strictlymike

Based on learning that `INTERESTING_DLLS` is inaccurate or outdated, I have reverted my changes to `sc_hashes.db` and will leave those updates to the maintainer. Be advised that in a scenario...

Workaround is to locate the fix in Patched Bytes (Ctrl+Alt+P or Edit -> Patch program -> Patched bytes) and revert the patch.

If this means that I will be able to compare the result with a value that can be expressed in Yara (e.g. `false`) then I'm for it. I would also...

For versions that don't include a fix for this, I think the below is a usable work-around: ``` for all i in (0 .. (pe.number_of_sections - 1)): ( pe.sections[i].name !=...

This feature would be helpful.

A work-around: use Python/`ctypes` as your target. It only loads the DLL once and doesn't fool Vivisect. Example by export name with a stdcall function: `python -c "import ctypes; ctypes.windll.mymalware.MyFunction()"`...

To bring [FakeNet-NG](github.com/fireeye/flare-fakenet-ng) on Linux, I used a cython wrapper for `libnetfilter_queue` called [python-netfilterqueue](https://github.com/kti/python-netfilterqueue). It has two issues, though: 1. Hard-coded 4,096-byte buffer in the release version only admits 4,012-byte...

Looking more closely, I think it might be `raise_on_error` / `wrapper` within `windivert_dll` (see `pydivert/windivert_dll/__init__.py`) that makes the implicit assumption that `LastError` will be cleared after exiting in the success...

To be clear, I think the solution you proposed (calling `SetLastError(0)` before calling the actual binding) is appropriate given the fact that `raise_on_error` is expecting the value of `GetLastError()` to...

I really really want to but I'm swamped and I couldn't even seem to get the build prerequisites to get started. Sorry to leave you hanging. If you can wait...