Kevin O'Reilly
Kevin O'Reilly
The points from Gemini seem reasonable - what are your thoughts?
If you are still struggling with this issue, it's worth verifying that ``tlsdump.log`` is uploaded at the end of the analysis - this should appear at the end of the...
Hi para0x0dise, firstly I apologise for not responding to the issue over on the main repo. I had read it and meant to reply, then it just slipped my mind...
Hi para0x0dise, thanks for your reply. Over the years I have learned that when it comes to monitor dev, little details really matter. Here the statement 'apps like Word often...
That doesn't make sense. Explorer calls something that causes injection into explorer?
What is needed is to understand that before any apis from explorer can even be captured, the process must first be monitored, therefore injected. Since the initial process is word...
Here is the tell-tale output from the analysis log showing the extra logging I added to the hooks that call ``ProcessMessage`` just prior to the first appearance of explorer in...
I've compiled a 64-bit monitor for you with each ``ProcessMessage()`` logged to the analysis log which should allow correlation with first appearance of ``explorer.exe`` in that log. This is simply...
Any luck with this test?
Thanks very much. I am certainly intrigued by what scale might see days of delay!