SEVEN.LEGEND // V4
Users Online: 1
Total Hits: 8,816
CODES // DATA STREAM
SECURITY CODE & SCRIPTS « BACK
LDPlayer AMD fix
POWERSHELL
Kills the hidden VBS hypervisor on Windows 11 24H2 that prevents Android emulators (LDPlayer, BlueStacks, MuMu) and Type-2 hypervisors (VirtualBox, VMware) from accessing AMD-V / VT-x. Targets the undocumented WindowsHello DeviceGuard registry key that Microsoft never documented.
UPLOADED: 2026.04.09
ID: Ld-amd // LANG: Powershell // LINES: 246 
#Requires -RunAsAdministrator
<#
.SYNOPSIS
    Disable-VBS24H2.ps1 — Kill VBS on Windows 11 24H2 for Android Emulator Compatibility
.DESCRIPTION
    Windows 11 24H2 introduced an undocumented change that ties Virtualization-Based
    Security (VBS) to Windows Hello. Even with Hyper-V disabled, Memory Integrity off,
    and hypervisorlaunchtype set to off, the Windows hypervisor continues to load silently.

    This prevents Android emulators (LDPlayer, BlueStacks, MuMu, etc.) and other
    Type-2 hypervisors (VirtualBox, VMware) from accessing AMD-V / VT-x directly,
    forcing them into slow NEM/WHPX software fallback mode.

    Symptoms:
      - LDPlayer stuck at 94% engine starting
      - VBox.log shows "AMD-V is not available" and "Attempting fall back to NEM"
      - msinfo32 shows "Virtualization-based security: Running" despite all toggles off

    This script disables every known VBS trigger on 24H2, including the hidden
    WindowsHello scenario key that Microsoft never documented.

.AUTHOR
    seven | sevenlegend.io
.DATE
    2026-04-08
.LINK
    https://sevenlegend.io
#>

param(
    [switch]$Force,
    [switch]$DryRun
)

$ErrorActionPreference = 'Stop'
$banner = @"

  ██████ ▓█████ ██▒   █▓▓█████  ███▄    █
▒██    ▒ ▓█   ▀▓██░   █▒▓█   ▀  ██ ▀█   █
░ ▓██▄   ▒███   ▓██  █▒░▒███   ▓██  ▀█ ██▒
  ▒   ██▒▒▓█  ▄  ▒██ █░░▒▓█  ▄▓██▒  ▐▌██▒
▒██████▒▒░▒████▒  ▒▀█░  ░▒████▒██░   ▓██░
▒ ▒▓▒ ▒ ░░░ ▒░ ░  ░ ▐░  ░░ ▒░ ░ ▒░   ▒ ▒
░ ░▒  ░ ░ ░ ░  ░  ░ ░░   ░ ░  ░ ░░   ░ ▒░
░  ░  ░     ░       ░░     ░     ░   ░ ░
      ░     ░  ░     ░     ░  ░        ░

  Disable-VBS24H2.ps1 | sevenlegend.io
  Kill the hidden hypervisor on Windows 11 24H2
"@

Write-Host $banner -ForegroundColor Cyan

# ---------------------------------------------------------------------------
# Preflight checks
# ---------------------------------------------------------------------------
function Write-Status($msg, $color = 'Yellow') {
    Write-Host "  [*] " -ForegroundColor DarkCyan -NoNewline
    Write-Host $msg -ForegroundColor $color
}

function Write-Pass($msg) {
    Write-Host "  [+] " -ForegroundColor Green -NoNewline
    Write-Host $msg -ForegroundColor Green
}

function Write-Fail($msg) {
    Write-Host "  [-] " -ForegroundColor Red -NoNewline
    Write-Host $msg -ForegroundColor Red
}

# Check Windows version
$os = Get-CimInstance Win32_OperatingSystem
$build = [int]$os.BuildNumber
Write-Status "OS Build: $($os.Caption) ($build)"

if ($build -lt 26100) {
    Write-Fail "This script targets Windows 11 24H2+ (build 26100+). Your build: $build"
    if (-not $Force) {
        Write-Fail "Use -Force to run anyway."
        exit 1
    }
}

# Check current VBS status
Write-Status "Checking current VBS status..."
$vbsStatus = (Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard -ErrorAction SilentlyContinue)
if ($vbsStatus) {
    $running = $vbsStatus.VirtualizationBasedSecurityStatus
    switch ($running) {
        0 { Write-Pass "VBS is currently NOT running." }
        1 { Write-Status "VBS is enabled but not running." }
        2 { Write-Fail "VBS is RUNNING. This script will fix that." }
        default { Write-Status "VBS status unknown: $running" }
    }
} else {
    Write-Status "Could not query VBS status (WMI class unavailable)."
}

if ($DryRun) {
    Write-Host "`n  [DRY RUN] Showing what would be changed without modifying anything.`n" -ForegroundColor Magenta
}

# ---------------------------------------------------------------------------
# Phase 1: BCD — disable hypervisor launch
# ---------------------------------------------------------------------------
Write-Host "`n  --- Phase 1: Boot Configuration ---" -ForegroundColor Cyan

$bcdCurrent = (bcdedit /enum | Select-String 'hypervisorlaunchtype').ToString() -replace '.*\s+', ''
Write-Status "Current hypervisorlaunchtype: $bcdCurrent"

if ($bcdCurrent -ne 'Off' -and $bcdCurrent -ne 'off') {
    if (-not $DryRun) {
        bcdedit /set hypervisorlaunchtype off | Out-Null
        Write-Pass "Set hypervisorlaunchtype = off"
    } else {
        Write-Status "[DRY] Would set hypervisorlaunchtype = off"
    }
} else {
    Write-Pass "Already off."
}

# ---------------------------------------------------------------------------
# Phase 2: Registry — DeviceGuard master switch
# ---------------------------------------------------------------------------
Write-Host "`n  --- Phase 2: DeviceGuard Registry Keys ---" -ForegroundColor Cyan

$regKeys = @(
    @{
        Path  = 'HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard'
        Name  = 'EnableVirtualizationBasedSecurity'
        Value = 0
        Desc  = 'VBS master switch'
    },
    @{
        Path  = 'HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard'
        Name  = 'RequirePlatformSecurityFeatures'
        Value = 0
        Desc  = 'Platform security features requirement'
    },
    @{
        Path  = 'HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity'
        Name  = 'Enabled'
        Value = 0
        Desc  = 'HVCI / Memory Integrity'
    },
    @{
        Path  = 'HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\WindowsHello'
        Name  = 'Enabled'
        Value = 0
        Desc  = 'Windows Hello VBS trigger [HIDDEN - 24H2 ONLY]'
    }
)

foreach ($key in $regKeys) {
    $current = $null
    try {
        $current = (Get-ItemProperty -Path $key.Path -Name $key.Name -ErrorAction Stop).$($key.Name)
    } catch {}

    if ($current -eq 0) {
        Write-Pass "$($key.Desc) — already disabled."
    } else {
        if (-not $DryRun) {
            if (-not (Test-Path $key.Path)) {
                New-Item -Path $key.Path -Force | Out-Null
            }
            Set-ItemProperty -Path $key.Path -Name $key.Name -Value $key.Value -Type DWord -Force
            Write-Pass "$($key.Desc) — DISABLED."
        } else {
            Write-Status "[DRY] Would disable: $($key.Desc) (current: $current)"
        }
    }
}

# ---------------------------------------------------------------------------
# Phase 3: Windows Features — remove Hyper-V components
# ---------------------------------------------------------------------------
Write-Host "`n  --- Phase 3: Windows Features ---" -ForegroundColor Cyan

$features = @(
    'Microsoft-Hyper-V-All',
    'HypervisorPlatform',
    'VirtualMachinePlatform',
    'Microsoft-Windows-Sandbox'  # also pulls in hypervisor
)

foreach ($feat in $features) {
    try {
        $info = Get-WindowsOptionalFeature -Online -FeatureName $feat -ErrorAction Stop
        if ($info.State -eq 'Enabled') {
            if (-not $DryRun) {
                Disable-WindowsOptionalFeature -Online -FeatureName $feat -NoRestart -ErrorAction Stop | Out-Null
                Write-Pass "$feat — DISABLED."
            } else {
                Write-Status "[DRY] Would disable: $feat"
            }
        } else {
            Write-Pass "$feat — already disabled."
        }
    } catch {
        Write-Status "$feat — not present on this system (skipped)." 'DarkGray'
    }
}

# ---------------------------------------------------------------------------
# Phase 4: Group Policy override (belt and suspenders)
# ---------------------------------------------------------------------------
Write-Host "`n  --- Phase 4: Group Policy Override ---" -ForegroundColor Cyan

$gpPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard'
if (-not $DryRun) {
    if (-not (Test-Path $gpPath)) {
        New-Item -Path $gpPath -Force | Out-Null
    }
    Set-ItemProperty -Path $gpPath -Name 'EnableVirtualizationBasedSecurity' -Value 0 -Type DWord -Force
    Set-ItemProperty -Path $gpPath -Name 'LsaCfgFlags' -Value 0 -Type DWord -Force
    Write-Pass "Group Policy DeviceGuard overrides set."
} else {
    Write-Status "[DRY] Would set GP overrides for DeviceGuard."
}

# ---------------------------------------------------------------------------
# Done
# ---------------------------------------------------------------------------
Write-Host "`n  ==========================================" -ForegroundColor Cyan
if ($DryRun) {
    Write-Host "  DRY RUN COMPLETE — no changes were made." -ForegroundColor Magenta
} else {
    Write-Host "  ALL PHASES COMPLETE." -ForegroundColor Green
    Write-Host "  REBOOT REQUIRED to take effect." -ForegroundColor Yellow
    Write-Host ""
    Write-Host "  After reboot:" -ForegroundColor White
    Write-Host "    1. Run msinfo32 and verify VBS = 'Not enabled'" -ForegroundColor Gray
    Write-Host "    2. Launch your emulator" -ForegroundColor Gray
    Write-Host "    3. Check VBox.log for 'AMD-V is active' (not NEM fallback)" -ForegroundColor Gray
}
Write-Host "  ==========================================" -ForegroundColor Cyan
Write-Host ""

if (-not $DryRun -and -not $Force) {
    $reboot = Read-Host "  Reboot now? (y/n)"
    if ($reboot -eq 'y') {
        Restart-Computer -Force
    }
}