CUCKOO Sandbox Source Code Analysis(Chapter 3)

in just •  4 years ago 

Taday, We continue from the previous article (https://steemit.com/just/@bzd/cuckoo-sandbox-source-code-analysis-chapter-2),But before that, let's review the previous article. Just let's go on!!!

Review

In the previous article, we mainly described the preparation work before cuckoo executes the analysis module.
1、Set up the working directory (CWD): The working directory stores important contents including sample information, analysis results, yara rules, configuration files, etc.
2、set up cuckoo server: create tcp server on host, but also can be used as http server. Later we will mention the http service to transfer the main agent code and the samples to be analyzed into the virtual machine.
3、Initial configuration: e.g.: virtual machine, client ip, port, database, yara rules.

Start

cuckoo's main analysis module AnalysisManger
AnalysisManager inherits from the threading.Thread class, the start function was executed at the end of the previous article, so you should see the corresponding run function in the AnalysisManager class.

__init__

截屏2021-01-04下午11.46.53.png

run

截屏2021-01-04下午11.51.26.png

launch_analysis

截屏2021-01-05上午12.08.39.png

截屏2021-01-05上午12.11.52.png

Later, we will go inside the virtual machine and analyze the module GuestManager

To be continued。。。

just cuckoo
4 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$20.46
  • Past Payouts $20.46
  • - Author $10.23
  • - Curators $10.23
3 votes
0
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!