search

hzqst / VmwareHardenedLoader

Vmware Hardened VM detection mitigation loader (anti anti-vm)
MIT License
1.8k stars 465 forks source link

graphic driver files #11

Open Albert0nl opened 5 years ago

Albert0nl commented 5 years ago

"vmware virtual graphic card information could be detected by querying DXGI interface, which could be modified by editing graphic driver files."

  1. Where are the graphic driver files located? In %windir%system32\drivers\etc?
  2. How can I find out which file needs to be modified?
  3. Do I need to search for VMWare and edit it in hexeditor?

Thank you!

hzqst commented 5 years ago

"vmware virtual graphic card information could be detected by querying DXGI interface, which could be modified by editing graphic driver files."

  1. Where are the graphic driver files located? In %windir%system32\drivers\etc?
  2. How can I find out which file needs to be modified?
  3. Do I need to search for VMWare and edit it in hexeditor?

Thank you!

you won't get detect by "DXGI interface graphic adapter information querying" if you don't install vmware's graphic driver. that is, don't install vmtools.

Albert0nl commented 5 years ago

Each startup I must run the loader. Is this normal? Doesn't it add it self as service to startup?

Albert0nl commented 5 years ago

If I don't run the loader it detection vm

hzqst commented 5 years ago

yes you have to run install.bat each startup

Albert0nl commented 5 years ago

Will there be a 32 bit available ever? Is it even possible to make this loader work on a 32 bit OS?

HuangKaiHuan commented 4 years ago

"vmware virtual graphic card information could be detected by querying DXGI interface, which could be modified by editing graphic driver files."

  1. Where are the graphic driver files located? In %windir%system32\drivers\etc?
  2. How can I find out which file needs to be modified?
  3. Do I need to search for VMWare and edit it in hexeditor?

Thank you!

you won't get detect by "DXGI interface graphic adapter information querying" if you don't install vmware's graphic driver. that is, don't install vmtools.

你好,用了上述的方法后,鲁大师和dxdiag还是能检测到VM相关的信息,这个有方法改吗? 2019-12-19 22-16-06屏幕截图 2019-12-19 22-13-14屏幕截图

skidunion commented 4 years ago

I would like to use the graphic driver, is there a way I can change the info?

TheFurryFish commented 4 years ago

Are there any alternative graphic drivers available? Or can the VMware graphic drivers be extracted and altered to not be detected?

skidunion commented 4 years ago

@TheFurryFish You can modify the .inf file of the SVGA driver to change the model name. Don't forget to also rename the main driver file - vm3dmp.sys

Pesktador commented 4 years ago

@TheFurryFish You can modify the .inf file of the SVGA driver to change the model name. Don't forget to also rename the main driver file - vm3dmp.sys

Could you explain further how we can change the name of the gpu inside of the vm?

bumblebee2511 commented 4 years ago

Is there any friend who helped me with playing games on vm? I'm desperate too much about it, thanks

DPain commented 4 years ago

@TheFurryFish You can modify the .inf file of the SVGA driver to change the model name. Don't forget to also rename the main driver file - vm3dmp.sys

This doesn't seem to be enough. I've tried changing the name of the driver, vender, and the main driver's file name, but it seems to still detect the driver. It could be because the driver still uses the same vendor id, device id, and subsystem id, but I'm not sure how to change this.

franchesko1437 commented 2 years ago

@TheFurryFish Вы можете изменить INF-файл драйвера SVGA, чтобы изменить название модели. Не забудьте также переименовать основной файл драйвера - vm3dmp.sys

Кажется, этого недостаточно. Я пытался изменить имя драйвера, поставщика и имя файла основного драйвера, но, похоже, драйвер все еще обнаруживается. Это может быть связано с тем, что драйвер по-прежнему использует тот же идентификатор поставщика, идентификатор устройства и идентификатор подсистемы, но я не знаю, как это изменить.

Hello, did you change the ids?