Willi Ballenthin

when it comes to writing the exporting, and you want to avoid Jython, here's the strategy we've been exploring: http://www.williballenthin.com/post/2020-05-20-sketch-modern-python-in-ghidra/ once capa is released and things are quiet again, then...

Yup, I totally understand. To be clear, I hate to open issues that I won't put effort towards myself, so I hope you don't feel that this creates a burden...

analyzeMFT is written in python2 and does not support python3. there are a number of python3 incompatibilities (relative imports, print statements, etc.) that would need to be fixed even before...

Something to consider: an MFT record may have multiple $FN attributes, and it looks like analyzeMFT always picks the first encountered as the filename (https://github.com/dkovar/analyzeMFT/blob/master/analyzemft/mft.py#L331). I've found that the ordering...

If you'd like me to take a stab at fixing this, happy to try. 1. is [this](https://github.com/cea-sec/miasm/blob/ca79614f9e7cec641aa71e33d5a567ba2cd7cbc3/miasm/loader/pe.py#L261-L262) an appropriate place to fix? `c.gets(raw, off)` -> `c.gets(raw, off).decode('ascii')`? Happy to dig...

The accessors in `miasm.jitter.loader.pe` return decoded strings. So, maybe its reasonable that `miasm.loader.pe` deals with raw data (bytes) and that higher level interfaces provide more Pythonic data types. If so,...

might also try emulation a couple times for each candidate, and if they yield results, keep going, otherwise move along.

need to dev a test case, and then can tackle the feature

yes. example attached. a single byte XOR routine is inlined by the compiler into a constant number of DWORD and BYTE-wise XOR operations against global data. this is difficult to...

91b08896fbda9edb8b6f93a6bc811ec6