Comments (4)
I've recently been combining these two modules into the base capemon - I'm still testing them but I've attached them in case you would like to try too. You can enable injection with the option injection=1 and extraction is just extraction=1. The distinction between them is basically inter-process vs 'intra-process' but the real reason they have been separated until now is that extraction uses debugger breakpoints and so was much more complex and error-prone to develop.
I am hoping soon to make the default to have all these enabled so as to minimise the need for multiple executions - I just need to see that they are stable enough to rely upon to work on the majority of samples without hindering the baseline analysis.
I wouldn't recommend the procmemdump feature as it's so crude but it's worth noting that this has been reimplemented and is now done in-monitor as opposed to by a separate process as in spender. I'd therefore be interested to know what you are patching to improve it.
There is a lot of power in the new 'DumpInterestingRegions' function, a lot of which can be tested with the option: verbose-dumping=1, so give that a try too.
capemon.zip
from cape.
I actually noticed at DumpInterestingRegions (https://github.com/kevoreilly/capemonv2/blob/master/CAPE/CAPE.c#L1657) the verbose_dumping check is done incorrectly:
else if (!g_config.verbose_dumping && MemInfo.BaseAddress == CallerBase)
{
DoOutputDebugString("DumpInterestingRegions: Dumping calling region at 0x%p.\n", MemInfo.BaseA ddress);
The condition should be "g_config.verbose_dumping && .." instead no?
from cape.
Ah this is intended as it's assumed that if verbose_dumping is set the calling region will already have been dumped with the first api call originating there, in hooking.c.
from cape.
The injection and extraction features have now been integrated into capemon and can be switched on with injection=1 and extraction=1 options respectively, and of course simultaneously. This should take care of this issue.
from cape.
Related Issues (20)
- Alembic not updating db properly HOT 5
- Error when installing from requirements.txt HOT 4
- VPN not selectable in Web Interface HOT 36
- x64 DLL Extraction module doesn't work HOT 1
- Which commit was capemon.dll compiled from HOT 4
- Small bug on web UI submission template HOT 1
- File not detected as being in VT HOT 2
- Agent.py HOT 3
- KeyError: (<weakref at 0x7fbf4a8f5d68; to 'function' at 0x7fbf43b9dd90 (go)>,) HOT 4
- Permission for Scraping https://www.capesandbox.com/analysis/ HOT 2
- [Feature Request] Add support for Unfurl HOT 1
- Invalid URL under C2Server HOT 1
- Memory Dump on proxmox HOT 1
- Samples not analyzed on Linux guest (Ubuntu 18.04 32-bits) HOT 2
- The PCAP file does not exist
- Result Server Binding error HOT 1
- Cape Sandbox linux analysis
- Linux Analysis of Cape Sandbox
- Getting zero mal score in linux analysis
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cape.