Adam Kliś
Adam Kliś
atm if there's a space in path (like username) injector fails with ``` {"Plugin":"inject","TimeStamp":"1655392234.441550","Method":"CreateProc","Status":"Error","ErrorCode":267,"Error":"ERROR_DIRECTORY"} ```
Some DLLs have "dummy" entry points which do nothing/pretend to do something, but don't actually unpack the malware. We should think of a way to circumvent that. Maybe some kind...
This will allow for easier integration with external APIs.
We are auto-building images, but that isn't documented anywhere.
Haven't got time to test it myself, so I'm using CI tests.
perhaps use: https://github.com/marlersoft/win32json/tree/main/api for parsing?
Drakvuf 1.0 refactored procmon plugin and broke our log parsing integration. https://github.com/tklengyel/drakvuf/issues/1588
It's a common pattern with return hooks, I'm sure we don't check it somewhere. I believe we can enforce that with proper checks.
Currently, we have 4 helpers for each kind of hook: ```c template [[nodiscard]] std::unique_ptr createCpuidHook(hook_cb_t cb); template [[nodiscard]] std::unique_ptr createCpuidHook(hook_cb_t cb, int ttl); template [[nodiscard]] std::unique_ptr createCpuidHook(Callback cb); template [[nodiscard]]...
When attempting to build current main branch under current nixos-unstable I get the following error > error: evaluation aborted with the following error message: 'lib.customisation.callPackageWith: Function called without required argument...