JusticeRage
Better Reporting
Are there any plans to add features like:
- toggling color
- md5, sha1 and sha256 hashes
- outputting to a log file directly (instead of only outputting to stdout)
- maybe export to a SQLite3 database?
I'm planning on making a fork and doing it anyways, but I was curious if this is still being actively maintained.
There's also some erroneous/misleading reporting from the program.
The above image shows the program flagging the section malloc_h as suspicious (which is correct, it could be suspicious. But it looks to be genuine malloc code). However, stating that it might be packed by default is (I would say) misleading.
Now if sections like UPX0, UPX1 or .themida exist, those would constitute as "yeah this is definitely packed" (thanks ChatGPT for giving me the names of those sections).
It would be better if it reported unusual/non-standard sections and then separately flag any sections that might be generated by a software packer.
Hi! I still do bugfixes in Manalyze, but there are no plans to add new features as I'm currently focused on other open-source projects. Hashes are already supported (--hashes), and I usually export stuff by just redirecting stdout to a file. But be my guest if you want to implement new features!
The section name detection is based on a whitelist, which I haven't updated in a while. Feel free to add malloc_h to it!
Awesome, I'll make a fork and dedicate some time to implementing these features.