symbolicvoid

Results 8 comments of symbolicvoid

elf support

I was wondering about this issue. @mr-tz told me a little bit about this on an e-mail and pointed me to the capa PR that added ELF support, and it...

elf support

> i think enabling the support via vivisect is probably pretty easy, as you've found. the bigger concern is being able to prove its working, which involves finding enough test...

exclude/tag strings referenced by library functions (identified by FLIRT)

Hello @williballenthin, I have a question about this issue. Doesn't FLOSS already recognize library functions using viv-utils? Can we use that to tag strings used by these? I guess we...

exclude/tag strings referenced by library functions (identified by FLIRT)

Thank you for the replies! Also it does seem like FLOSS can sometimes not recognize library functions.. For example, this is a C program that I used (compiled by GCC):...

exclude/tag strings referenced by library functions (identified by FLIRT)

Oh I see. I can test around with this issue and see if I can do something about it.

exclude/tag strings referenced by library functions (identified by FLIRT)

Is there any data I can use to test the code? Something that has library functions with strings that can be recognized by FLOSS. @mr-tz @williballenthin

exclude/tag strings referenced by library functions (identified by FLIRT)

> Plus Microsoft Visual Studio CRT functions from many versions (see https://github.com/mandiant/siglib/); when using the default signatures. I'd recommend to find a file, e.g., from https://github.com/mandiant/capa-testfiles that has many library...

Indicate .NET, packed or other binaries FLOSS doesn't handle well

Hey @williballenthin, could you please link some resources to reference for the implementation of dotnet detection (such as the capa PR that added this)? I think we could extend the...