madskillz Posted February 16, 2018 Share Posted February 16, 2018 Hi Does anyone know how to bypass the VM detection on vmprotect binaries? "Sorry, this application can not run under a Virtual Machine " @White Are you the same author of this post? https://www.52pojie.cn/thread-623603-1-1.html If not can someone share that file or explain on how to do it. Regards Link to comment
Mahmoudnia Posted February 16, 2018 Share Posted February 16, 2018 @madskillz Try VBoxHardenedLoader https://github.com/hfiref0x/VBoxHardenedLoader Link to comment
madskillz Posted February 16, 2018 Author Share Posted February 16, 2018 I have already, vmprotect uses some other trick. Link to comment
zixkhalid Posted May 6, 2018 Share Posted May 6, 2018 i have the same problem with vmprotect +1 Link to comment
JohnWho Posted May 6, 2018 Share Posted May 6, 2018 VM vendor strings like "VMware" or "VBox" has been appended to tons of hardware related registry entries, try look there. Link to comment
atom0s Posted May 6, 2018 Share Posted May 6, 2018 A very common method of detecting VMWare, based on what JohnWho said above, is the video card information/driver information for the video card in the registry. It is generally labeled with VMWare in the name and a lot of VM detections look for it. 1 Link to comment
zixkhalid Posted May 7, 2018 Share Posted May 7, 2018 any good links talk about how to bypass this stuff in details ? Link to comment
binariman Posted July 19, 2018 Share Posted July 19, 2018 you can make this for work exe in vm HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class/{4D36E968-E325-11CE-08002BE10318}/0000 DriverDesk VMware SVGA 3D -->> ATI/NVIDIA SVGA II isolation.tools.getPtrLocation.disable = "TRUE" isolation.tools.setPtrLocation.disable = "TRUE" isolation.tools.setVersion.disable = "TRUE" isolation.tools.getVersion.disable = "TRUE" monitor_control.disable_directexec = "TRUE" monitor_control.disable_chksimd = "TRUE" monitor_control.disable_ntreloc = "TRUE" monitor_control.disable_selfmod = "TRUE" monitor_control.disable_reloc = "TRUE" monitor_control.disable_btinout = "TRUE" monitor_control.disable_btmemspace = "TRUE" monitor_control.disable_btpriv = "TRUE" monitor_control.disable_btseg = "TRUE" monitor_control.restrict_backdoor = "true" Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now