search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.55k stars 1.71k forks source link

Analyzer does not find 64 bit executables when python is 32 bit #554

Closed worsht closed 9 years ago

worsht commented 9 years ago

Steps to reproduce:

2015-05-21 15:48:52,314 [lib.cuckoo.core.scheduler] ERROR: Analysis failed: The package "modules.packages.doc" start function raised an error: Unable to find any Microsoft Office Word executable.

Root cause: The code in abstracts.py that resolves executable paths assumes that %ProgramFiles% points to C:\Program Files and %ProgramFilesx86% points to C:\Program Files (x86), whereas in this case %ProgramFiles% actually points to C:\Program Files (x86). Since Office is 64 bit and is installed in C:\Program Files, it will never be found.

worsht commented 9 years ago

This PR: https://github.com/cuckoobox/cuckoo/pull/555 has a patch

jbremer commented 9 years ago

Thanks for the bug report :)

jbremer commented 9 years ago

Merged your patch, thanks again.

worsht commented 9 years ago

Thank you!

jbremer commented 9 years ago

Please comment on https://github.com/cuckoobox/cuckoo/pull/555#issuecomment-108667095 here, thanks!

jbremer commented 9 years ago

64-bit analysis has been improved quite a bit and this works perfectly fine now. Going to close the issue as the pull request has been integrated a while ago and works smoothly (in combination with some other minor changes).