Daniel Plohmann
Daniel Plohmann
In binary `hello.exe`, function `runtime.cgoIsGoPointer` is suddenly ended when encountering a multibyte NOP (`0F 1F 00 nop dword ptr [rax]`) and function analysis apparently ends. This leads to another gap...
when analyzing Go binary `hello.exe`, a gap function consisting of just a single int3 is found at `0x4032f0` - why is this identified as a gap function and not the...
The same method for CFG recovery should be applicable to other popular architectures such as ARM and MIPS(el). Therefore, refactor and expand the disassembler part to be mostly architecture-agnostic.
It's a known issue that disassembly of dumps containing a couple thousand functions is currently very slow. This is likely to some suboptimal choices of data structures and will be...
It should be possible to enhance DbBuilder by using information from Microsoft DEF files to also get symbol names for mfc42(u).dll and some other DLLs.
Create an equivalent for the 32bit hooking DLL that will hinder process termination for 64bit processes.
Evaluate the current status of compatibility with Win10/Win11. In case of incompatibility, estimate the effort required for porting to these Windows versions or simply make it happen. :) h/t @tbarabosch
Add YARA scanning capability to RoAMer. This could work two ways: * Scan all output files produced by RoAMer * Show information about all hits on the console * Provide...
simple QoL addition, see title.