Kyle Gwinnup

Generally malware will not execute until termination, our goal is to emulate as much as we can until we can no longer mock out the OS properly. The end goal...

they can be defined individually with a NOP like instruction (just returning "success"). I don't want to do that globally, however, because we have partial hooks which do jump into...

I don't think it is capstone because return is incorrect, it was just the first thing that came to mind. Although, the gapstone lib needs to be upgraded to support...

> It may be worth considering to use the native Go disassembler for x86, instead of Gapstone, or at least to evaluate pros/cons. This is the disassembler used by the...

> one quick question. How does binee translate between addresses of dynamically linked libraries and the address used at runtime I am curious of your thoughts on this. This all...

> I would like to translate the address back into the "original" address of the DLL, so I can see where this code is located in IDA. I don't know...

I did not know this existed. Thanks! Will look into it and see about an implementation

possibly unrelated, PE+ binaries will now parse without error, there was an issue with the imports table but that is resolved now. However, 64bit support is still a work in...

second bump, would like to be able to disable code folding by default