Mike Hunhoff

> @mike-hunhoff, do we want to keep this around here or close it? We can close - I'll link the corresponding dncil PR back to this for documentation purposes.

> we need to update the rule format documentation to describe OS_ANY, too: > > https://github.com/mandiant/capa-rules/blob/b035bb8d90e556f412b6ee9ef738ce6c68bbd9cd/doc/format.md#os see #1324

Hello @colton-gabertan! Absolutely, go for it! Please let us know if you have any questions

Thanks for all of your research @colton-gabertan! 🚀 Ideally we can identify a solution that works for all .NET files processed by capa. My initial concern with your approach is...

> ``` > 7 13.215 1.888 13.620 1.946 helpers.py:60(get_block_bytes) > ``` > > this one too see https://github.com/mandiant/capa/pull/1761

> ``` > 1 0.000 0.000 26.628 26.628 file.py:75(extract_file_embedded_pe) > 1 0.005 0.005 26.628 26.628 file.py:26(check_segment_for_pe) > ``` > > these stand out. 26 seconds to scan the file bytes...

@0xjunkcod3 can you provide additional details e.g. does this error occur when running capa's standalone tool? Which capa version?

Thanks for reaching out @hoanghai27 . This specific line of code prevents overwriting Python's `print` function but you're correct that we should, if possible, add `ghidra.app.script.GhidraScript`'s `print`* methods (`println`, `printf`,...

> This PR closes #66. > > My main concern here is that the exception handler `log_env_details` will get executed for every `Exception`. Do you suggest we whitelist some exceptions?...

> Hi @mike-hunhoff, > > I addressed these comments in [46f45fd](https://github.com/mandiant/Ghidrathon/commit/46f45fdffff6c8df64e5d9f87f41d0c1a91ef523). > > On a side note, while I initially started working on this, I noticed that user custom hooks...