hfiref0x
commented
7 years ago net start vboxdrv from elevated command prompt
Closed Mac85 closed 5 years ago
hfiref0x
commented
7 years ago net start vboxdrv from elevated command prompt
Mac85
commented
7 years ago Tanks, It works !!
mustang651
commented
6 years ago Same issue and after net start vboxdrv I get this:
The virtual machine 'RemixOS' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\RemixOS\Logs\VBoxHardening.log'.
Код ошибки: E_FAIL (0x80004005)
Компонент: MachineWrap
Интерфейс: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}That's a completely different issue. Status code from log indicates it comes from Vbox hardening which is unrelated to this loader. You may update VBox to current version and see if this issue is still here.
ghost
commented
6 years ago @hfiref0x
net start vboxdrv from elevated command prompt
Do you mean to enter the command tdl tsugumi.sys again? I tried that but it didn't fix the problem.
The output I get from running that command is different from that picture though. This is what my output shows me:
`C:\VBoxHardenedLoader>tdl tsugumi.sys Turla Driver Loader v1.1.2 started (c) 2016 - 2017 TDL Project Supported x64 OS : 7 and above
Ldr: Windows v10.0 build 17134 Ldr: Warning, VirtualBox software installed, conflicts are possible SCM: Vulnerable driver loaded and opened Ldr: Kernel base = 0xFFFFF8007689A000 Ldr: Input driver file loaded at 0x00007FF64E640000 Ldr: Loading ntoskrnl.exe Ldr: ntoskrnl.exe loaded at 0x00007FF71C080000 Ldr: ExAllocatePoolWithTag 0xFFFFF80076B84410 Ldr: Shellcode allocated at 0x00000255A3630000 Ldr: Windows 10 RS2+ bootstrap shellcode selected Ldr: Resolving kernel import Ldr: Executing exploit Ldr: OpenLdr.u.Out.pvImageBase = 0xFFFFE108A2BB4080 Ldr: SUP_IOCTL_LDR_LOAD, success Shellcode mapped at 0xFFFFE108A2BB4080, size = 0x00008000 Driver image mapped at 0xFFFFE108A2BB438A Ldr: SUP_IOCTL_SET_VM_FOR_FAST call complete Ldr: SUP_IOCTL_FAST_DO_NOP Ldr: SUP_IOCTL_LDR_FREE SCM: Unloading vulnerable driver SCM: Vulnerable driver successfully unloaded Ldr: Original driver restored`
The VM Guest uses Win 10 64bit, same as the Host. I did not have VirtualBox running and I had never attempted to start the VM before.
hfiref0x
commented
6 years ago No, I mean open elevated cmd prompt. Run cmd.exe elevated. Then type net start vboxdrv.
ghost
commented
6 years ago Ooh, Thanks! :P
Violator71
commented
5 years ago I'm having a similar problem, but VBoxDrv is already started.
However, it seems to be "wrong" driver.
Command "tdl.exe Tsugimi.sys " in first run give an error and vboxdrv forever stays in STOP_PENDING.
In this moment file size located in C:\Windows\System32\drivers\vboxdrv.sys is 68 288 bytes. An original file is: 1 021 768 for VBox 6.0.4
For VBOX 5.2.26 nothing changes.
Driver located in \Windows\system32\drivers for Win7 x64, and this it's registry path. Driver in "C:\Program Files\Oracle\VirtualBox\drivers\vboxdrv\" is 1 021 768 bytes for VBox 6.0.4 and 972 192 bytes for VBox 5.2.26
After reboot tdl works like in the picture: 12_tdl_tsugumi_after.png, but after running loader.exe and starting virtual machine, i have an error like a topic starter have.
Solution: Stop VBox, VBoxdrv and replace c:\windows\system32\drivers\vboxdrv.sys with C:\Program Files\Oracle\VirtualBox\drivers\vboxdrv\vboxdrv.sys
After these manipulations virtual machine starting fine.
What's i'm do wrong and why it's not working without replacing driver?
hfiref0x
commented
5 years ago Move this to new issue and show TDL log. This issue is old and unrelated.
I followed this guide "https://github.com/hfiref0x/VBoxHardenedLoader/blob/master/Binary/install.md", but when I run my Virtual Machine, I obtain this error: