ChaG06
commented
1 year ago In Activity Monitor.app, you can check if process 'RansomWhere' type is Apple or Intel.
Open NanoExplorer opened 1 year ago
ChaG06
commented
1 year ago In Activity Monitor.app, you can check if process 'RansomWhere' type is Apple or Intel.
I decided to try compiling this utility as a mac Universal binary. It appears to run, but I don't know how to verify that it works as intended. I managed to trigger a false positive by running a Homebrew update, so it does still work!
The most substantial change was to Shared/Exception.m, where one of the methods reads a CPU register. I added a check to see which platform you're on, and based on that it will return the PC register for ARM and the RIP register for x64. That was the only change that was required to compile the code, however it was still unusable so I had to make a few other changes.
Other changes I made include: Daemon/Utilities.m: and Installer/Utilities.m Modify OS version checking logic to allow running on OS > 10 Installer/ConfigureWindowController.m and Installer/ErrorWindowController.m Change installer background from white to improve readability (only slightly)
This could close #3