fr0gger/RocProtect-V1

Failed to create process and files

Closed this issue · 5 comments

thansau239 commented

Hi @fr0gger ,
I have ran RocProtect, but after run i cannot see fake process and file created.
Please help me

fr0gger commented

Hi @thansau239 ,
Glad that you test RocProtect :)
You must put the FakeApp2.exe into this place : c:\temp\fake.exe
For the created file be sure to run the PoC with admin privileges.

fr0gger

thansau239 commented

Hi @fr0gger,
I did it but but still error (cannot create the file and process)

[INFO] Run this tool with administrator right!

[!] Process creation failed...
[] Processus c:\temp\fake.exe created!
[!] Process creation failed...
[] Processus c:\temp\ProcMon.exe created!
[!] Process creation failed...
[] Processus c:\temp\VBoxService.exe created!
[!] Process creation failed...
[] Processus c:\temp\VBoxTray.exe created!
[!] Process creation failed...
[] Processus c:\temp\Fiddler.exe created!
[!] Process creation failed...
[] Processus c:\temp\ProcExp.exe created!
[INFO] Fake process creation OK!

[] File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\agent.pyw
created!
[] File C:\WINDOWS\system32\drivers\vmmouse.sys created!
[] File C:\WINDOWS\system32\drivers\vmhgfs.sys created!
[] File C:\WINDOWS\system32\drivers\VBoxMouse.sys created!
[] File C:\WINDOWS\system32\drivers\VBoxGuest.sys created!
[] File C:\WINDOWS\system32\drivers\VBoxSF.sys created!
[] File C:\WINDOWS\system32\drivers\VBoxVideo.sys created!
[] File C:\WINDOWS\system32\vboxdisp.dll created!
[] File C:\WINDOWS\system32\vboxhook.dll created!
[] File C:\WINDOWS\system32\vboxmrxnp.dll created!
[] File C:\WINDOWS\system32\vboxogl.dll created!
[] File C:\WINDOWS\system32\vboxoglarrayspu.dll created!
[] File C:\WINDOWS\system32\vboxoglcrutil.dll created!
[] File C:\WINDOWS\system32\vboxoglerrorspu.dll created!
[] File C:\WINDOWS\system32\vboxoglfeedbackspu.dll created!
[] File C:\WINDOWS\system32\vboxoglpackspu.dll created!
[] File C:\WINDOWS\system32\vboxoglpassthroughspu.dll created!
[] File C:\WINDOWS\system32\vboxservice.exe created!
[] File C:\WINDOWS\system32\vboxtray.exe created!
[] File C:\WINDOWS\system32\VBoxControl.exe created!
[INFO] Fake file creation OK!

fr0gger commented

Hi @thansau239,
Which version of Windows do you use? Your issue could provide from the platform that you used.
fr0gger

thansau239 commented

Hi @fr0gger,
i'm using windows 8 64bit

fr0gger commented

I believe the issue is due to the arch of your system. The test was made in 32bit. Also please keep it mind that it is still a PoC. The next version should run better. :)