dev747368

> Is you `CURRENT_G` a local variable that you have manually named and typed or have you set up something so that there is always an assumed variable in every...

> Also, watch out for the duffcopy and duffzero functions, the calling convention is different. I basically set the inputs to rsi and rdi and all other registers except xmm0...

> For the jump being a call return or branch I'm referring to the jump back to the function entry point after acquiring more stack space. So, the JMP at...

If you can build your own ghidra locally, I can give you a small change that should fix this issue for you. In DIEAggregate.java, line 742, change it from: ```java...

Ok. Eases my mind a little because I couldn't find an exact cause for the change between the old version and the current version. Both have the same bad hack,...

Humorously, this appears to be an exception caused by a logging statement in a catch block for another exception. The base exception: ``` java.lang.NullPointerException: Cannot invoke "org.osgi.framework.Bundle.getSymbolicName()" because "this._bundle" is...

You can see the uncompressed payload by doing some hackery like: ```{ printf "\x1f\x8b\x08\x00\x00\x00\x00\x00"; dd if=x86.sla bs=1 skip=4; } | zcat``` This puts enough of a gzip header at the...

Interesting. There has been some work toward a similar goal, which can be seen in https://github.com/NationalSecurityAgency/ghidra/blob/master/Ghidra/Features/Base/data/typeinfo/golang/runtimesnapshot.go. At first glance your code seems to generate signatures without all the manual work...

What arch is the go binary compiled for? Could you show the storage that was assigned to the return value of the ```main.(*BashRunner).Run()``` function? Also, does changing the type of...

Just to make sure everything is clear, the PDB analyzer will always search local symbol directories.... the option to search remote symbol servers just increases what can be searched.