gerona12 Posted November 3, 2020 Posted November 3, 2020 I installed VirtualBox 6.x.x on Windows Vista and created a virtual machine. However, it throws an error on startup. How to solve this problem?
Tripredacus Posted November 3, 2020 Posted November 3, 2020 You'll need to look into that log file. It could be anything. Sometimes it is just a file that can't be found.
gerona12 Posted November 3, 2020 Author Posted November 3, 2020 39 minutes ago, Tripredacus said: You'll need to look into that log file. It could be anything. Sometimes it is just a file that can't be found. VBoxHardening.log
Jaguarek62 Posted November 3, 2020 Posted November 3, 2020 (edited) Are you using extended kernel by any chance? Edited November 3, 2020 by Jaguarek62
UCyborg Posted November 3, 2020 Posted November 3, 2020 VirtualBox checks if loaded system files have been tampered with. Your uxtheme.dll doesn't pass the check. 1490.d9c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Windows\System32\uxtheme.dll: Not signed. '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' is most likely modified. 1
win32 Posted November 3, 2020 Posted November 3, 2020 (edited) In this case, you may try local dll redirection (like making a folder named virtualbox.exe.local in the virtualbox folder) and copy all MS versions of the files I have modified into it. Though it seems to be ignoring it and checking the files in system32. It is modified for the purpose of the extended kernel, but what about people who do standard uxtheme patching to allow unsigned visual styles? Perhaps Oracle should focus on legitimate improvements to their software than trying to attack OS enhancement projects. Well, OK, there are cases where files may have been tampered for malicious purposes but VirtualBox is not security software and should not pretend to be. Edited November 3, 2020 by win32 2
Jaguarek62 Posted November 3, 2020 Posted November 3, 2020 (edited) 1 hour ago, win32 said: In this case, you may try local dll redirection (like making a folder named virtualbox.exe.local in the virtualbox folder) and copy all MS versions of the files I have modified into it. Though it seems to be ignoring it and checking the files in system32. It is modified for the purpose of the extended kernel, but what about people who do standard uxtheme patching to allow unsigned visual styles? Perhaps Oracle should focus on legitimate improvements to their software than trying to attack OS enhancement projects. Well, OK, there are cases where files may have been tampered for malicious purposes but VirtualBox is not security software and should not pretend to be. I seriously do not understand why they f****** did this. Just why?? I hate modern software companies nowadays. Everything is a f****** expensive subscription, new operating systems are pieces of junk trying to spy on you whilst looking ugly. Back to my point, why would virtualization software check if I had patched my uxtheme to sideload a new theme for example? Unbelievable! Their explanation: Edited November 3, 2020 by Jaguarek62 2
UCyborg Posted November 4, 2020 Posted November 4, 2020 (edited) 5 hours ago, Jaguarek62 said: Their explanation: https://www.virtualbox.org/browser/vbox/trunk/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp?rev=85127#L29 Edited November 4, 2020 by UCyborg 1
win32 Posted November 4, 2020 Posted November 4, 2020 I'm not as upset about the situation as I was earlier. I recognize the need to prevent exploits through usermode dlls that interface with ring 0, especially in such mission-critical software like a hypervisor. I became even less irate since it appears the verification process is open to self-signing: The image/DLL verification hooks are at this point able to verify DLLs 302 * containing embedded code signing signatures, and will restrict the locations 303 * from which DLLs will be loaded. When #SUPR3HardenedMain gets going later on, 304 * they will start insisting on everything having valid signatures, either 305 * embedded or in a signed installer catalog file. I had some problems with self-signing back in July, so I kiboshed the idea back then. But now I'm much smarter, and will sign all extended kernel DLLs to prevent such incidents from happening again. It is one of the best practices I want to implement to polish the project further; another is for the files to adopt their own versioning, so they can be better distinguished from MS files.
win32 Posted November 7, 2020 Posted November 7, 2020 (edited) 7 hours ago, gerona12 said: Version 5.2 no working! Yes, they implemented these checks around the time of 4.3.x. Edited November 7, 2020 by win32
gerona12 Posted November 8, 2020 Author Posted November 8, 2020 17 hours ago, win32 said: Yes, they implemented these checks around the time of 4.3.x. 4.2 version this is error.........
Koishi Komeiji Posted November 18, 2020 Posted November 18, 2020 (edited) On 11/3/2020 at 8:28 PM, win32 said: Perhaps Oracle should focus on legitimate improvements to their software than trying to attack OS enhancement projects. Well, OK, there are cases where files may have been tampered for malicious purposes but VirtualBox is not security software and should not pretend to be. >Expecting Oracle to improve anything and not screw stuff up LOL let's not forget OpenOffice.org, ksplice, MySQL, Java VM / Google lawsuit, OpenSolaris, etc. (oh and the fact Red Hat had to make their patch info less detailed because of Oracle Linux essentially rebadging RHEL and charging for inferior support) - and this was just from the Sun acquisition alone... this reddit (ew) thread says so much stuff like how they buy management software and rip out support for databases other than their own, forcing companies to use theirs Edited November 18, 2020 by Koishi Komeiji
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now