Andrew Williams
Andrew Williams
Another awesome topic would be how to debug rules that aren't matching as expected - specifically using `show-features.py`
It might make sense to cover the Windows API equivalents as part of this as well... and: - `CertOpenSystemStore` or `CertOpenStore` - `"ROOT"` or `L"ROOT"` - `CertAddCertificateContextToStore` or `CertAddSerializedElementToStore` -...
pefile seems to be doing the correct thing -- NumberOfRvaAndSizes can legitimately be less than 16, and in that case the bytes associated with the upper data directories might not...
Here are two examples for each case: EXEs with Authenticode signatures - 00048c246c8db3c309b759631057f1a5704296803a2ba23e0d9530d14986a130 - 001a26ff51bf6babf6325983f512cf8d84cadee1ca36f166a41702d94c1b0841 EXEs with a COFF symbol table / string table - 01794f55fab26842c12e2a67fc218ad9c1a9201ccf0bf2fbd9f5815d6f20182f - 03d896e59d78d4338cae141ea52447190fe9ebd6362acd16d4cd2954039ed5d7 EXEs with...
This gets CASC working again for now:  From: https://www.hex-rays.com/products/ida/support/ida74_idapython_no_bc695/
Ah, it looks like that instruction is equivalent to `mov dword ptr [esp], 0x7530`, so there's no offset to mask... It'd be cool if the CASC UI could somehow indicate...
This gets FIRST working again for now:  From: https://www.hex-rays.com/products/ida/support/ida74_idapython_no_bc695/
Hi @blowrancebenton, I tried to follow up with you via email but haven't heard back yet, so I figured I'd post here as well. I looked at the network logs...
Any thoughts on this? This came up in a Chromium code review and it'd be helpful to have a clarification to ensure that we've implemented parsing of the AvailLanguage header...
Thanks Mark, and my apologies for the delay in getting back to you. Ignoring unrecognized parameters and non-Boolean parameter values SGTM. I wonder if it'd also be helpful to have...