Install of ie11 and adobepdf hangs on process kill step

[EYIDC]

Hello,

During testing of dependencies on win7x64 image i noticed that ie11 install and Adobepdf hangs when doing the def _run_once(self): function.

I did the same install on the VM using screen output and you can see it never kills the process. Manually killing it makes the script continue but ofcourse this doesn't work in no screen mode. And it also breaks automatization.

I tried by lowering and highering the sleep as well as doing a self.a.killprocess("AcroRd32.exe", force=True) instead of false.

This didn't solve the issue. Then i commented out the full function which worked. I understand this is most likely not the correct way of fixing the install but i can't seem to find the exact issue.

Running in Linux (ubuntu 20.04)

[EYIDC]

I also think something similar happens to the pillow install. The Click.exe runs but only after the installer is already closed. This makes the installer hang as it won't interact with the window.

Secondly it would make sense to allow people to still install python2.7 for older tools. I know the agent is pushed to 3 with good reason for when cuckoo 3 finally gets opensource but like for instance tools like pillow only run on 2.7

[EYIDC]

I have a feeling all of this has to do with the async/cucksync not working properly. Because of this most installs work fine as the installers actually exit. However the process it waits for in ie11 and adobe won't exit on it's own and it will never reach the kill task as it won't do the async.

Same goes for the pillow/click. The pillow installer requires that input from click but it won't launch the click as the async is not working as expected.

I tried to figure out how the async works in the agent but can't seem to find the place where it is actually considered async by the machine.

[Cryss76]

The issue is rooted on pull request #195 beeing incomplete

The remote control of the VM works as follows:

https://github.com/hatching/vmcloak/blob/main/vmcloak/agent.py is used to send commands to the VM via http. https://github.com/hatching/vmcloak/blob/main/vmcloak/data/bootstrap/windows/agent/agent_windows_amd64.exe is running in the VM, which is what receives and executes the commands of the host. The agent.exe is what implements async execution, which means that async execution is not needed in the agent.py

Agent.exe will only run a command async, if it receives a post request with the parameter async=true. This is where the problem is rooted. Pull request #195 changed the parameter 'async' to 'cucksync' in the host side but left the guest agent unchanged. As a consequence the param cucksync is sent to the guest agent, which silently ignores it. This effectively removes async support from vmcloak.

As agent.exe is close sourced (or at least I didn't find its code), this problem can't be easily fixed.

As an (ugly) work around, I changed the post-Method of the Agent class in agent.py to change the cucksync parameter into async just before sending the post request.