From a586368f67ff22f3448d7d09809dfd982ee2cfc4 Mon Sep 17 00:00:00 2001 From: Takashi Matsumoto <77025706+t-mtsmt@users.noreply.github.com> Date: Wed, 29 Nov 2023 02:13:41 +0900 Subject: [PATCH 1/2] Fixed problem with procmon not running. --- analyzer/windows/modules/auxiliary/procmon.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/analyzer/windows/modules/auxiliary/procmon.py b/analyzer/windows/modules/auxiliary/procmon.py index d59f9a57..c7f281c3 100644 --- a/analyzer/windows/modules/auxiliary/procmon.py +++ b/analyzer/windows/modules/auxiliary/procmon.py @@ -9,7 +9,6 @@ from threading import Thread from lib.common.abstracts import Auxiliary -from lib.common.constants import ROOT from lib.common.exceptions import CuckooPackageError from lib.common.results import upload_to_host @@ -24,10 +23,10 @@ def __init__(self, options, config): self.startupinfo = subprocess.STARTUPINFO() self.startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW - bin_path = os.path.join(ROOT, "bin") + bin_path = os.path.join(os.getcwd(), "bin") self.procmon_exe = os.path.join(bin_path, "procmon.exe") self.procmon_pmc = os.path.join(bin_path, "procmon.pmc") - self.procmon_pml = os.path.join(bin_path, "procmon") + self.procmon_pml = os.path.join(bin_path, "procmon.PML") self.procmon_xml = os.path.join(bin_path, "procmon.xml") def run(self) -> bool: @@ -75,7 +74,7 @@ def stop(self) -> bool: ( self.procmon_exe, "/OpenLog", - f"{self.procmon_pml}.PML", + self.procmon_pml, "/LoadConfig", self.procmon_pmc, "/SaveAs", From fb3481417cb0549fc5e6772c0dcc7b07f0998ae2 Mon Sep 17 00:00:00 2001 From: Takashi Matsumoto <77025706+t-mtsmt@users.noreply.github.com> Date: Wed, 29 Nov 2023 02:16:59 +0900 Subject: [PATCH 2/2] Changed the upload destination directory according to the RESULT_UPLOADABLE whitelist in resultserver.py. --- analyzer/windows/modules/auxiliary/procmon.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/analyzer/windows/modules/auxiliary/procmon.py b/analyzer/windows/modules/auxiliary/procmon.py index c7f281c3..caea490c 100644 --- a/analyzer/windows/modules/auxiliary/procmon.py +++ b/analyzer/windows/modules/auxiliary/procmon.py @@ -86,7 +86,7 @@ def stop(self) -> bool: ) # Upload the XML file to the host. - upload_to_host(self.procmon_xml, "procmon.xml") + upload_to_host(self.procmon_xml, "aux/procmon.xml") return True except Exception as e: logging.error(e, exc_info=True)