Trying to target VirtualBox with security software

This is for discussing general topics about how to use VirtualBox.
Post Reply
umxru
Posts: 3
Joined: 9. Feb 2023, 17:51

Trying to target VirtualBox with security software

Post by umxru »

Hi there,

I hope this is the right place to ask. I'm currently trying to target VirtualBox with a security tool I am testing that does its job via an injected dll. When I target VirtualBox and its various exe's/dll's I am able to get the security tooling to work properly with the base application and the pop ups windows attached to it. However, the virtual machine itself opens up and for some reason doesn't get injected by the dll. 3 exe's open up for the virtual machine all "VirtualBoxVM.exe" 1 of these exe's gets the injected dll but the other 2 don't. Anyone know how I could solve this issue?

Thanks in advance everyone - :)
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Trying to target VirtualBox with security software

Post by mpack »

Moved to "Using VirtualBox" forum - for now.

VirtualBox VMs are hardened and will toss out DLLs unless they are signed by a trusted source.
umxru
Posts: 3
Joined: 9. Feb 2023, 17:51

Re: Trying to target VirtualBox with security software

Post by umxru »

mpack wrote:Moved to "Using VirtualBox" forum - for now.

VirtualBox VMs are hardened and will toss out DLLs unless they are signed by a trusted source.
I saw some stuff on this but if this was the blocker to the DLL would it not be blocked by that first layer of the VM process aswell?

And thank you for moving it to the right place, my apologies for getting that wrong
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Trying to target VirtualBox with security software

Post by scottgus1 »

I suspect that:
mpack wrote:VirtualBox VMs are hardened and will toss out DLLs unless they are signed by a trusted source.
is about all you'll get on this public forum. The Virtualbox devs play the hardening cards extremely close to the chest, even among themselves. It's extremely unlikely that you'll get a "Follow these XYZ steps to get your DLL injected into the VM." Then the bad guys will see it and do it too.

On the other hand, the Virtualbox source code is available for perusal.

On the third hand, the Extension Pack channel is available, if you wanted to add features to Virtualbox.
umxru
Posts: 3
Joined: 9. Feb 2023, 17:51

Re: Trying to target VirtualBox with security software

Post by umxru »

scottgus1 wrote:I suspect that:
mpack wrote:VirtualBox VMs are hardened and will toss out DLLs unless they are signed by a trusted source.
is about all you'll get on this public forum. The Virtualbox devs play the hardening cards extremely close to the chest, even among themselves. It's extremely unlikely that you'll get a "Follow these XYZ steps to get your DLL injected into the VM." Then the bad guys will see it and do it too.

On the other hand, the Virtualbox source code is available for perusal.

On the third hand, the Extension Pack channel is available, if you wanted to add features to Virtualbox.
Gotcha, I'll do some poking around and see if I can find anything by myself - I do appreciate the replies though, thanks
Post Reply