Questions tagged [virtual-machines]
Software-based simulation or emulation of a hardware platform (CPU and hardware devices). Famous examples of virtual-machines are VMware, QEMU, VirtualBox, Microsoft Hyper-V, ...
38
questions
1
vote
0
answers
21
views
Detect what app uses a comport - potentially for a vmware escape via a comport/named pipe ntoskrnl
How could I diagnose if this named pipe that goes to com1 in vmware (now to a txt file) is malware or a legitimate piece of software?
Are there anyways to track what sends data to a comport in windows ...
- 263
0
votes
0
answers
70
views
Why is Windows 10 still blocking me from running malware?
I am analyzing some malware on Windows 10. I installed FLARE VM, disabled tamper protection and disabled the virus scanner in the registry. However when I attempt to run a malware, Windows is still ...
- 131
2
votes
0
answers
181
views
How can i Lifting x86_64 assembly code to LLVM-IR
I'm researching of virus and I'm faced with the task of deobfuscating its virtual machine. I chose to do this through LLVM and I had a question, where can I see a simple example of lifting ...
- 21
1
vote
0
answers
230
views
ReadProcessMemory from host to Hyper-V Windows Guest VM
Is it possible to use ReadProcessMemory or some other form of it maybe via a library to read memory from a virtual machine running inside Hyper-V?
The host is running Windows 11 the Guest is running ...
- 11
1
vote
1
answer
92
views
How to capture control flow pins on emulated serial port?
I am reverse engineering how a CPS software package communicates to a radio device. I have the basics down, and want to trick the software into thinking COM1 is the radio, when in reality I want to ...
- 271
1
vote
0
answers
284
views
pick dump from a specific process from virtualbox coredump
i'm interested in reverse engineering and assembly stuff i have started to do some research and im still a complete beginner
what i have learned so far that we could use virtualbox to dump the RAM ...
- 21
2
votes
2
answers
3k
views
Virtual machine code obfuscation implementation details
I want to implement a VM based simple proof-of-concept obfuscator. It should take an exe file as input and produce a new pe file with appended vm section. For simplicity let's say the exe file is ...
- 123
3
votes
0
answers
981
views
How to use Ghidra to work with VM obfuscated binaries?
By "VM obfuscated binary", I mean a binary that contains one or more implementations of a VM internally, and also some bytecode that can run on this VM. One of the reasons why this binary is this way, ...
- 474
1
vote
1
answer
205
views
How to track/debug/manipulate Windows processes in a VM?
I am trying to make some deep-level windows debuggig/tracing, utilizing virtualization.
Considering that if a Windows runs in a virtual machine, theoretically I have total power over it - I could ...
- 179
1
vote
1
answer
214
views
Difficulty obtaining malware traffic
I'm trying to get a particular piece of malware to beacon, and I have my box connected to remnux, with inetsim and fakedns running. Using this setup I have been able to acquire good pcap from most ...
- 173
3
votes
1
answer
548
views
custom virtual machine protection
How someone would go to reverse engineer a sample protected with a virtual machine? The problem is that it's not opcode anymore it's bytecode which I don't have any idea about because it's a private ...
- 163
4
votes
3
answers
916
views
Debugging a process running in a Virtual Machine with Radare2?
Is there anyway to debug a process running on a Virtual Machine (guest) with Radare2 from the host? I'm currently using VirtualBox. It provides a built in debugger. I'm not sure if it's possible for ...
- 1,789
1
vote
0
answers
120
views
Is there any way to capture the state of an application so as to restore execution of it later?
There are certain older, non-DirectX-based games that I can hack inside of a VM, which is amazing because I can save snapshots of states to then restore if, say, the game crashes after I attempt ...
- 2,234
4
votes
1
answer
3k
views
What are the steps to reverse engineering a Shockwave .DCR file?
I have been fascinated by reverse engineering after making several emulators and finding the pret community. I love the idea behind decompiling old games and recreating source code that recompiles ...
- 143
0
votes
1
answer
1k
views
IDA Pro v7 installation problem in VM
I have different problem.
I created VM (windows7x86SP1) with VMware Fusion on Mac OSX. When I try to install IDA Pro, I have a such a error. But I couldn't find any solution. I removed VM than ...
- 11