Description: a driver for Cuckoo Sandbox, it will perform kernel analysis during the execution of a malware. There are many ways for a malware author to bypass Cuckoo detection, he can detect the hooks, hardcodes the Nt* functions to avoid the hooks, detect the virtual machine... The goal of this driver is to offer the possibility for the user to choose between the classical userland analysis or a kernel analysis, which will be harder to detect or bypass.
To Search:
File list (Check if you may need any files):
src\app\bson.c
...\...\bson.h
...\...\config.c
...\...\config.h
...\...\encoding.c
...\...\encoding.h
...\...\file.c
...\...\file.h
...\...\gpl.txt
...\...\ignore.c
...\...\ignore.h
...\...\log.c
...\...\log.h
...\...\logtbl.c
...\...\lookup.c
...\...\lookup.h
...\...\main.c
...\...\main.h
...\...\misc.c
...\...\misc.h
...\...\monitor.c
...\...\monitor.h
...\...\ntapi.h
...\...\numbers.c
...\...\parsing.c
...\...\parsing.h
...\...\pipe.c
...\...\pipe.h
...\...\utf8.c
...\...\utf8.h
...\driver\buildchk_wxp_x86.log
...\......\callbacks.c
...\......\callbacks.h
...\......\comm.c
...\......\comm.h
...\......\gpl.txt
...\......\hook.c
...\......\hook.h
...\......\include\nt\structures\CURDIR.h
...\......\.......\..\..........\LDR_DATA_TABLE_ENTRY.h
...\......\.......\..\..........\PEB.h
...\......\.......\..\..........\PEB_LDR_DATA.h
...\......\.......\..\..........\RTL_CRITICAL_SECTION.h
...\......\.......\..\..........\RTL_DRIVE_LETTER_CURDIR.h
...\......\.......\..\..........\RTL_USER_PROCESS_PARAMETERS.h
...\......\.......\..\..........\SYSTEM_INFORMATION_CLASS.h
...\......\.......\..\..........\SYSTEM_MODULE_ENTRY.h
...\......\.......\..\..........\SYSTEM_MODULE_INFORMATION.h
...\......\main.c
...\......\main.h
...\......\MAKEFILE
...\......\module.c
...\......\module.h
...\......\monitor.c
...\......\monitor.h
...\......\objchk_wxp_x86\i386\callbacks.obj
...\......\..............\....\comm.obj
...\......\..............\....\comm.obj.oacr.root.x86chk.pft.xml
...\......\..............\....\hook.obj
...\......\..............\....\hook.obj.oacr.root.x86chk.pft.xml
...\......\..............\....\main.obj
...\......\..............\....\main.obj.oacr.root.x86chk.pft.xml
...\......\..............\....\module.obj
...\......\..............\....\monitor.obj
...\......\..............\....\page_dump.obj
...\......\..............\....\query_information.obj
...\......\..............\....\reg.obj
...\......\..............\....\stack_unwind.obj
...\......\..............\....\utils.obj
...\......\..............\....\utils.obj.oacr.root.x86chk.pft.xml
...\......\..............\....\vc90.pdb
...\......\..............\....\zer0m0n.pdb
...\......\..............\....\zer0m0n.sys
...\......\..............\....\_objects.mac
...\......\page_dump.c
...\......\page_dump.h
...\......\query_information.c
...\......\query_information.h
...\......\reg.c
...\......\reg.h
...\......\SOURCES
...\......\stack_unwind.c
...\......\stack_unwind.h
...\......\start.bat
...\......\utils.c
...\......\utils.h
...\......\x64\callbacks.c
...\......\...\callbacks.h
...\......\...\comm.c
...\......\...\comm.h
...\......\...\gpl.txt
...\......\...\hook.c
...\......\...\hook.h
...\......\...\main.c
...\......\...\main.h
...\......\...\MAKEFILE
...\......\...\monitor.c
...\......\...\monitor.h
...\......\...\reg.c
...\......\...\reg.h
Download