VMware Workstation Pro

Last updated 3 months ago

Was this helpful?

VMware Workstation Pro

VMware Workstation is a hosted (Type 2) hypervisor that runs on x64 versions of Windows and Linux operating systems. It enables users to set up and manage virtual machines (VMs) on a single physical machine, allowing for the execution of multiple operating systems simultaneously.

🌐 Resources 🔗

Install and Windows tweaks

❗ I do not assume any responsibility for the potential risks or consequences associated with the disabled memory integrity and Virtualization-based security.
Nesting considerations
The following is done to ensure VMware Workstation virtualization operates smoothly without any performance issues, using its own VMware virtualization engine, instead of the slower Hyper-V API, to create the virtualized environment.
CPL0 (Current Privilege Level 0): The VMM (Virtual Machine Monitor) runs directly on the host hardware using Intel VT-x or AMD-V, providing full control and optimal performance, with no nested layers.
ULM (User-Level Monitor): The VMM runs on top of Hyper-V, allowing coexistence with VMware Workstation but with added overhead and reduced performance, with an extra level of nesting.
these values can be seen by searching Monitor Mode: in the vmware.log file of a running VM.
VMware and Hyper-V can coexist using the newer VMware version and Windows Hypervisor Platform (WHP), but nested virtualization can be slower than normal. Your choice.
Memory integrity (hypervisor-protected code integrity) is a security feature of Core isolation that prevents attacks from inserting malicious code into high-security processes. Take your own risk by disabling it.

Run the commands from an elevated Powershell to DISABLE Hyper-V, all its subfeatures, Windows Hypervisor Platform, Virtual Machine Platform, and Windows Sandbox:

# Disables the Windows Hyper-V
bcdedit /set hypervisorlaunchtype off

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux,VirtualMachinePlatform,Microsoft-Hyper-V-All -NoRestart

Get-AppxPackage -AllUsers *WindowsSubsystemForLinux* | Remove-AppxPackage -AllUsers

# Check the state of the features, should be State: Disabled
Get-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
Get-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform
Get-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All

Run the commands from an elevated Powershell to DISABLE Memory Integrity and Virtualization-based security (Device/Credential Guard) via Registry:

reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 0 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\SystemGuard" /v "Enabled" /t REG_DWORD /d 0 /f

reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 0 /f

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 0 /f

# Check the state of the reg keys
$keys = @(
    "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity",
    "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\SystemGuard",
    "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard",
    "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard"
)

$values = "Enabled", "EnableVirtualizationBasedSecurity"

foreach ($key in $keys) {
    if (Test-Path $key) {  # Check if the registry key exists
        foreach ($value in $values) {
            $result = Get-ItemProperty -Path $key -Name $value -ErrorAction SilentlyContinue
            if ($result -and ($result.PSObject.Properties.Name -contains $value)) {
                Write-Output "$key\$value : $($result.$value)"
            }
        }
    }
}

❗ Reboot PC
Install VMware Workstation Pro
- - Stop and avoid installing Windows Hypervisor Platform (WHP) (feature) when asked by the VMware Workstation installer - this means Hyper-V has not been fully disabled, try again the entire disabling process.

# Chocolatey install + VMware Workstation

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

choco install vmwareworkstation -y

Disable power throttling for the VMware executables

# Disables power throttling for the VMware virtual machine executable (64-bit version)
powercfg /powerthrottling disable /path "C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe"

# Disables power throttling for the main VMware Workstation executable
powercfg /powerthrottling disable /path "C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe"

VMware tips

Verify the Monitor Mode

To check, open the VM directory in VMware Workstation, locate vmware.log, and search for Monitor Mode:
The vmware.log should show “Monitor Mode” as CPL0 instead of ULM (Hyper-V)

Delay the bios boot in a VM

# Add line to .vmx file:

bios.bootDelay = "5000"

PreviousVMware NextOffensive Labs

Last updated 3 months ago

Was this helpful?