Jurriaan Bremer
Jurriaan Bremer
Furthermore, this doesn't work if people rename `pythonw.exe`. What do you think about doing this at all times - no matter `python.exe` or `pythonw.exe`?
Feel free to do a PR :)
Hi. Yes, the T_ values were never really to be used externally. A lot of them were mostly for internal handling and didn't actually represent the instruction in any way....
Sweet :) take your time.
@idanr1986 had some tricks to make the changes to `system.img` _persistent_. With those tricks it is possible to keep proper root etc. Unfortunately I don't remember the details exactly, so...
Thanks for the feedback :) Could you try the commit above? I think it should work, makes sense too actually (or will some hooks have an off by two due...
What's CSB-M? I'll be happy to look at adding some additional handling/etc to `sflock` if you provide some samples etc.
There's the Cuckoo Web Interface, naturally. I suggest we first make a standalone page and later on integrate it in the Cuckoo webif.
If we fully integrate this new module later on then you simply get access to the full dictionary which is _also_ saved as `reports/report.json` (and which you'll be using for...
Baseline feature only targets volatility output. Doing a complete (or partial) memory dump differential is out of scope here (but I don't think that's what you meant, right?)