Jump to content

VirtualBox error run in Windows Vista

gerona12

By gerona12
in Windows Vista

 Share

Recommended Posts


UCyborg

UCyborg

Posted
Posted

VirtualBox checks if loaded system files have been tampered with. Your uxtheme.dll doesn't pass the check. 

1490.d9c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Windows\System32\uxtheme.dll: Not signed.
'\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' is most likely modified.

 

1
Link to comment
Share on other sites
win32

win32

Posted
Posted (edited)

In this case, you may try local dll redirection (like making a folder named virtualbox.exe.local in the virtualbox folder) and copy all MS versions of the files I have modified into it. Though it seems to be ignoring it and checking the files in system32.

It is modified for the purpose of the extended kernel, but what about people who do standard uxtheme patching to allow unsigned visual styles? Perhaps Oracle should focus on legitimate improvements to their software than trying to attack OS enhancement projects. Well, OK, there are cases where files may have been tampered for malicious purposes but VirtualBox is not security software and should not pretend to be.

Edited by win32
2
Link to comment
Share on other sites
Jaguarek62

Jaguarek62

Posted
Posted (edited)
1 hour ago, win32 said:

In this case, you may try local dll redirection (like making a folder named virtualbox.exe.local in the virtualbox folder) and copy all MS versions of the files I have modified into it. Though it seems to be ignoring it and checking the files in system32.

It is modified for the purpose of the extended kernel, but what about people who do standard uxtheme patching to allow unsigned visual styles? Perhaps Oracle should focus on legitimate improvements to their software than trying to attack OS enhancement projects. Well, OK, there are cases where files may have been tampered for malicious purposes but VirtualBox is not security software and should not pretend to be.

I seriously do not understand why they f****** did this. Just why?? I hate modern software companies nowadays. Everything is a f****** expensive subscription, new operating systems are pieces of junk trying to spy on you whilst looking ugly. Back to my point, why would virtualization software check if I had patched my uxtheme to sideload a new theme for example? Unbelievable!

 

Their explanation:

vb.PNG

Edited by Jaguarek62
2
Link to comment
Share on other sites
win32

win32

Posted
Posted

I'm not as upset about the situation as I was earlier. I recognize the need to prevent exploits through usermode dlls that interface with ring 0, especially in such mission-critical software like a hypervisor. I became even less irate since it appears the verification process is open to self-signing: 

The image/DLL verification hooks are at this point able to verify DLLs
302	 * containing embedded code signing signatures, and will restrict the locations
303	 * from which DLLs will be loaded.  When #SUPR3HardenedMain gets going later on,
304	 * they will start insisting on everything having valid signatures, either
305	 * embedded or in a signed installer catalog file.

I had some problems with self-signing back in July, so I kiboshed the idea back then. But now I'm much smarter, and will sign all extended kernel DLLs to prevent such incidents from happening again. It is one of the best practices I want to implement to polish the project further; another is for the files to adopt their own versioning, so they can be better distinguished from MS files.

Link to comment
Share on other sites
  • 2 weeks later...
Koishi Komeiji

Koishi Komeiji

Posted
Posted (edited)
On 11/3/2020 at 8:28 PM, win32 said:

Perhaps Oracle should focus on legitimate improvements to their software than trying to attack OS enhancement projects. Well, OK, there are cases where files may have been tampered for malicious purposes but VirtualBox is not security software and should not pretend to be.

>Expecting Oracle to improve anything and not screw stuff up

LOL

let's not forget OpenOffice.org, ksplice, MySQL, Java VM / Google lawsuit, OpenSolaris, etc. (oh and the fact Red Hat had to make their patch info less detailed because of Oracle Linux essentially rebadging RHEL and charging for inferior support) - and this was just from the Sun acquisition alone... this reddit (ew) thread says so much stuff like how they buy management software and rip out support for databases other than their own, forcing companies to use theirs

 

Edited by Koishi Komeiji
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...