Unexpected exception from create_rekall_profile during postinstall

[andrisr223]

Describe the bug

I am encountering issues during postinstall step.

[2024-06-14 09:06:13,320][INFO] Already deleted /var/lib/drakrun/profiles/amd64_gdiplus_profile
[2024-06-14 09:06:13,320][ERROR] Unexpected exception from create_rekall_profile!
Traceback (most recent call last):
  File "/home/user/drakvuf/drakvuf-sandbox/drakrun/drakrun/draksetup.py", line 806, in create_missing_profiles
    create_rekall_profile(injector, profile)
  File "/home/user/drakvuf/drakvuf-sandbox/drakrun/drakrun/draksetup.py", line 556, in create_rekall_profile
    raise Exception("Some error occurred in injector")
Exception: Some error occurred in injector

Question is whether Unexpected exception from create_rekall_profile could be caused because of windows 10 installation or could they be solved somehow differently. A direction where to dig further would be appreciated.
In a sense this is similar to #900 but with older drakvuf version installed.
In the mwdb web interface it is possible to submit a sample and analysis is marked as done.

Versions

karton-playground 8187166323ecc6e44f66bd9789a7fe4817936bd7 (master branch)
Started with docker compose up. Configuration files /etc/drakcore/config.ini and /etc/drakrun/config.ini adjusted to use dockerised redis and minio.
drakvuf b87afcd258cbcdb528ead0722d98d8a8692a7467 (v0.8-backports branch)
drakvuf-sandbox 4b1551b (master branch)

How to reproduce

Steps to reproduce the behavior:

1. draksetup install /home/user/windows10.iso --unattended-xml /home/user/autounattend.xml --memory 12288 --vcpus 2 --disk-size 32G
2. draksetup postinstall
3. From drakrun venv start drakrun: python drakrun/main.py 1

Errors during postinstall step:

...
[2024-06-14 09:06:11,458][INFO] Deleted /var/lib/drakrun/profiles/wow64_kernel32_profile
[2024-06-14 09:06:11,459][INFO] Deleted /var/lib/drakrun/profiles/wkernel32.pdb
[2024-06-14 09:06:11,459][INFO] Fetching rekall profile for Windows/System32/drivers/tcpip.sys
[2024-06-14 09:06:11,598][DEBUG] stderr: DRAKVUF injector v1.0-git+-1 Copyright (C) 2014-2022 Tamas K Lengyel

[2024-06-14 09:06:11,599][DEBUG] {'Plugin': 'inject', 'TimeStamp': '1718355971.572624', 'Method': 'ReadFile', 'Status': 'InitFail'}
[2024-06-14 09:06:11,599][INFO] Already deleted /var/lib/drakrun/profiles/amd64_tcpip_profile
[2024-06-14 09:06:11,599][ERROR] Unexpected exception from create_rekall_profile!
Traceback (most recent call last):
  File "/home/user/drakvuf/drakvuf-sandbox/drakrun/drakrun/draksetup.py", line 806, in create_missing_profiles
    create_rekall_profile(injector, profile)
  File "/home/user/drakvuf/drakvuf-sandbox/drakrun/drakrun/draksetup.py", line 556, in create_rekall_profile
    raise Exception("Some error occurred in injector")
Exception: Some error occurred in injector
[2024-06-14 09:06:11,599][INFO] Fetching rekall profile for Windows/System32/sspicli.dll
[2024-06-14 09:06:11,740][DEBUG] stderr: DRAKVUF injector v1.0-git+-1 Copyright (C) 2014-2022 Tamas K Lengyel

[2024-06-14 09:06:11,740][DEBUG] {'Plugin': 'inject', 'TimeStamp': '1718355971.713004', 'Method': 'ReadFile', 'Status': 'InitFail'}
[2024-06-14 09:06:11,740][INFO] Already deleted /var/lib/drakrun/profiles/amd64_sspicli_profile
[2024-06-14 09:06:11,740][ERROR] Unexpected exception from create_rekall_profile!
Traceback (most recent call last):
  File "/home/user/drakvuf/drakvuf-sandbox/drakrun/drakrun/draksetup.py", line 806, in create_missing_profiles
    create_rekall_profile(injector, profile)
  File "/home/user/drakvuf/drakvuf-sandbox/drakrun/drakrun/draksetup.py", line 556, in create_rekall_profile
    raise Exception("Some error occurred in injector")
Exception: Some error occurred in injector
...
[2024-06-14 09:06:13,320][INFO] Fetching rekall profile for Windows/winsxs/x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80/GdiPlus.dll
[2024-06-14 09:06:13,461][DEBUG] stderr: DRAKVUF injector v1.0-git+-1 Copyright (C) 2014-2022 Tamas K Lengyel

[2024-06-14 09:06:13,461][DEBUG] {'Plugin': 'inject', 'TimeStamp': '1718355973.435341', 'Method': 'ReadFile', 'Status': 'InitFail'}
[2024-06-14 09:06:13,462][INFO] Already deleted /var/lib/drakrun/profiles/x86_gdiplus_profile
[2024-06-14 09:06:13,462][ERROR] Unexpected exception from create_rekall_profile!
Traceback (most recent call last):
  File "/home/user/drakvuf/drakvuf-sandbox/drakrun/drakrun/draksetup.py", line 806, in create_missing_profiles
    create_rekall_profile(injector, profile)
  File "/home/user/drakvuf/drakvuf-sandbox/drakrun/drakrun/draksetup.py", line 556, in create_rekall_profile
    raise Exception("Some error occurred in injector")
Exception: Some error occurred in injector

Logs during sample analysis:

[2024-06-14 10:18:41,904][INFO] Received new task - 3dd66f23-f7cc-4dd0-89af-067257cee4e6
[2024-06-14 10:18:41,920][INFO] Running on: drakvufbox
[2024-06-14 10:18:41,920][INFO] Sample SHA256: 2e368631139e75aa6cce30aef3ccdfe59dc2131a7f5166fa5b0e36c969eb5ada
[2024-06-14 10:18:41,921][INFO] Analysis UID: 3dd66f23-f7cc-4dd0-89af-067257cee4e6
[2024-06-14 10:18:41,921][INFO] Snapshot SHA256: c43e60f8ab3ee40424a911802af5b3adb2867eff4f472aa127c546dc2cd27827
[2024-06-14 10:18:41,965][INFO] Trying to analyze sample (attempt 1/3)
Dnsmasq version 2.90  Copyright (c) 2000-2024 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.
Formatting '/var/lib/drakrun/volumes/vm-1.img', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=34359738368 backing_file=/var/lib/drakrun/volumes/vm-0.img backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16
Loading new save file /var/lib/drakrun/volumes/snapshot.sav (new xl fmt info 0x3/0x0/2177)
 Savefile contains xl domain config in JSON format
Parsing config from /etc/drakrun/configs/vm-1.cfg
xc: info: Found x86 HVM domain from Xen 4.16
xc: info: Restoring domain
xc: info: Restore successful
xc: info: XenStore: mfn 0xfeffc, dom 0, evt 1
xc: info: Console: mfn 0xfefff, dom 0, evt 2
tcpdump version 4.99.1
libpcap version 1.10.1 (with TPACKET_V3)
OpenSSL 3.0.2 15 Mar 2022
tcpdump: listening on vif43.0-emu, link-type EN10MB (Ethernet), snapshot length 262144 bytes
1718360341.212249 DRAKVUF v1.0-git+-1 Copyright (C) 2014-2022 Tamas K Lengyel
tcpdump: pcap_loop: The interface disappeared
12 packets captured
15 packets received by filter
0 packets dropped by kernel
Critical error in removing int3
Critical error in removing int3
Critical error in removing int3
Critical error in removing int3
...
Critical error in removing int3
VMI_ERROR: Could not find EPROCESS struct for pid = 4.
VMI_ERROR: Could not find EPROCESS struct for pid = 4.
Critical error in removing int3
...
Critical error in removing int3
Critical error in removing int3
[2024-06-14 10:29:03,535][INFO] Uploading artifacts...
[2024-06-14 10:29:03,796][INFO] Task done - 3dd66f23-f7cc-4dd0-89af-067257cee4e6