I wouldn’t touch this without air-gapping the machine it’s run on. The funny thing here is that Denuvo can’t do much to prevent this hack.
The HV is intentionally malicious and modifies the guest on the fly to archive the Denuvo hack. The hack requires to disable all major security protections in the victim OS, so the HV can more freely poke at the victim kernel. A jne-instruction to check if running under a compromised HV? It’s now a nop-instruction.
The HV has access to everything that is plugged in physically, or run on top of it. In theory it e.g. extract encryption keys of https connections from any process in the guest.
I wouldn’t touch this without air-gapping the machine it’s run on. The funny thing here is that Denuvo can’t do much to prevent this hack.
The HV is intentionally malicious and modifies the guest on the fly to archive the Denuvo hack. The hack requires to disable all major security protections in the victim OS, so the HV can more freely poke at the victim kernel. A
jne-instruction to check if running under a compromised HV? It’s now anop-instruction.The HV has access to everything that is plugged in physically, or run on top of it. In theory it e.g. extract encryption keys of https connections from any process in the guest.