Monitor updates: see changelog for details

Author: kevoreilly

analyzer/windows/bin/loader.exe

@@ -1,3 +1,11 @@
+### [28.04.2025]
+* Monitor updates:
+    * .NET JIT cache dumps: off by default, configurable limit with option jit-dumps=X
+    * Windows Loader Snaps: vDbgPrintExWithPrefixInternal hook & option 'snaps=1' for loader snaps output in analysis log
+    * Disable AMSI dumps by default (and uncheck web submission tickbox)
+    * Native hookset (ntdll only) option: native=1
+    * CryptDuplicateKey hook (thanks @KillerInstinct)
+
 ### [02.04.2025]
 * Monitor updates:
     * Trace: allow custom stepping behavior with 'stepmode' option, stepmode=1 steps into short calls (e.g. Rhadamanthys control flow flattening)

analyzer/windows/bin/loader_x64.exe

@@ -357,10 +357,6 @@ def index(request, task_id=None, resubmit_hash=None):
         if request.POST.get("job_category"):
             job_category = request.POST.get("job_category")
 
-        # amsidump is enabled by default in the monitor for Win10+
-        if web_conf.amsidump.enabled and not request.POST.get("amsidump"):
-            options += "amsidump=0,"
-
         options = options[:-1]
 
         opt_apikey = False

analyzer/windows/dll/capemon.dll

@@ -617,7 +617,7 @@
                                 {% if config.amsidump %}
                                 <div class="form-check">
                                     <label>
-                                        <input type="checkbox" name="amsidump" checked/> AMSI dumps <span class="text-muted"><small>(Windows 10+ Anti-Malware Scan Interface)</small></span>
+                                        <input type="checkbox" name="amsidump" /> AMSI dumps <span class="text-muted"><small>(Windows 10+ Anti-Malware Scan Interface)</small></span>
                                     </label>
                                 </div>
                                 {% endif %}