madskillz Posted February 16, 2018 Share Posted February 16, 2018 Hi Does anyone know how to bypass the VM detection on vmprotect binaries? "Sorry, this application can not run under a Virtual Machine " @White Are you the same author of this post? https://www.52pojie.cn/thread-623603-1-1.html If not can someone share that file or explain on how to do it. Regards Link to comment Share on other sites More sharing options...
Mahmoudnia Posted February 16, 2018 Share Posted February 16, 2018 @madskillz Try VBoxHardenedLoader https://github.com/hfiref0x/VBoxHardenedLoader Link to comment Share on other sites More sharing options...
madskillz Posted February 16, 2018 Author Share Posted February 16, 2018 I have already, vmprotect uses some other trick. Link to comment Share on other sites More sharing options...
zixkhalid Posted May 6, 2018 Share Posted May 6, 2018 i have the same problem with vmprotect +1 Link to comment Share on other sites More sharing options...
JohnWho Posted May 6, 2018 Share Posted May 6, 2018 VM vendor strings like "VMware" or "VBox" has been appended to tons of hardware related registry entries, try look there. Link to comment Share on other sites More sharing options...
atom0s Posted May 6, 2018 Share Posted May 6, 2018 A very common method of detecting VMWare, based on what JohnWho said above, is the video card information/driver information for the video card in the registry. It is generally labeled with VMWare in the name and a lot of VM detections look for it. 1 Link to comment Share on other sites More sharing options...
zixkhalid Posted May 7, 2018 Share Posted May 7, 2018 any good links talk about how to bypass this stuff in details ? Link to comment Share on other sites More sharing options...
binariman Posted July 19, 2018 Share Posted July 19, 2018 you can make this for work exe in vm HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class/{4D36E968-E325-11CE-08002BE10318}/0000 DriverDesk VMware SVGA 3D -->> ATI/NVIDIA SVGA II isolation.tools.getPtrLocation.disable = "TRUE" isolation.tools.setPtrLocation.disable = "TRUE" isolation.tools.setVersion.disable = "TRUE" isolation.tools.getVersion.disable = "TRUE" monitor_control.disable_directexec = "TRUE" monitor_control.disable_chksimd = "TRUE" monitor_control.disable_ntreloc = "TRUE" monitor_control.disable_selfmod = "TRUE" monitor_control.disable_reloc = "TRUE" monitor_control.disable_btinout = "TRUE" monitor_control.disable_btmemspace = "TRUE" monitor_control.disable_btpriv = "TRUE" monitor_control.disable_btseg = "TRUE" monitor_control.restrict_backdoor = "true" Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now