Riccardo Schirone
Riccardo Schirone
*AMAZING!* I also noticed all those time spent in the debug handler and was trying to do something about that, but... These commits are great! Unfortunately it seems you won't...
@Sylvain303 thanks I'm already aware of that ;) @mbland that's really cool, thanks. I hope this thing will get some attention soon.
@GustavoLCR I see this is assigned to you. Do you think you'll be able to complete this for next release? I'm asking not to put pressure, just to try cleaning...
This is still a bug.
Because this is not probably the right solution. Indeed you will see that functions will now be terminated as soon as you meet a jmp... I don't think anal.eobjmp really...
Yes, a lot. This is /bin/cat for example: ``` ╒ (fcn) entry0 60 │ 0x100001540 55 push rbp │ 0x100001541 4889e5 mov rbp, rsp │ 0x100001544 4157 push r15 │...
I would assume that when there is a jump, the next block is always part of the current function (unless it is already part of another function). If during analysis...
If there is a direct jump to an address, there can't be data there (unless of course we are talking about obfuscated binaries, but then if we assume that, we...
Why? If you have symbols you can also use them to know when another function starts.. If you don't have them, then you can special handling the plt stubs. If...
I know. If you don't have symbols you can detect plt stubs. If neither that is true, well, you are jumping simply somewhere else and there is nothing that can...