Cosmos icon indicating copy to clipboard operation
Cosmos copied to clipboard

Published 20 hours ago verified publisher icon CosmosOS

Close VMWare properly from debug engine

Open valentinbreiz opened this issue 2 years ago • 3 comments

See https://github.com/CosmosOS/Cosmos/pull/2258

valentinbreiz avatar May 30 '22 00:05 valentinbreiz

Sooo this can be closed?

selkij avatar Jul 02 '22 16:07 selkij

No, we currently force kill the vmware process. If you have multiple VMs running it will closes everything

valentinbreiz avatar Jul 02 '22 16:07 valentinbreiz

Oh ok I tought bexause the pr was merged

selkij avatar Jul 02 '22 16:07 selkij

I've had 2 ideas for this:

  1. Get all open file handles for each vmware-vmx process. If one of those file handles contains "Cosmos User Kit" in the path, then it was opened by Cosmos and can be killed. However, it looks like you need to inject a kernel-level driver, so this is probably not a good idea.

  2. Get the command-line for each vmware-vmx process. I found that, with Process Hacker, the command line for vmware-vmx.exe contained the VMX file used by Cosmos, so we could detect that. However, I wasn't able to get the command line for vmware-vmx.exe, it always returned an empty string. I tried using WMI and native NT functions. I have no idea how Process Hacker achieves this...

AnErrupTion avatar Dec 19 '22 00:12 AnErrupTion

Is the vmware-vmx a child process of the process we kill or is there no relationship between the two we can use to identify it?

quajak avatar Dec 19 '22 01:12 quajak

Is the vmware-vmx a child process of the process we kill or is there no relationship between the two we can use to identify it?

No it has no relation and it's not a child process either, although it seems to be started by vmware-authd.exe (which is registered as a service), but it has no useful information.

AnErrupTion avatar Dec 19 '22 01:12 AnErrupTion