Open nbargnesi opened 1 year ago
This commit fixes the struct unpacking crash when a 64-bit Python is used.
can you PR this commit?
Done. I think we should keep this issue open for some time - there will be more crashes and issues running under a x64 Python analyzer.
Both the docs and agent module say an x86 version of Python is required.
Under the covers the analysis process calls a bunch of low-level Windows libraries, unpacking the results of these calls into a series of structures defined in lib.common.defines. The analyzer assumes the structures use 32-bit sizes, and will crash if running under a 64-bit Python.
There are architecture independent ways of doing most of what the analyzer needs to do, but for now the x86 requirement is there based on how the analyzer is written.
Note, the agent module doesn't need to run under an x86 Python, only the analyzer process. CAPE just happens to use the same
sys.executable
for both.