pass along the requested dump interval

jbremer · Aug 17, 2018 · 6851d0f · 6851d0f
1 parent 8b6694e
commit 6851d0f
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/cuckoo/data/analyzer/windows/analyzer.py b/cuckoo/data/analyzer/windows/analyzer.py
@@ -647,6 +647,9 @@ def run(self):
         # Initialize zer0m0n with our compiled Yara rules.
         zer0m0n.yarald("bin/rules.yarac")
 
+        # Propagate the requested dump interval, if set.
+        zer0m0n.dumpint(int(self.config.options.get("dumpint", "0")))
+
         # Start analysis package. If for any reason, the execution of the
         # analysis package fails, we have to abort the analysis.
         pids = self.package.start(self.target)

diff --git a/cuckoo/data/analyzer/windows/lib/core/ioctl.py b/cuckoo/data/analyzer/windows/lib/core/ioctl.py
@@ -66,6 +66,7 @@ class Zer0m0nIoctl(Ioctl):
         "yarald",
         "getpids",
         "hidepid",
+        "dumpint",
     ]
 
     def invoke(self, action, buf):
@@ -98,4 +99,7 @@ def getpids(self):
     def hidepid(self, pid):
         return self.invoke("hidepid", struct.pack("Q", pid))
 
+    def dumpint(self, ms):
+        return self.invoke("dumpint", struct.pack("I", ms))
+
 zer0m0n = Zer0m0nIoctl(driver_name)
diff --git a/cuckoo/private/cwd/hashes.txt b/cuckoo/private/cwd/hashes.txt
@@ -285,4 +285,6 @@ b3c28c2d5bb316072d0590fb73b221e7191c155b monitor/latest
 9d17b524c7f7c62473485e672a1b91a0120629b6 analyzer/windows/lib/api/process.py
 
 # TBD
+3feecc072857e18f1cf6654ea863bd8096e03fb8 analyzer/windows/analyzer.py
+d23fcf2567de80b22d0eaa8921c9f3e6ed4c8db9 analyzer/windows/lib/core/ioctl.py
 e86627abeb5ecc0112438ad179e9d0487870785a analyzer/windows/modules/packages/ie.py