lots of "Unable to hook" status on Windows 7 Guest OS

Question

lots of "Unable to hook" status on Windows 7 Guest OS

MerX1030 opened this issue 9 years ago · 6 comments

can't seem to find what might be the error.
hooks work fine on Windows XP Guest OS:
MD5 1929d5db340aac125c3dcbd4bb44202e
SHA1 0ab64275390b2deaf983d751f77f0f77014ef49a

Answer 1 · 2016-03-10T13:51:52.000Z

Can you show me the analysis.log and give the hash of the DLLs involved?

Answer 2 · 2016-03-11T04:10:33.000Z

Here are the logs and DLLs involved. (password is "cuckoo")
cuckoo_logs.zip

In Windows XP there is a successful call to SHGetFolderPathW that was logged.
This call in Windows 7 was not logged and the logging ended prematurely.

Answer 3 · 2016-03-11T14:17:08.000Z

The analysis.log wasn't included in the zip, can you show me that? It's the only thing that would display which hooks failed.

-Brad

Answer 4 · 2016-03-14T03:38:50.000Z

Here you go:
windows7x86_analysis.log.txt
windowsxp_analysis.log.txt

Answer 5 · 2016-03-14T12:50:13.000Z

And these are pristine VM images? You didn't install an AV product into them or something did you? I don't see any reason for the hooks to have failed.

-Brad

Answer 6 · 2016-03-15T06:42:02.000Z

Oooops. Sorry, my bad! Seems like I used the VM image with Endpoint Forensics.
Now closing this case.