hexrays4711

You can use all versions (64 bit). Using the process describes under https://drakvuf.com/ vmi-win-guid name all references to symbols and dlls are set correctly. In case of updates you have...

e.g. https://learn.microsoft.com/en-us/windows/win32/api/ https://learn.microsoft.com/en-us/sysinternals/resources/windows-internals https://learn.microsoft.com/en-us/sysinternals/resources/

This seems to be related to https://github.com/tklengyel/drakvuf/issues/1667. Setting --json-wow does unfortunately not solve the problems.

Seems to be a generic issue to hook SysWOW64 processes and API calls.

Can be solved by calling cmd.exe /C binary.exe

Recent Windows 10 64-bit versions work in this scenario. I just installed Windows-10 2004 and even Win10_22H2. 32 bit versions do not work as correctly pointed out by https://drakvuf.com/. Installing...

I now tried different distributions: ubuntu-20.04.5 desktop amd64.iso complete fresh install and then followed the following steps: download of packages, https://github.com/CERT-Polska/drakvuf-sandbox/releases/download/v0.18.2/ubuntu_focal_drakcore_0.18.2_amd64.deb https://github.com/CERT-Polska/drakvuf-sandbox/releases/download/v0.18.2/ubuntu_focal_drakrun_0.18.2_amd64.deb https://github.com/CERT-Polska/drakvuf-sandbox/releases/download/v0.18.2/ubuntu_focal_drakvuf-bundle-1.0-git20220222010225+fecea59-1-generic.deb apt-get update && apt-get upgrade apt-get install...

For sure. lscpu from Ubuntu 18.04 lscpu Architektur: x86_64 CPU Operationsmodus: 32-bit, 64-bit Byte-Reihenfolge: Little Endian Adressgrößen: 39 bits physical, 48 bits virtual CPU(s): 16 Liste der Online-CPU(s): 0-15 Thread(s)...

This is a bare metal machine with directly Ubuntu installed, no nested virtualization is involved.

The path to write to is illegal. Please choose a valid path: c:\\users\\username\\desktop\\npp.exe