[Bug 45119] Multiple applications from Google sandbox-attacksurface-analysis-tools v1.1.x (targeting native API) need 'ntdll.NtGetNextProcess' implementation

WineHQ Bugzilla wine-bugs at winehq.org
Sun Jan 17 07:41:29 CST 2021 

https://bugs.winehq.org/show_bug.cgi?id=45119

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|https://github.com/google/s |https://web.archive.org/web
                   |andbox-attacksurface-analys |/20210117130822/https://git
                   |is-tools/releases/download/ |hub.com/google/sandbox-atta
                   |v1.1.14/Release-v1.1.14.7z  |cksurface-analysis-tools/re
                   |                            |leases/download/v1.1.14/Rel
                   |                            |ease-v1.1.14.7z
           Keywords|                            |source

--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

adding stable download link via Internet Archive.

Github links are not stable since project (release) assets can be
purged/removed at any time. Although the project might have gazillion forks as
distributed backup it's better to use something more sensible.

NOTE: To avoid the brain damaged Amazon CDN URL one can prefix the original URL
just with the archive.org and snapshot date. When the link is visited,
archive.org will go through two 302 hops (wait few seconds in browser) and
finally arrive at the CDN link:

https://web.archive.org/web/20210117130822/https://github.com/google/sandbox-attacksurface-analysis-tools/releases/download/v1.1.14/Release-v1.1.14.7z

--- snip ---
https://github.com/google/sandbox-attacksurface-analysis-tools/releases/download/v1.1.14/Release-v1.1.14.7z

Got an HTTP 301 response at crawl time

Redirecting to...

https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools/releases/download/v1.1.14/Release-v1.1.14.7z

Got an HTTP 302 response at crawl time

Redirecting to...

https://github-production-release-asset-2e65be.s3.amazonaws.com/44787564/2d3efe92-4d94-11e8-99cc-cb233c931997?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210117%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210117T130822Z&X-Amz-Expires=300&X-Amz-Signature=d426c279d17639fe4e25a5ee78fc882d0c44936c37a61d3e7ef85bac2a7ec38f&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=44787564&response-content-disposition=attachment%3B%20filename%3DRelease-v1.1.14.7z&response-content-type=application%2Foctet-stream
--- snip ---

https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools/blob/9d2adee6ce79e63ac6ba8c19ab5b9e175db23d10/NtApiDotNet/NtProcess.cs#L269

https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools/blob/9d2adee6ce79e63ac6ba8c19ab5b9e175db23d10/NtApiDotNet/NtProcess.cs#L324

The same problem can be reproduced with newer releases as well.

https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools/blob/87d68d8148722bc034c02463d9eb4d2d38be9379/NtApiDotNet/NtProcess.cs#L600

$ wine --version
wine-6.0-40-g00401d22782

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list