search

ayoubfaouzi / al-khaser

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
GNU General Public License v2.0
5.95k stars 1.18k forks source link

Use Wow64DisableWow64FsRedirection/Wow64RevertWow64FsRedirection inst… #206

Closed ayoubfaouzi closed 4 years ago

ayoubfaouzi commented 4 years ago

Move the code below after API initialization otherwise IsWoW64() will miss the api being resolved.

/* Are we running under WoW64 */
if (IsWoW64())
    _tprintf(_T("Process is running under WOW64\n\n"));

Plus, fix the previous commit to disable and revert fs redirection while proving for files under system32/ dir.