the system will disable the virtualized registry too. Is it possible to solve?
Virtualize Registry Bug
-
Unc3nZureD
- Posts: 40
- Joined: Thu Jun 14, 2012 6:06 am
Virtualize Registry Bug
If I virtualize a a registry key (and some strings included) and it's disabled by the administrator like this:
the system will disable the virtualized registry too. Is it possible to solve?
the system will disable the virtualized registry too. Is it possible to solve?
Re: Virtualize Registry Bug
Do you mean the ability to set permission to virtual registry items? If so then no, it is impossible.
Virtual Box had been created specially, to avoid system limitations, like registry permissions, readonly access and so on.
Please let me know if I understood your question correctly.
Virtual Box had been created specially, to avoid system limitations, like registry permissions, readonly access and so on.
Please let me know if I understood your question correctly.
-
Unc3nZureD
- Posts: 40
- Joined: Thu Jun 14, 2012 6:06 am
Re: Virtualize Registry Bug
No, not the ability.
For example the following REAL Registry key exists:
HKLM/Test
If the permission of reading/writing this REAL key is denied then my application fails to virtualize my own key at HKLM/Test.
So I want to virtualize a key, and if the user(/cracker?) get to know what key I use, he can make the same key in the real registry and deny all permissions. This means my Virtualized registry key can't even be accessed.
For example the following REAL Registry key exists:
HKLM/Test
If the permission of reading/writing this REAL key is denied then my application fails to virtualize my own key at HKLM/Test.
So I want to virtualize a key, and if the user(/cracker?) get to know what key I use, he can make the same key in the real registry and deny all permissions. This means my Virtualized registry key can't even be accessed.
Re: Virtualize Registry Bug
Nop, I'm sure we do not understand each other...
Imagine, you have HKLM/Test key in the real registry.
If you deny all permissions to this key, then your application won't be able to read and write values to it.
This is ok, this is how it should work.
Next, imagine, you have HKLM/Test key in the Virtual Box. And note, you have set the virtualization to it as Virtual (key icon is yellow).
Your application will be able to read all virtual keys/values inside this key. But, of course, program won't see the keys of real registry because permissions are deny.
Also, your program will be able to write keys/values to HKLM/Test (because it is virtual), but all changes will be discarded after restart (this is a limitation of Virtual Box).
Btw, you can make a workaround. You may test permissions of the HKLM/Test, i.e. if your application can't write values to this virtual key, then cracker removed the packer.
Imagine, you have HKLM/Test key in the real registry.
If you deny all permissions to this key, then your application won't be able to read and write values to it.
This is ok, this is how it should work.
Next, imagine, you have HKLM/Test key in the Virtual Box. And note, you have set the virtualization to it as Virtual (key icon is yellow).
Your application will be able to read all virtual keys/values inside this key. But, of course, program won't see the keys of real registry because permissions are deny.
Also, your program will be able to write keys/values to HKLM/Test (because it is virtual), but all changes will be discarded after restart (this is a limitation of Virtual Box).
Btw, you can make a workaround. You may test permissions of the HKLM/Test, i.e. if your application can't write values to this virtual key, then cracker removed the packer.
-
Unc3nZureD
- Posts: 40
- Joined: Thu Jun 14, 2012 6:06 am
Re: Virtualize Registry Bug
It's quite interesting what you said because my program can't read the virtualized registry. Hmm... I think I have to check my work If I did something wrong.
So, just for me again:
If in real a registry key is denied, I can make a virtualized one and the software will able to read it. Am I right? If yes I did something wrong.
So, just for me again:
If in real a registry key is denied, I can make a virtualized one and the software will able to read it. Am I right? If yes I did something wrong.
Re: Virtualize Registry Bug
Yes, exactly.Unc3nZureD wrote:So, just for me again:If in real a registry key is denied, I can make a virtualized one and the software will able to read it. Am I right? If yes I did something wrong
Perhaps, in your case, something can be wrong with the registry keys redirection on x64 versions of Windows.
In case you are using x64 registry editor and x86 application.
http://support.microsoft.com/kb/896459