From 1ff75d49378d6b95ef2b3bf9c83a1d43faecf827 Mon Sep 17 00:00:00 2001 From: Jurriaan Bremer Date: Sat, 2 Jun 2018 21:06:48 +0200 Subject: [PATCH] special zer0m0n error message when dse is still enabled --- cuckoo/data/analyzer/windows/lib/core/driver.py | 6 +++++- cuckoo/private/cwd/hashes.txt | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/cuckoo/data/analyzer/windows/lib/core/driver.py b/cuckoo/data/analyzer/windows/lib/core/driver.py index 1eded2acbc..4836f43c07 100644 --- a/cuckoo/data/analyzer/windows/lib/core/driver.py +++ b/cuckoo/data/analyzer/windows/lib/core/driver.py @@ -1,4 +1,4 @@ -# Copyright (C) 2017 Cuckoo Foundation. +# Copyright (C) 2017-2018 Cuckoo Foundation. # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org # See the file 'docs/LICENSE' for copying permission. @@ -83,6 +83,10 @@ def load_driver(self): us.MaximumLength = us.Length status = NTDLL.NtLoadDriver(ctypes.byref(us)) % 2**32 + if status == 0xc0000428: + raise CuckooError( + "Driver Signature Enforcement has not been disabled." + ) if status: raise CuckooError( "Unable to load the %s driver: 0x%x" % diff --git a/cuckoo/private/cwd/hashes.txt b/cuckoo/private/cwd/hashes.txt index d9679b2eeb..a81eaca756 100644 --- a/cuckoo/private/cwd/hashes.txt +++ b/cuckoo/private/cwd/hashes.txt @@ -268,6 +268,7 @@ f47c2c7c0b1dddee583e81b95af5a8bd91b0dfec analyzer/darwin/lib/api/screenshot.py bf3c56805ea0bf44a7fb6c8c16ee91e9d22f9a17 analyzer/darwin/modules/auxiliary/screenshots.py 938296b4ffd21227b734c0a0f2aa1d42af30b133 analyzer/windows/analyzer.py d91f04fc4905992775b03803d151749b065fd294 analyzer/windows/lib/api/process.py +53bd205a4ecd531c0ad3b25458dfc52c8a3d42ee analyzer/windows/lib/core/driver.py f3fb4ee79b58b0dc5cae25736bc4044c4928e5e6 analyzer/windows/lib/core/ioctl.py ac5fdbe143a2f570eb5cf402f55b0d2d533858ea analyzer/windows/lib/core/packages.py c20de27af88764a032cd26ea4463719020ed356a analyzer/windows/modules/packages/ie.py