Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugin etwmon startup failed! #1641

Open
Saksham128 opened this issue Apr 12, 2023 · 0 comments
Open

Plugin etwmon startup failed! #1641

Saksham128 opened this issue Apr 12, 2023 · 0 comments

Comments

@Saksham128
Copy link

I am facing the issue where i am getting this error (Plugin etwmon startup failed!) when running system tracing command or malware tracing. logs are not generated properly as this event tracing plugin is not running.

My command - sudo ./src/drakvuf -r /root/windows7-sp1.json -d 7

Output -

1681313028.254182 DRAKVUF v1.1-git20230411140101+67decf5-1 Copyright (C) 2014-2023 Tamas K Lengyel
[PROCMON] TIME:1681313028.345496 PID:4 PPID:0 RunningProcess:"System"
[PROCMON] TIME:1681313028.345602 PID:288 PPID:4 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\smss.exe"
[PROCMON] TIME:1681313028.345653 PID:364 PPID:348 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\csrss.exe"
[PROCMON] TIME:1681313028.345709 PID:412 PPID:348 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\wininit.exe"
[PROCMON] TIME:1681313028.345764 PID:420 PPID:404 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\csrss.exe"
[PROCMON] TIME:1681313028.345823 PID:452 PPID:404 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\winlogon.exe"
[PROCMON] TIME:1681313028.345872 PID:508 PPID:412 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\services.exe"
[PROCMON] TIME:1681313028.345929 PID:516 PPID:412 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\lsass.exe"
[PROCMON] TIME:1681313028.345977 PID:524 PPID:412 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\lsm.exe"
[PROCMON] TIME:1681313028.346033 PID:620 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\svchost.exe"
[PROCMON] TIME:1681313028.346084 PID:700 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\svchost.exe"
[PROCMON] TIME:1681313028.346141 PID:792 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\svchost.exe"
[PROCMON] TIME:1681313028.346198 PID:828 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\svchost.exe"
[PROCMON] TIME:1681313028.346247 PID:852 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\svchost.exe"
[PROCMON] TIME:1681313028.346305 PID:876 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\svchost.exe"
[PROCMON] TIME:1681313028.346363 PID:968 PPID:792 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\audiodg.exe"
[PROCMON] TIME:1681313028.346421 PID:992 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\svchost.exe"
[PROCMON] TIME:1681313028.346477 PID:636 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\svchost.exe"
[PROCMON] TIME:1681313028.346533 PID:1100 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\spoolsv.exe"
[PROCMON] TIME:1681313028.346590 PID:1140 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\svchost.exe"
[PROCMON] TIME:1681313028.346646 PID:1276 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\svchost.exe"
[PROCMON] TIME:1681313028.346702 PID:1628 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\taskhost.exe"
[PROCMON] TIME:1681313028.346763 PID:1816 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\svchost.exe"
[PROCMON] TIME:1681313028.346819 PID:1932 PPID:828 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\dwm.exe"
[PROCMON] TIME:1681313028.346875 PID:2040 PPID:876 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\taskeng.exe"
[PROCMON] TIME:1681313028.346925 PID:1160 PPID:1924 RunningProcess:"\Device\HarddiskVolume2\Windows\explorer.exe"
[PROCMON] TIME:1681313028.346980 PID:2164 PPID:1584 RunningProcess:"\Device\HarddiskVolume2\Program Files (x86)\Google\Update\1.3.36.202\GoogleCrashHandler.exe"
[PROCMON] TIME:1681313028.347805 PID:2172 PPID:1584 RunningProcess:"\Device\HarddiskVolume2\Program Files (x86)\Google\Update\1.3.36.202\GoogleCrashHandler64.exe"
[PROCMON] TIME:1681313028.347860 PID:2248 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe"
[PROCMON] TIME:1681313028.347914 PID:2356 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Program Files\Windows Media Player\wmpnetwk.exe"
[PROCMON] TIME:1681313028.347969 PID:2560 PPID:508 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\svchost.exe"
[PROCMON] TIME:1681313028.348015 PID:2700 PPID:620 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\wbem\WmiPrvSE.exe"
[PROCMON] TIME:1681313028.348068 PID:2892 PPID:2248 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\SearchProtocolHost.exe"
[PROCMON] TIME:1681313028.348131 PID:2912 PPID:2248 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\SearchFilterHost.exe"
[PROCMON] TIME:1681313028.348185 PID:3012 PPID:620 RunningProcess:"\Device\HarddiskVolume2\Windows\System32\dllhost.exe"
Plugin etwmon startup failed!

Assuming that maybe I have not installed Drakvuf correctly I have re-installed it two times but, same errors exists.

Can someone please guide me to troubleshoot this problem.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Saksham128