hardening on win7

Discussions related to using VirtualBox on Windows hosts.
Post Reply
Xoid666
Posts: 4
Joined: 25. Sep 2015, 11:36

hardening on win7

Post by Xoid666 »

Latest Vbox on Windows 7 x64. Any VM doesnt start -- stops with error.
How to solve hardening error? What DLL should I replace?

1330.1884: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
1330.1884: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bfe0000 'C:\Windows\system32\rsaenh.dll'
1330.1884: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8ccb0000 'C:\Windows\system32\crypt32.dll'
1330.1884: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1330.1884: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bfe0000 'C:\Windows\system32\rsaenh.dll'
1330.1884: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8ccb0000 'C:\Windows\system32\crypt32.dll'
1330.1884: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devobj.dll'
1330.1884: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8bfe0000 'C:\Windows\system32\rsaenh.dll'
1330.1884: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa8ccb0000 'C:\Windows\system32\crypt32.dll'
1330.1884: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\winmmbase.dll'
1330.1884: Fatal error:
1330.1884: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBoxVM.dll" failed, rc=1790
2478.1678: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3567 ms, the end);
6b4.2788: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 4135 ms, the end);
Attachments
VBoxHardening.zip
(14.7 KiB) Downloaded 3 times
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: hardening on win7

Post by fth0 »

Generally speaking, VirtualBox 6.1.x doesn't support Windows 7 as a host OS, which does not mean that it cannot work nonetheless. First of all, you should ensure that the Windows 7 host has SHA-2 support.
VBoxHardening.log file wrote:
1330.1884: supR3HardenedScreenImage/Imports: rc=Unknown Status -22929 (0xffffa66f) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Windows\System32\shell32.dll: Full image signature #1 mismatch: 61 e9 70 be 28 e0 9c 6f b7 b4 a0 67 9f 3b c2 ad 4a c5 28 72 2c a5 16 67 e7 87 ba e8 e2 14 a4 a1, expected 13 3a ff 6d c3 17 93 ef cb 99 be 67 59 5a 36 8c a5 e4 5e 15 5b 18 f0 f9 ed 29 f7 d8 b3 2a 85 eb: \Device\HarddiskVolume1\Windows\System32\shell32.dll
This is the actual problem report (note that it's a long error message). From the length of the hashes one can conclude that SHA-2 is being used. It's also possible that shell32.dll has been modified by an unknown adversary.
Post Reply