search

hzqst / VmwareHardenedLoader

Vmware Hardened VM detection mitigation loader (anti anti-vm)
MIT License
1.7k stars 460 forks source link

"\\vmware-host" is not accissible anymore! #19

Open tomay3000 opened 4 years ago

tomay3000 commented 4 years ago

After installing the loader, \\vmware-host is no longer accessible anymore!

tomay3000 commented 4 years ago

Removing these solved the problem:

isolation.tools.getPtrLocation.disable = "TRUE"
isolation.tools.setPtrLocation.disable = "TRUE"
isolation.tools.getVersion.disable = "TRUE"
isolation.tools.setVersion.disable = "TRUE"
monitor_control.disable_directexec = "TRUE"
monitor_control.disable_chksimd = "TRUE"
monitor_control.disable_ntreloc = "TRUE"
monitor_control.disable_selfmod = "TRUE"
monitor_control.disable_reloc = "TRUE"
monitor_control.disable_btinout = "TRUE"
monitor_control.disable_btmemspace = "TRUE"
monitor_control.disable_btpriv = "TRUE"
monitor_control.disable_btseg = "TRUE"
monitor_control.restrict_backdoor = "TRUE"

But I don't know which ones caused it, though I kept trying without success.

hzqst commented 4 years ago

\vmware-host requires monitor_control.restrict_backdoor to be FALSE since it uses backdoor io instruction to transfer files or data.

tomay3000 commented 4 years ago

OK, I will try it and see.