search

MythicAgents / Apollo

A .NET Framework 4.0 Windows Agent
BSD 3-Clause "New" or "Revised" License
442 stars 91 forks source link

ps task reports incorrect architecture #92

Closed djhohnstein closed 2 years ago

djhohnstein commented 2 years ago

The ps command uses IsWOW64Process when it should be using IsWOW64Process2 instead. Change to ensure proper arch is retrieved.