Windows 10 x86 (10.0.16299.0 / 2017-09-22) winword.exe crash

[j-mie]

Any time I run any .doc through my Windows 10 x86 VM I get a crash:

Using Microsoft Office 2007 Ultimate, happy to provide any additional info

[doomedraven]

win10 isn't officially supported

[celyrin]

I also tested Windows 10 guests (including Windows 11). I found that for 32-bit programs, Cuckoo can work fine and capture behavioral data. However, for 64-bit programs, I observed exception exits in the behavior logs, indicating bugs in the injection process that need adaptation.

[celyrin]

I also tested Windows 10 guests (including Windows 11). I found that for 32-bit programs, Cuckoo can work fine and capture behavioral data. However, for 64-bit programs, I observed exception exits in the behavior logs, indicating bugs in the injection process that need adaptation.

After some research, I found that the issue lies in the hook_create_stub function in hooking.c. This function did not handle jump instructions like "0x48 0xff 0x25", causing hooks on x86-64 architecture samples under Windows 10 to fail to correctly jump to the original function's execution flow. I have now fixed this bug: GitHub link.

[doomedraven]

You know that this project is not maintained for years right?