Re: Monitor Debug Tracing

[yoonack]

Hi,

I tried to debug monitor API tracing to see how the hooking goes. I started a sample in debug mode. However, I do not manage to find those debug info in the storage directory. The only thing in the logs folder are two .bson files, there is nothing inside the file folder. I am wondering where I can get access to these information? Thanks

[jbremer]

If you're using the debug version there should definitely be some monitor-debug-$pid.txt files in the files directory. Are you sure you compiled everything correctly etc?

[yoonack]

I am currently using the Cuckoo Sandbox 2.0-rc1 that directly downloaded. Is that the right version? I just execute the cuckoo in debug mode.

[jbremer]

Well, that's definitely the latest version, but it doesn't give you monitor in debug mode. For that you have to compile your own version, unfortunately ;-)

[yoonack]

I compiled monitor, which file should I move to the cuckoo box? The compiled version is inside bin directory right?

[jbremer]

No, you should overwrite the files in data/monitor/latest (latest is a symbolic link to the actual latest monitor version). Let me fully remove all traces of cuckoomon to avoid any future confusion.

[yoonack]

Thanks a lot, I will try it out!

[yoonack]

I tried putting the compiled version of monitor into the location you specified. However, I still don't see the monitor-debug-$pid.txt, the only files I see inside the file directory are the drop files.

[yoonack]

I think I am getting the debug log now. However, the problem for my issue is that once cuckoo is hanged due to avoiding injection to cuckoo process, the debug log will not be generated.

[jbremer]

Well, that shouldn't happen; in which case does it decide not to inject?

[yoonack]

I put my log detail on the #763, I am not sure whats going on. However, the debug info just stays there and nothing happened until the critical timeout is reached.