Stephen Eckels
Stephen Eckels
https://github.com/elastic/otel-profiling-agent/blob/main/docs/gopclntab.md speaks of `Inlined Instance Data`. Research how this can be utilized for RE purposed and labelling an IDA database better.
* Parse go source code to generate accurate metadata for runtime function [DONE] * Fixup rename script to import this data [PARTIAL] (Multiple runtime versions TODO) * Triage/Improve? IDAs argument...
We already can dump Go style structs, do the following * Convert these structs to IDA compatible C-ish style * Create these using the IDA script * Determine if it's...
The PID and FBT probe types can't be supported until the signing requirements of the dtrace system/kernel extensions is changed by microsoft - as they use the windows hypervisor which...
PR to eventually merge research into annotating inlined functions
The logic to parse the moduledata and types is split by version as the underlying structures change every few versions. Originally this was done by creating a Go structure for...
### Clear and concise description of the problem Please refer to the webpack issue here: https://github.com/webpack/webpack/issues/14681. In short, when resolving a module that is used within a webworker, try fields...
Ports to VBoxManage CLI, identical logic otherwise. Errors handled gracefully for the most part. Output: ``` stepheneckels@flarevm-build-2:~/source/repos/flare-vm$ python3 virtualbox/vbox-export-snapshots.py Starting operations on FLARE-VM VM {b76d628b-737f-40a3-9a16-c5f66ad2cfcc} is already shut down (state:...
738f838e6bb7ffc1104aeebf19a1829ef52fda4cc1934d49188ec1d80d330f4b * stomped magic * arm64 moduledata miss * moduledata `bytes.Index` hits bogus bytes at start and doesn't try next match * section data reading logic seems off
* Usermode reads should use https://github.com/mandiant/STrace/blob/7e2d56c23ec89566fd82667b7f220037480a4e6b/C/STrace/DynamicTrace.cpp#L5 or at least ProbeForRead to restrict addresses we read to UM and catch with __try __except if they're invalid addresses. * Guard against PEB...