binee
binee copied to clipboard
carbonblack
Binee: binary emulation environment
Issue 1: Parsing Resources Functions related to resource section(eg: LoadStringA) failed in binee when I set a partial hook, so when I looked into it I and started analyzing I...
Incorrect import entries added due to incorrect parsing in https://github.com/carbonblack/binee/blob/4216d9650791d2937066978a8ad7c8cead3e8453/pefile/pefile.go#L692 importThunk is incremented 4 bytes instead of 8 bytes for 64bit binaries.
The test files included in binee are built using C++ Redistributable DLLs. To have them run correctly without having to grab DLL piecemeal as they generate errors in binee, the...
Greetings, I love your project and am researching it before I install it. **_This is a question only:_** Can `binee` allow for emulation of the **_Windows Terminals/Consoles apps_** interactively? Specifically...
Using binee to test the malware with md5 ```dcb14f117a32b786ff1506dc80f23370```, the execution crashed with the following error: ``` [1] 0x212fc5d0: F kernel32.dll:GetSystemTimeAsFileTime(lpSystemTimeAsFileTime = 0xb7feffec) = 0xb7feffec [1] 0x21303350: P kernel32.dll:GetCurrentProcessId() =...
No dlls are missing and it seems that its stuck at the third API call, its the same for all the test binaries binee@36db47c11662:~/go/src/binee# ./binee tests/ConsoleApplication1_x86.exe [1] 0x21982e60: F GetSystemTimeAsFileTime(lpSystemTimeAsFileTime...
Currently, the implementation of pefile in this repo doesn't handle export forwarding (https://en.wikibooks.org/wiki/X86_Disassembly/Windows_Executable_Files#Forwarding). This may be the cause of #17 and other issues where a sample hangs or crashes -...
I was running `binee` last night, and on one of my samples the invocation of `GetLastError` would result in incorrect execution (eventually resulting in an invalid read). I used IDA...
To enable analysis of samples using `user32.dll`, support for `KiFastSystemCall` of `ntdll` is needed in `binee`. Roughly, this is what happens when a program invokes a function of `user32.dll`, say...