capa icon indicating copy to clipboard operation
capa copied to clipboard

Published 20 hours ago verified publisher icon mandiant

extract strings/bytes from pointer tables

Open mike-hunhoff opened this issue 4 years ago • 0 comments

Register is used as index into table of string pointers @ mimikatz:0x44EE5A:

snipmi_1

The table of string pointers @ mimikatz:0x4475ca0 contains pointers to four strings:

Screen Shot 2020-08-10 at 2 41 20 PM

capa currently extracts the first string INPUTEVENT but it would be great if it extracted the other three strings too.

mike-hunhoff avatar Aug 10 '20 21:08 mike-hunhoff