capa dynamic: vmray: add support for "array" function call parameters

dynamic: vmray: add support for "array" function call parameters

Open mike-hunhoff opened this issue 6 months ago • 0 comments

The "array" type roughly maps to series of bytes and integers. We must first determine if capa can emit features from arrays without polluting the matches.

e.g.

[...]
				<member name="IdentifierAuthority.Value" type="array" num_elements="6">
					<item type="unsigned_8bit" value="0x0"/>
					<item type="unsigned_8bit" value="0x0"/>
					<item type="unsigned_8bit" value="0x0"/>
					<item type="unsigned_8bit" value="0x0"/>
					<item type="unsigned_8bit" value="0x0"/>
					<item type="unsigned_8bit" value="0x5"/>
				</member>
[...]

Jul 30 '24 17:07 mike-hunhoff

capa capa copied to clipboard

dynamic: vmray: add support for "array" function call parameters

capa
capa copied to clipboard