Jump to content
Tuts 4 You

(Info Request) - VMProtect VM Detection


madskillz

Recommended Posts

  • 2 months later...

VM vendor strings like "VMware" or "VBox" has been appended to tons of hardware related registry entries, try look there.

Link to comment

A very common method of detecting VMWare,  based on what JohnWho said above, is the video card information/driver information for the video card in the registry. It is generally labeled with VMWare in the name and a lot of VM detections look for it.

  • Like 1
Link to comment
  • 2 months later...

you can make this for work exe  in vm 

 

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class/{4D36E968-E325-11CE-08002BE10318}/0000
 
DriverDesk VMware SVGA 3D -->> ATI/NVIDIA SVGA II
 
 
 
 
 
isolation.tools.getPtrLocation.disable = "TRUE"
isolation.tools.setPtrLocation.disable = "TRUE"
isolation.tools.setVersion.disable = "TRUE"
isolation.tools.getVersion.disable = "TRUE"
monitor_control.disable_directexec = "TRUE"
monitor_control.disable_chksimd = "TRUE"
monitor_control.disable_ntreloc = "TRUE"
monitor_control.disable_selfmod = "TRUE"
monitor_control.disable_reloc = "TRUE"
monitor_control.disable_btinout = "TRUE"
monitor_control.disable_btmemspace = "TRUE"
monitor_control.disable_btpriv = "TRUE"
monitor_control.disable_btseg = "TRUE"
monitor_control.restrict_backdoor = "true"
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...