Mike Hunhoff

I like the idea of adding new `property` and `field` features. it may also be useful for users to specify whether a property/field is read/written. detection should be fairly straightforward....

No, I think it'd be fine to choose one feature term to represent both. If I were to choose one I'd prefer `field` or to reuse `offset` as you suggested.

closed by #1168

example: C#: ``` FtpWebResponse resp = (FtpWebResponse)req.GetResponse(); ``` IL: ``` IL_0000: callvirt instance class [System]System.Net.WebResponse [System]System.Net.WebRequest::GetResponse() IL_0005: castclass [System]System.Net.FtpWebResponse ```

+1 for this feature. I'm analyzing some shellcode that dynamically resolves all API calls and stores the addresses in a large structure. We should investigate solutions to include these sorts...

maybe can adapt code here -> https://github.com/arizvisa/ida-minsc/blob/master/base/instruction.py#L819 to extract API calls from user-defined structures.

After doing additional research it appears that attempting to pull structure member names from a user-defined structure using IDAPython can get messy real quick - especially when working with large,...

Another problem to tackle - how do we map something like `GetMessageW` to `user32.GetMessageW`? Most capa rules specify the DLL name as part of the rule which means we can't...

@williballenthin not yet - we still need to reload rules for each subsequent run.

```yaml - chracteristic: mixed mode ``` scope: file > Mixed assemblies are capable of containing both unmanaged machine instructions and MSIL instructions. This allows them to call and be called...