duplication when opening application from taskbar

[Ana06]

Details

when starting fakenet, chrome, and processExplorer and IDA from the taskbar, I get a duplication which is confusing:

@emtuls I think this is related to some things you have worked on. Do you have any ideas how to fix it?

[emtuls]

@Ana06
I am not sure if this can be completely fixed unfortunately.

Unable to be fixed:

• For the IDA shortcut, because our shortcut is to a launcher, it is technically not the same program that is being run (it launches the correct IDA), so that is why it's creating a whole new icon.
• For Cyberchef, we are using a shortcut that launches chrome, and because the shortcut itself is not actually chrome, it will create a new icon as well, as it is not the actual program that is being run.
  • Alternatively: I can make a shortcut be just to open up a .html page, which gets us closer (once the default application for .html is properly done), but this would NOT allow us to pin a shortcut to the taskbar because Microsoft does not allow pinning of a .html pages to a taskbar, but it does work for a desktop icon and in the Tools directory.
  • The best way to make this work would be if we could somehow set the default homepage for chrome (or whatever browser is default) to be cyberchef, but from my research, I don't think this is something that can be programmatically done (Microsoft seems to forbid this)

Fixable:

• For Procmon and Procexp, I can fix them, since it seems that our shortcuts are to the 32 bit versions and they must detect that it is running on a 64 bit system and then spawns the 64 bit version, which is a separate application and thus, creates a new icon. Changing these to just run the 64 bit programs directly mitigates this.

Unsure

• For Fakenet, I did not experience this issue on my system, so I would need to investigate further. Would you be able to provide me the Target your fakenet is using for the shortcut?

[Ana06]

@emtuls can you please send a PR to fix procmon and procexp now (that seem easy to fix) and we can continue discussing the rest here?

the chrome issue is related to #1054, as this would again make it look a bit different.

Have you tested the latest version of fakenet?

[Ana06]

procmon and procexp should be fixed now.

[Ana06]

Proposal to fix Chrome/CyberChef

Option 1: Use the CyberChef icon in the taskbar for Chrome

Use the CyberChef icon in the taskbar for Chrome that by default opens CyberChef:

1. In the cyberchef.vm package, change the target of CyberChef.lnk to "C:\Program Files\Google\Chrome\Application\chrome.exe" -home "C:\Tools\CyberChef\CyberChef_v10.19.0.html"

Note that this option makes that Chrome always uses the CyberChef icon in the taskbar.

Option 2: Use the Chrome icon in the taskbar for Chrome that by default opens CyberChef

1. In the googlechrome.vm package, create a shortcut in %ProgramData%\_VM\chrome.lnk with Chrome as target an icon.
2. In the cyberchef.vm package, modify %ProgramData%\_VM\chrome.lnk target to "C:\Program Files\Google\Chrome\Application\chrome.exe" -home "C:\Tools\CyberChef\CyberChef_v10.19.0.html" keeping the Chrome icon.
3. Change LayoutModification.xml in flare-vm to use %ProgramData%\_VM\chrome.lnk instead of the CyberChef shortcut.

---

Note that both solutions make Google Chrome a hard dependency of CyberChef, not being able to remove the dependency as proposed in #1021. I think this is ok and I think we can still fix the .html popup issue as part of #1021 that @emtuls has researched.

---

I understand from the discussing in #966, that we prefer option 1. I'll send a PR for it, but I wanted to document both options.

[Ana06]

After doing some more testing on option 1, it seems that Windows that not consistenly group Chrome and CyberChef until I reboot the system, but I think this is acceptable.