Process Working Directory

Question

Process Working Directory

ikiril01 opened this issue 5 years ago · comments

Proposed Change

We should add a current_working_directory field to the Process object model, which captures the absolute path to the current working directory of the process.

Field	Description	Example
current_working_directory	The current working directory string contains the absolute path to the current working directory of the process.	`c:\windows\system32\`

Justification

Current working directory is associated with UAC Bypass.

wkupersa · Answer 1 · Tue Apr 02 2019 02:52:12 GMT+0800 (China Standard Time)

Also relevant in dll search order hijacking.

Ivan Kirillov · Answer 2 · Tue Apr 16 2019 04:57:15 GMT+0800 (China Standard Time)

Added in b31cc5c