Paweł Srokosz
Paweł Srokosz
During execution of code presented below: ```python with open("calc.exe", "rb") as f: data = bytearray(f.read()) pefile.PE(data=data) ``` it interrupts with exception: ``` Traceback (most recent call last): File "", line...
- iptables rules are grouped in `DRAKRUN_INP`, `DRAKRUN_FWD` and `DRAKRUN_FWD` for easier management (naming convention got from libvirt) - `draksetup cleanup-network` to clean bridges and both old and new iptables...
Uses [mslex](https://github.com/smoofra/mslex) to provide proper quoting. I also tried to separate entrypoint and file type classification from actual command-line building. I still don't like it though, because command provided by...
**Describe the bug** Drakrun worker can't recover from Inject.CreateProc `cmd.exe /c ipconfig /release >nul` when it takes forever due to tenporary DHCP connection issues I see that there is `timeout=120`...
During Drakvuf Sandbox debugging, I'm getting really frustrated by lack of utilities that will allow me to perform specific lower-level actions without copying long Drakvuf command line from my .bash_history....
**Is your feature request related to a problem? Please describe.** `injector` isn't reliable as it interferes with processes already running in the system. We might be out of luck and...
**Describe the bug** draksetup tries to build a profile including wow64 binaries that doesn't exist on 32-bit installation ``` [2023-09-12 14:15:35,710][INFO] Cleaning up leftovers(if any) [2023-09-12 14:15:35,721][INFO] Ejecting installation CDs...
`draksetup` uses `get-explorer-pid` tool (https://github.com/CERT-Polska/drakvuf-sandbox/blob/master/drakrun/drakrun/tools/get-explorer-pid.c) to choose target process for injection. Meanwhile the only criterion for choosing a process is name `explorer.exe` (https://github.com/CERT-Polska/drakvuf-sandbox/blob/master/drakrun/drakrun/tools/get-explorer-pid.c#L183). In the same time, on 64-bit Windows...
**Describe the bug** `draksetup` command doesn't set proper exit code when operation fails. I've noticed that while debugging misbehaving test that passed this line https://github.com/CERT-Polska/drakvuf-sandbox/blob/master/test/conftest.py#L213 while being unable to download...