A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #26033  by icecoobe
 Tue Jun 09, 2015 9:44 am
EP_X0FF wrote:Loader updated for VirtualBox 4.3.28, UEFI patch included. Setup and configuring is the same.
Hi, EP_X0FF!

thanks for your great job. And everything is OK with stuff under "data" directory, and the BIOS logo is cool~~

when i start vm(host os is Win7-64, guest os is WinXP-32), the system informed me to install driver for "Base system bus" and "VGA Controller". But I cant install them automatically(I mean click the next button, next button, ....)

Does that mean i should retrieve the DSDT, VideoBios.bin of my own machine and so on?

and if so, how can i generate ones of my machine?

Best wishes!
Luke
 #26036  by EP_X0FF
 Tue Jun 09, 2015 12:10 pm
Hello,

you should use default VGA driver. There is no special VGA driver for VBox except that in vbox additions which you should never install if you plan to play with malware.

Just ignore these messages.
 #26049  by icecoobe
 Wed Jun 10, 2015 1:13 am
EP_X0FF wrote:Hello,

you should use default VGA driver. There is no special VGA driver for VBox except that in vbox additions which you should never install if you plan to play with malware.

Just ignore these messages.
did u approach all these things by set the DSDT? I wonder how did u get the pcbios, videorom ... which will be referred in *.vbox files.
 #26051  by EP_X0FF
 Wed Jun 10, 2015 4:38 am
icecoobe wrote:
EP_X0FF wrote:Hello,

you should use default VGA driver. There is no special VGA driver for VBox except that in vbox additions which you should never install if you plan to play with malware.

Just ignore these messages.
did u approach all these things by set the DSDT?
Additionally even after heavy reconfiguring some virtual machine devices data still will point on Oracle - PCI HWID (hardware identificators). For more info about possible vm detection methods see our VMDE.

The only way we can change these ID - memory patch of the VBoxDD.dll where located most of VM related logic.
+ for working in UEFI mode required to patch UEFI video driver, so it will take our new HWIDs instead of hardcoded VBox IDs.
I wonder how did u get the pcbios, videorom ... which will be referred in *.vbox files.
Some of them stored inside VBoxDD2.dll and declared as exported symbols. Some just ripped off other modules.
 #26262  by EP_X0FF
 Fri Jul 10, 2015 4:11 am
VirtualBox 5 is out. Seems heavy changes since 4.3.28. Patch will be released ASAP and if it still possible.
 #26576  by EP_X0FF
 Sat Aug 22, 2015 9:07 am
Loader updated for VirtualBox 5.0.2 (http://download.virtualbox.org/virtualb ... 96-Win.exe), warning patch data extended for VBox newest changes, UEFI patch included. Setup and configuring the same. Uninstall any previous version and do reboot before using new.
 #27212  by EP_X0FF
 Thu Nov 12, 2015 3:39 pm
Updated to support 5.0.8.

Yep I skipped 5.0.4, 5.0.6 as I see no point in updating so often when no actual or visible changes in VBox as now. And VBox 5.0.10 also released. Will look on it and if something interesting changed/added - loader will be updated.
 #27240  by nov5th
 Mon Nov 16, 2015 4:46 am
thank you for this useful post. i use virtual machine for malware analysis with cuckoo. my questions are:
1. when i install virtual box (after disable networking, i get a msg: would you like to install this device software? Oracle corporation universal serial bus ... should i install it or it would give evidence to malware?
2. how can i use host-only network between guest and host? should i only use NAT?
3. will you post same topic but for linux x64 later?
thank you
  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 25