xusheng
xusheng
> We have the freeze format for that purpose, see https://github.com/mandiant/capa/tree/master/capa/features/freeze > > Or did you have something else in mind? Oh I did not see this. It looks promising!...
"this is such a common pattern of breakage that we should fix it in SetUserType/SetAutoType. By walking the incoming type and ensuring that any of the type present use their...
Database: `exquisite token formats safely` Repro: 1. Open database 2. Select the call to `_func` at 0x10000038c 3. Press Q on it 4. Notice the type of the `_func` becomes...
Interestlingly, the current behavior also leads to inferior decompilation output: If the pointer to NTR is applied, there is no redundancy:
I think the forward type actually does nothing wrong -- it just takes whatever the type is and forward that into the callee. The problem appears to be that the...
And the type of the variable `var_20` itself is a NTR: ``` >>> current_variable.type ``` Not sure why we discarded the NTR when we take the pointer of it
Hmmm, I am totally confused -- when I drop to MLIL, at `2 @ 10000036c x0 = &var_20`, the left side is actually a ptr to a NTR (which is...
I have unassigned myself from it because this is more complex than expected, and we do not yet have a perfect way to fix this
> Hi, thx for the ping. That is our estimation of the amount of work required to resolve the issue, not an ETA. The issue is not currently on the...
Well maybe we should also offer a way to disable to other buttons like "Resume", since for core dump adapters they also cannot resume the target anyways