Virtualize Registry Bug

Issues related to Enigma Virtual Box
Post Reply
Unc3nZureD
Posts: 40
Joined: Thu Jun 14, 2012 6:06 am

Virtualize Registry Bug

Post by Unc3nZureD » Thu Aug 09, 2012 12:42 pm

If I virtualize a a registry key (and some strings included) and it's disabled by the administrator like this:

Image

the system will disable the virtualized registry too. Is it possible to solve?

Enigma
Site Admin
Posts: 2521
Joined: Wed Aug 20, 2008 2:24 pm

Re: Virtualize Registry Bug

Post by Enigma » Thu Aug 09, 2012 2:57 pm

Do you mean the ability to set permission to virtual registry items? If so then no, it is impossible.

Virtual Box had been created specially, to avoid system limitations, like registry permissions, readonly access and so on.

Please let me know if I understood your question correctly.

Unc3nZureD
Posts: 40
Joined: Thu Jun 14, 2012 6:06 am

Re: Virtualize Registry Bug

Post by Unc3nZureD » Thu Aug 09, 2012 6:20 pm

No, not the ability.

For example the following REAL Registry key exists:

HKLM/Test
If the permission of reading/writing this REAL key is denied then my application fails to virtualize my own key at HKLM/Test.

So I want to virtualize a key, and if the user(/cracker?) get to know what key I use, he can make the same key in the real registry and deny all permissions. This means my Virtualized registry key can't even be accessed.

Enigma
Site Admin
Posts: 2521
Joined: Wed Aug 20, 2008 2:24 pm

Re: Virtualize Registry Bug

Post by Enigma » Fri Aug 10, 2012 7:07 am

Nop, I'm sure we do not understand each other...

Imagine, you have HKLM/Test key in the real registry.
If you deny all permissions to this key, then your application won't be able to read and write values to it.
This is ok, this is how it should work.

Next, imagine, you have HKLM/Test key in the Virtual Box. And note, you have set the virtualization to it as Virtual (key icon is yellow).
Your application will be able to read all virtual keys/values inside this key. But, of course, program won't see the keys of real registry because permissions are deny.
Also, your program will be able to write keys/values to HKLM/Test (because it is virtual), but all changes will be discarded after restart (this is a limitation of Virtual Box).

Btw, you can make a workaround. You may test permissions of the HKLM/Test, i.e. if your application can't write values to this virtual key, then cracker removed the packer.

Unc3nZureD
Posts: 40
Joined: Thu Jun 14, 2012 6:06 am

Re: Virtualize Registry Bug

Post by Unc3nZureD » Fri Aug 10, 2012 7:41 am

It's quite interesting what you said because my program can't read the virtualized registry. Hmm... I think I have to check my work If I did something wrong.

So, just for me again:
If in real a registry key is denied, I can make a virtualized one and the software will able to read it. Am I right? If yes I did something wrong.

Enigma
Site Admin
Posts: 2521
Joined: Wed Aug 20, 2008 2:24 pm

Re: Virtualize Registry Bug

Post by Enigma » Fri Aug 10, 2012 8:30 am

Unc3nZureD wrote:So, just for me again:If in real a registry key is denied, I can make a virtualized one and the software will able to read it. Am I right? If yes I did something wrong
Yes, exactly.

Perhaps, in your case, something can be wrong with the registry keys redirection on x64 versions of Windows.
In case you are using x64 registry editor and x86 application.
http://support.microsoft.com/kb/896459

Post Reply