Skip to content

Prevent mouse emulation on Windows VMs from clicking on Console windows #2694

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 3, 2025
Merged

Prevent mouse emulation on Windows VMs from clicking on Console windows #2694

merged 1 commit into from
Oct 3, 2025
+50 −18

Conversation

josh-feather
Copy link
Contributor

This avoids situations where the console is clicked, causing select-mode to be enabled and the process to be suspended. This ultimately leads to the timeout being hit and a detonation with little useful telemetry.

@josh-feather
Prevent mouse emulation on Windows VMs from clicking on Console windows
2dc791e 
This avoids situations where the console is clicked, causing select-mode to be enabled and the process to be suspended. This ultimately leads to the timeout being hit and a detonation with little useful telemetry.
@josh-feather josh-feather marked this pull request as ready for review September 11, 2025 09:41
@kevoreilly
Copy link
Owner

Hi Josh, thanks for this, I'm testing this currently. Do you happen to have any good examples to test with?

@josh-feather
Copy link
Contributor Author

Hi Josh, thanks for this, I'm testing this currently. Do you happen to have any good examples to test with?

I tested it with a full screen console app (with/without the fix applied) - I suspect that's probably the easiest way.

@dsecuma
Copy link
Contributor

dsecuma commented Oct 3, 2025

Hi, It would be interesting to have the ability to enable or disable the populate_clipboard() function to prevent the clipboard from being overwritten with real content. For instance, clickfix malware.

@kevoreilly
Copy link
Owner

Not a bad idea, but to play devil's advocate would your example be 'fixed' simply by disabling automated interaction?

@kevoreilly kevoreilly merged commit 40becf7 into kevoreilly:master Oct 3, 2025
3 checks passed
@josh-feather
Copy link
Contributor Author

Hi, It would be interesting to have the ability to enable or disable the populate_clipboard() function to prevent the clipboard from being overwritten with real content. For instance, clickfix malware.

The populate_clipboard function is only called once to prevent the copy buffer from being empty during analysis. Disabling human interaction completely is probably the easiest way to stop that from happening.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@josh-feather @kevoreilly @dsecuma