Comments (5)
Maijin
commented on June 12, 2024
Adding a warning in the tool but also a warning in the README would be awesome!
from capa.
mr-tz
commented on June 12, 2024
Notes on current limitations can be found at https://github.com/fireeye/capa/blob/master/doc/limitations.md
from capa.
mr-tz
commented on June 12, 2024
From the SANS DFIR chat:
Dr. Pepper
Is it possible to write a decryptor/unpacker for capa? For example if a binary uses aplib, could we write something for capa to automatically decompress and run the rest of the rules on that data?
We have ideas for some method of auto-unpack to deal with common packers (UPX, ASPack, etc) and an integration is definitely worth exploring further.
from capa.
Maijin
commented on June 12, 2024
Kewl, nice for the limitations.md!
from capa.
williballenthin
commented on June 12, 2024
we've documented the limitations and emit warnings when encountering packed files. we are no longer considering building an unpacker into capa - its a large amount of effort that will still fail pretty often.
unpacking is left to the user; however, capa should still recommend unpacking techniques when it can.
from capa.
Related Issues (20)
- release v6 HOT 5
- Extract export forward information HOT 3
- Extract CFG dispatcher function names
- test_standalone_binja_backend FAILED: invalid rule: feature section(.detourc) not supported for scope function HOT 1
- if in debug mode, disable spinner
- add CONTRIBUTING file
- statement construction for multi-scope rules HOT 5
- BN: parse forwarded exports HOT 7
- dynamic: Time Travel Debugging (TTD) integration HOT 9
- characteristic(forwarded export) is not valid
- static analysis of memory dumps to find capabilities HOT 4
- dynamic analysis via TTD traces HOT 1
- minidump: wrong(?) address to compute RVA HOT 4
- Test IDA plugin after merge of changes from find-dynamic-capabilities branch
- IDA Plugin Hangs on Plugin Launch HOT 4
- Dynamic: Statement construction for mixed-scope rules HOT 3
- Upgrading legacy non-dynamic rules to the new syntax HOT 2
- lint: skip check of ntdll.NtProtectVirtualMemory HOT 1
- regenerate result document test files
- fix rule linter script
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from capa.