Comments (6)
Hmm this could be a tricky one to debug. One thing I've realised is that I am not saving the .pdb files that correspond to the capemon builds published, which makes it needlessly more difficult to tie that offset to a line in the source code. There are a few updates to capemon yet to be published so I will push them shortly. If you could run the sample against the new build and let me know the new offset, I might have a better chance at nailing it down and squashing it!
from cape.
If you could try with the latest build of the monitor pushed this morning - at least then if it crashes I have the .pdb file and will be able to tie the offset to the source code. Cheers.
from cape.
from cape.
No worries I will document anything I find! I guess every case is different. There are 3 main strategies for debugging the monitor. The first is just to use the log mechanism within the monitor then iterate with builds whilst submitting a test job and checking the analysis log for the debug output. Another alternative is to run the monitor outside the sandbox by using the loader's pipe mechanism. You can inject it into a process that is running in a usermode debugger if you like at this point. The ultimate but hardest method (which I had to use to debug the debugger!) is to do remote kernelmode debugging of the target with WinDbg.
Anyway hopefully in this case we can get by with the easiest. Let me know how it runs with the latest build.
from cape.
Any joy testing with the latest builds?
from cape.
There have been quite a few bugfixes in the monitor since this issue was raised - I'm tempted to think this may have been solved already, but would be happy to hear this confirmed if you wouldn't mind testing it with a recent build.
from cape.
Related Issues (20)
- Alembic not updating db properly HOT 5
- Error when installing from requirements.txt HOT 4
- VPN not selectable in Web Interface HOT 36
- x64 DLL Extraction module doesn't work HOT 1
- Which commit was capemon.dll compiled from HOT 4
- Small bug on web UI submission template HOT 1
- File not detected as being in VT HOT 2
- Injection vs Extraction HOT 4
- Agent.py HOT 3
- KeyError: (<weakref at 0x7fbf4a8f5d68; to 'function' at 0x7fbf43b9dd90 (go)>,) HOT 4
- Permission for Scraping https://www.capesandbox.com/analysis/ HOT 2
- [Feature Request] Add support for Unfurl HOT 1
- Invalid URL under C2Server HOT 1
- Memory Dump on proxmox HOT 1
- Samples not analyzed on Linux guest (Ubuntu 18.04 32-bits) HOT 2
- The PCAP file does not exist
- Result Server Binding error HOT 1
- Cape Sandbox linux analysis
- Linux Analysis of Cape Sandbox
- Getting zero mal score in linux analysis
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cape.