Jump to content
Tuts 4 You
Sign in to follow this  
madskillz

(Info Request) - VMProtect VM Detection

Recommended Posts

madskillz

Hi

Does anyone know how to bypass the VM detection on vmprotect binaries?

"Sorry, this application can not run under a Virtual Machine "

@White Are you the same author of this post?

https://www.52pojie.cn/thread-623603-1-1.html

If not can someone share that file or explain on how to do it.

Regards

 

Share this post


Link to post
Mahmoudnia

@madskillz
Try VBoxHardenedLoader

https://github.com/hfiref0x/VBoxHardenedLoader

 

Share this post


Link to post
madskillz

I have already, vmprotect uses some other trick.

Share this post


Link to post
zixkhalid

i have the same problem with vmprotect +1

Share this post


Link to post
JohnWho

VM vendor strings like "VMware" or "VBox" has been appended to tons of hardware related registry entries, try look there.

Share this post


Link to post
atom0s

A very common method of detecting VMWare,  based on what JohnWho said above, is the video card information/driver information for the video card in the registry. It is generally labeled with VMWare in the name and a lot of VM detections look for it.

  • Like 1

Share this post


Link to post
zixkhalid

any good links talk about how to bypass this stuff in details ?

Share this post


Link to post
binariman

you can make this for work exe  in vm 

 

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class/{4D36E968-E325-11CE-08002BE10318}/0000
 
DriverDesk VMware SVGA 3D -->> ATI/NVIDIA SVGA II
 
 
 
 
 
isolation.tools.getPtrLocation.disable = "TRUE"
isolation.tools.setPtrLocation.disable = "TRUE"
isolation.tools.setVersion.disable = "TRUE"
isolation.tools.getVersion.disable = "TRUE"
monitor_control.disable_directexec = "TRUE"
monitor_control.disable_chksimd = "TRUE"
monitor_control.disable_ntreloc = "TRUE"
monitor_control.disable_selfmod = "TRUE"
monitor_control.disable_reloc = "TRUE"
monitor_control.disable_btinout = "TRUE"
monitor_control.disable_btmemspace = "TRUE"
monitor_control.disable_btpriv = "TRUE"
monitor_control.disable_btseg = "TRUE"
monitor_control.restrict_backdoor = "true"

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...