Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to hide VM with cuckoomonitor? #48

Open
Soukaiinaa opened this issue May 31, 2017 · 2 comments
Open

How to hide VM with cuckoomonitor? #48

Soukaiinaa opened this issue May 31, 2017 · 2 comments

Comments

@Soukaiinaa
Copy link

I have cloned cuckoomonitor in the monitor directory of Cuckoo Sandbox, after I do make, and when I run pafish on windows7, nothing was changed..
So, What should I do to hide my virtual environment?

And the hook_reg.c file no longer exists?
@jbremer
Copy link
Member

jbremer commented Jun 13, 2017

Well, the DLLs that you'll find in the Cuckoo Community are literally just the compiled version of what you'll find in this repository. The hook_reg.c file was changed around and is now mostly represented by sigs/registry.rst and sigs/registry_native.rst. Feel free to experiment with hiding certain items and if you have anything that you'd like to share back, do let us know.

@silenttype
Copy link

Hi! I am new to cuckoomonitor. I stumbled on this problem also. Is there an example on how to convert the code from hook_reg.c to be used in registry.srt.

For example I want to bypass VM detection that uses RegOpenKeyExA and checks for lpSubkey as "VirtualBox". How would I go about inserting that bypass in sigs/registry.rst?

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jbremer @Soukaiinaa @silenttype