Mike Hunhoff

encountered a protected .NET sample that did not contain a `#US` stream. This could make for an interesting characteristic used to detect packed/protected/obfuscated .NET but we would need additional research...

* https://learn.microsoft.com/en-us/dotnet/api/system.runtime.compilerservices.runtimehelpers.initializearray?view=net-7.0 > Provides a fast way to initialize an array from data that is stored in a module. Used to load obfuscated string stored in static array.

malwarefrank has a good breakdown of .NET resources [here](https://github.com/malwarefrank/dnfile/issues/36#issuecomment-1003238219). Here are my thoughts on opportunities to emit features/reasoning from .NET resources: 1. emit resource names as a new `resource` feature...

> Hi @mike-hunhoff, I would like to work on this issue. Let me know if any additional rules have this issue as well. Great @Abtaha ! @mr-tz included a list...

Thanks for the response @bsteffensmeier ! I'm not sure I'll be able to get to this before you but I'll keep it on my list in case I come across...

Ah yes, you are correct, I identified the wrong package. However, there is a [Ghidra package named `pdb`](https://github.com/NationalSecurityAgency/ghidra/tree/7891d2611549ec57fc81b13e9205ce37bd42b2d4/Ghidra/Features/PDB/src/main/java/pdb) that appears to be the actual source of the conflict. Therefore, my...

Sounds good, thank you for your response. I'm not sure that I'll have cycles to explore this idea further but I'll be sure to keep this issue posted if I...

@Atlas-64 thank you for your contribution! Let's get the lint errors fixed before we review. Have you followed the [capa development installation steps](https://github.com/mandiant/capa/blob/master/doc/installation.md#development)? Specifically, these steps outline how to use...

> hi @mike-hunhoff i did follow the steps to install my version of capa (in editable mode) and the dependencies and then continued to run the pre commit command to...

We've experienced significant performance issues with our previous attempts to implement this. What are your thoughts on a "expand all" context menu option that expands all child nodes of what...