Irregular Expressions

Aug 15 2012   1:17AM GMT

VMWare Malware Lab



Posted by: Dan O'Connor
Tags:
virtual
virtualbox
vm
vmware

I am not going to cover the basic setup of a VMWare based lab, really you can use what ever you want as long as you can attempt to keep it isolated from the system.

I use VMWare for a couple reasons, mainly for the ability for me to take vm’s from fustion, workstation, ESXi and move them back and forth if needed.

The man reason is to try and avoid vmware detection, which you can do with some info from here.

Here is what you needed to add to the VMX file of the vm.


isolation.tools.getPtrLocation.disable ="TRUE"
isolation.tools.setPtrLocation.disable ="TRUE"
isolation.tools.setVersion.disable ="TRUE"
isolation.tools.getVersion.disable ="TRUE"
monitor_control.disable_directexec ="TRUE"
monitor_control.disable_chksimd ="TRUE"
monitor_control.disable_ntreloc ="TRUE"
monitor_control.disable_selfmod ="TRUE"
monitor_control.disable_reloc ="TRUE"
monitor_control.disable_btinout ="TRUE"
monitor_control.disable_btmemspace ="TRUE"
monitor_control.disable_btpriv ="TRUE"
monitor_control.disable_btseg ="TRUE"

I have found that if you are in the middle of a series of snapshots the best thing to do is revert, shutdown, add to VMX, set the VMX to read only, power on and play.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: