话说谁会“虚拟机过检测”，我这里有个过检测的配置文件，谁帮忙分析下？

显示全部楼层 · 发表于 2012-3-16 11:36:16

本帖最后由 i5239 于 2012-3-16 11:50 编辑

VMware7.1.4的一个过检测版本的配置文件，
我测试过了，原先玩网游冒险岛是无法在虚拟机里运行的
打都打不开，更别说过HS检测了。
用了这个修改优化过的虚拟机之后就可以正常启动游戏了
不过安装VMware Tools的时候有点问题，
因为在虚拟机里运行安装VMware Tools，
它会提示“请在虚拟机里运行”
它无法识别出虚拟机。。。。

http://115.com/file/bes2v5sh#虚拟机系统.vmx

比正常系统配置文件多出的那部分代码如下：
checkpoint.vmState.readOnly = "FALSE"
checkpoint.vmState = ""
numvcpus = "2"
cpuid.coresPerSocket = "2"
monitor.virtual_mmu = "software"
monitor.virtual_exec = "hardware"
MemTrimRate = "30"
priority.grabbed = "high"
tools.remindInstall = "TRUE"
usb.present = "TRUE"
ehci.present = "TRUE"
usb:0.present = "TRUE"
usb:1.present = "TRUE"
usb.pciSlotNumber = "32"
ehci.pciSlotNumber = "35"
usb:1.deviceType = "hub"
usb:0.deviceType = "mouse"
annotation = "|0D|0A"
sharedFolder0.present = "TRUE"
sharedFolder1.present = "TRUE"
sharedFolder2.present = "TRUE"
sharedFolder3.present = "TRUE"
sharedFolder0.enabled = "TRUE"
sharedFolder0.readAccess = "TRUE"
sharedFolder0.writeAccess = "TRUE"
sharedFolder0.hostPath = "C:\"
sharedFolder0.guestName = "C"
sharedFolder0.expiration = "never"
sharedFolder1.enabled = "TRUE"
sharedFolder1.readAccess = "TRUE"
sharedFolder1.writeAccess = "TRUE"
sharedFolder1.hostPath = "D:\"
sharedFolder1.guestName = "D"
sharedFolder1.expiration = "never"

sharedFolder2.enabled = "TRUE"
sharedFolder2.readAccess = "TRUE"
sharedFolder2.writeAccess = "TRUE"
sharedFolder2.hostPath = "E:\"
sharedFolder2.guestName = "E"
sharedFolder2.expiration = "never"

sharedFolder3.enabled = "TRUE"
sharedFolder3.readAccess = "TRUE"
sharedFolder3.writeAccess = "TRUE"
sharedFolder3.hostPath = "F:\"
sharedFolder3.guestName = "F"
sharedFolder3.expiration = "never"

tools.upgrade.policy = "manual"
monitor_control.restrict_backdoor = "true"
isolation.tools.getPtrLocation.disable = "FALSE"
isolation.tools.setPtrLocation.disable = "FALSE"
isolation.tools.setVersion.disable = "FALSE"
isolation.tools.getVersion.disable = "FALSE"
monitor_control.disable_directexec = "true"

fileSearchPath = "."
vc.uuid = ""
inVMTeam = "FALSE"
policy.vm.managedVMTemplate = "FALSE"
policy.vm.managedVM = "FALSE"
ide0:0.present = "TRUE"
ide0:0.fileName = "F:\GHOSTXP_SP3_2010纯净版.iso"
ide0:0.deviceType = "cdrom-image"
sharedFolder4.present = "FALSE"
ide1:0.present = "FALSE"
floppy0.present = "FALSE"
ehci:0.present = "FALSE"

显示全部楼层 · 发表于 2012-3-16 11:44:53

是monitor_control.restrict_backdoor这条把VMware的后门通道给屏蔽了

显示全部楼层 · 发表于 2012-3-16 11:47:08

一个笨鸟发表于 2012-3-16 11:44
是monitor_control.restrict_backdoor这条把VMware的后门通道给屏蔽了

呵呵，早试过，是不行的，昨个夜里在网上各个论坛搜了半天，什么2个后门神马的都试过了，不行。
这个配置文件你可以看看，后面加载了很多东西

显示全部楼层 · 发表于 2012-3-16 12:34:03

逆一下vmware tools的检测

显示全部楼层 · 发表于 2012-3-16 13:04:16

那要看用的是什么方法，有些方法容易过，有些方法就过不了，例如用sldt指令就过不了，大概只能改机器码了

显示全部楼层 · 发表于 2012-3-16 15:47:02

一个笨鸟发表于 2012-3-16 12:34
逆一下vmware tools的检测

.....不会。。

[讨论] 话说谁会“虚拟机过检测”，我这里有个过检测的配置文件，谁帮忙分析下？