Git Product home page Git Product logo

Comments (3)

EYIDC avatar EYIDC commented on July 28, 2024

I also think something similar happens to the pillow install. The Click.exe runs but only after the installer is already closed.
This makes the installer hang as it won't interact with the window.

Secondly it would make sense to allow people to still install python2.7 for older tools. I know the agent is pushed to 3 with good reason for when cuckoo 3 finally gets opensource but like for instance tools like pillow only run on 2.7

from vmcloak.

EYIDC avatar EYIDC commented on July 28, 2024

I have a feeling all of this has to do with the async/cucksync not working properly. Because of this most installs work fine as the installers actually exit. However the process it waits for in ie11 and adobe won't exit on it's own and it will never reach the kill task as it won't do the async.

Same goes for the pillow/click. The pillow installer requires that input from click but it won't launch the click as the async is not working as expected.

I tried to figure out how the async works in the agent but can't seem to find the place where it is actually considered async by the machine.

from vmcloak.

Cryss76 avatar Cryss76 commented on July 28, 2024

The issue is rooted on pull request #195 beeing incomplete

The remote control of the VM works as follows:

https://github.com/hatching/vmcloak/blob/main/vmcloak/agent.py is used to send commands to the VM via http.
https://github.com/hatching/vmcloak/blob/main/vmcloak/data/bootstrap/windows/agent/agent_windows_amd64.exe is running in the VM, which is what receives and executes the commands of the host.
The agent.exe is what implements async execution, which means that async execution is not needed in the agent.py

Agent.exe will only run a command async, if it receives a post request with the parameter async=true.
This is where the problem is rooted. Pull request #195 changed the parameter 'async' to 'cucksync' in the host side but left the guest agent unchanged.
As a consequence the param cucksync is sent to the guest agent, which silently ignores it.
This effectively removes async support from vmcloak.

As agent.exe is close sourced (or at least I didn't find its code), this problem can't be easily fixed.

As an (ugly) work around, I changed the post-Method of the Agent class in agent.py to change the cucksync parameter into async just before sending the post request.

from vmcloak.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.