Willi Ballenthin
Willi Ballenthin
when multiple extractors, e.g. native PE and dotnet, can extract features from a binary, e.g. a mixed-mode dotnet program, should we extract the union of features from both extractors? or...
TODO: specify if this includes exported classes? exported methods? and how to reference these
- [x] need to learn how to parse them (dnfile) - [x] need to learn how to reason about them - [ ] need to extract features for them
the IDA plugin code does not have many type annotations because it was written before we migrated to using py3-style type annotations. for the same reasons we use type annotations...
we have some new major features coming that will be implemented for the viv (and probably IDA) backends; however, we don't have the bandwidth to implement the analysis for SMDA....
within dotnet, objects of a concrete type may implement interfaces or be subclasses of more generic functionality. how should we extract method features in these cases? should we reference the...
supporting #771, figure out how to extract function call arguments with vivisect against x86 programs.
this ELF file also makes vivisect pretty unhappy: ``` ❯ python -m capa.main ~/Downloads/82dae644c7a956a41d70097b7a749ca26fc6e04f0fa3186ee72955b2b5c550b6 loading : 100%|███████████████████████████| 658/658 [00:00
to bring light to capabilities for which we do not yet have rules, we should develop a script that highlights the features that have been extracted by capa and yet...