Pong, but it's VBS enclave, but I bootkitted Hyper-V

Not a tech post but I thought I’d share. View from today.

@daaximus I've got even more respect for the devs now. Truly insane they can pull this off while keeping the system stable and across different OS versions.

And ofc that I fix it right after posting it :)) (IRQL was overwritten in the hook chain, restoring it fixed it)

Is this intentional or did @TheBattlEye just stopped stripping handle permissions for UnityCrashHandler64.exe for no reason? Pretty sure it did in the past...

Name obfuscation and other tricks for Unity IL2CPP builds.

@bstategames Still, the exploit code has been on the internet for a while, and a server update to kick players spamming the packet should be quite trivial to write taking maximum of a few hours, yet it’s still not fixed. (3/3)

Obfuscation of Unity IL2CPP games entirely post-build using metadata parsing and custom DLL stub. No changes to the Unity build pipeline or game source code necessary. Blog post about protecting Unity IL2CPP builds soon™

Compiled a project with bazillion dependencies, was monitoring it with ProcMon, for a few seconds I thought some of the deps had some malware in, but no, that's just DirectX and NVIDIA driver bruteforcing what game is running based on file names...

@vmxoff Yes. It’s noted both in the blog post and in the README?

Again got a bit of time, memory r/w now done into the enclave.

Before you are allowed to purchase IDA Pro/Home, you need to undergo KYC. That is done by sending both uncensored sides of government issued ID to a Hex-Rays employee *by email*. Maybe I am just being overly cautious, but surely there has to be better way to do this lol.

@dinqr0 Yeah I think it will need work from MS to be viable really. I want to finish this project asap so I can then try to explore possible ways on how to detect something like it. It would be already done but currently kinda busy :/ Already have the vmexit hook figured though.

Does anyone know why after breaking while debugging Hyper-V and then trying to continue, the VM just freezes? If I disable the initial debug break, it will just boot, allow me to break once, but then freeze again. Using VMware Workstation.