doomedraven
commented
7 years ago modify files which i had modified there and you will have it working
Open likescam opened 7 years ago
doomedraven
commented
7 years ago modify files which i had modified there and you will have it working
likescam
commented
7 years ago Thank you @doomedraven , tell me what files will be modify? is only 3 files bellow? cuckoo/processing/memory.py cuckoo/data-private/cwd/conf/esx.conf cuckoo/apps/rooter.py
jbremer
commented
7 years ago I'm working on this functionality @denmilu, but will take a day or two more probably ;-)
doomedraven
commented
7 years ago only this 3 if you use esx
cuckoo/common/config.py
cuckoo/data-private/cwd/conf/esx.conf
cuckoo/processing/memory.pyThank you @jbremer & @doomedraven . Hope it will release on new cuckoo version.
@doomedraven : I use virtualbox, so i will replace 3 files bellow?
cuckoo/common/config.py cuckoo/data-private/cwd/conf/virtualbox.conf cuckoo/processing/memory.py
doomedraven
commented
7 years ago you don't need to replace, just add modification and done
doomedraven
commented
7 years ago @denmilu upgrade to v2.0.2 pip install -U cuckoo it now supported
jbremer
commented
7 years ago @denmilu We've put out a new release, version 2.0.2, which you may obtain through pip install -U cuckoo, including various improvements for the Volatility / memory.py issue posted above. Please check it out! From now on you can specify the profile for each VM by adding, e.g., osprofile = WinXPSP2x86, to each of your VMs.
I'll leave this issue open for now - in case you require any additional support on this matter - but will be closing it in the coming days. Thanks for your feedback and if you have any additional feedback, do not hesitate to let us know or create a new issue!
likescam
commented
7 years ago @jbremer : Thanks you very much for your suport. I downloaded cuckoo at my /home/my-user/Desktop/cuckoo. I also want to keep my previous database, so how can I make update and make safe for database?
Another problem as I mention in an old issue is REboot analysis is working not properly in my system. Submit sample to windows7 but when perform reboot cuckoo open windows XP. I also submit sample (have some actions after reboot) for WindowsXP then perform reboot, but it seem dont have any behavior.
Another problem is about cuckoo monitor (32 & 64bits). How can I avoid virtual enviroment detector (CPU detector and harddisk and memory detector) such as pafish (https://github.com/a0rtega/pafish)?
jbremer
commented
7 years ago As per the upgrade documentation, a database backup is made unless opted out by the user https://cuckoo.sh/docs/installation/upgrade.html
I'll check if we can force reboot analysis to be done in the same VM as the original analysis. Most likely this is going to require some larger changes in Cuckoo, though, so this may take a little while as it's currently not one of our top priorities.
We're working on a kernel driver that will make Cuckoo more stealth, so either that or a hypervisor will do the job, but it's certainly going to take a bit more of our development time ;-)
Hi, I have 4 machines (WindowsXP, Windows7, Windows10, WinServer2008) on my lab, but on /cuckoo/conf/memory.conf I only can add one machine profile. I also read at https://github.com/cuckoosandbox/cuckoo/pull/1354 that the problem was solved, but I dont understand how to do. Can you tell me clearly how to do? I use virtualbox on ubuntu.