post


Link to post
Share on other sites
binariman

you can make this for work exe  in vm 

 

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class/{4D36E968-E325-11CE-08002BE10318}/0000
 
DriverDesk VMware SVGA 3D -->> ATI/NVIDIA SVGA II
 
 
 
 
 
isolation.tools.getPtrLocation.disable = "TRUE"
isolation.tools.setPtrLocation.disable = "TRUE"
isolation.tools.setVersion.disable = "TRUE"
isolation.tools.getVersion.disable = "TRUE"
monitor_control.disable_directexec = "TRUE"
monitor_control.disable_chksimd = "TRUE"
monitor_control.disable_ntreloc = "TRUE"
monitor_control.disable_selfmod = "TRUE"
monitor_control.disable_reloc = "TRUE"
monitor_control.disable_btinout = "TRUE"
monitor_control.disable_btmemspace = "TRUE"
monitor_control.disable_btpriv = "TRUE"
monitor_control.disable_btseg = "TRUE"
monitor_control.restrict_backdoor = "true"

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...