Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

draksetup doesn't care if chosen explorer.exe for injection is 32-bit or 64-bit #809

Open
psrok1 opened this issue Aug 14, 2023 · 1 comment
Open

draksetup doesn't care if chosen explorer.exe for injection is 32-bit or 64-bit #809

psrok1 opened this issue Aug 14, 2023 · 1 comment
Labels
enhancement New feature or request

Comments

@psrok1
Copy link
Member

psrok1 commented Aug 14, 2023
edited
Loading

draksetup uses get-explorer-pid tool (https://github.com/CERT-Polska/drakvuf-sandbox/blob/master/drakrun/drakrun/tools/get-explorer-pid.c) to choose target process for injection.

Meanwhile the only criterion for choosing a process is name explorer.exe (https://github.com/CERT-Polska/drakvuf-sandbox/blob/master/drakrun/drakrun/tools/get-explorer-pid.c#L183). In the same time, on 64-bit Windows there can be two explorer.exe, one for 32-bit processes and another one for 64-bit.

Choosing 32-bit/64-bit randomly may cause bugs and makes debugging more difficult. I guess that in most injection operations we should avoid dealing with WoW stuff and choose 64-bit version on 64-bit Windows and 32-bit otherwise.
@psrok1 psrok1 added the enhancement New feature or request label Aug 14, 2023
@psrok1
Copy link
Member Author

psrok1 commented Aug 14, 2023

This is rare case on Windows 7, but may be important on newer Windows versions (Windows 10+)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@psrok1