Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
flirt function identification
See original GitHub issuehttps://github.com/fireeye/capa/discussions/414#discussioncomment-342159
use open source FLIRT implementation to identify functions.
signature distribution is an open problem.
TODO:
- consider moving into viv-utils 358aab85e7da4e502497e73542392cf311c3393c
- cleanup integration/API f2c95568bdbb6a8673f310fbfa01247f22131277
- specify signature set path via cli f2c95568bdbb6a8673f310fbfa01247f22131277
- fix python-flirt loading
1.patsignature file https://github.com/williballenthin/lancelot/commit/881aba96749eab0f396464b5b03e0e878a2ac718 - add comments support to python-flirt so we can embed licenses https://github.com/williballenthin/lancelot/commit/a8c6a8e91177cdd5b7099ab57862796b552ee6a5
- detect and support gz-compressed pat files 004ddb3e66182450727488dd4994c3cc41f3ee6c
- al-khaser x86 performance #448
- new python-flirt release https://github.com/williballenthin/lancelot/releases/tag/v0.5.5
- bump python-flirt dep https://github.com/williballenthin/viv-utils/commit/194ea7514754751c8935d03ede859208a779fcee
- new viv-utils release https://github.com/williballenthin/viv-utils/releases/tag/v0.4.1
- bump viv-utils dep 1e8161b24e5680924b780fbb21ab4d3ccd1066e2
- configure default signature set https://github.com/fireeye/capa/pull/446/commits/ff8a6f1d570c4b7fe154c8948bbee9db76160880
- embed signature set in pyinstaller exe https://github.com/fireeye/capa/pull/446/commits/30e1d409dd0d728d1bc3e7eadd50c3d5e5172974
- verify FLIRT native lib works in pyinstaller exe #452 https://github.com/fireeye/capa/runs/2043611001
- refactor cli argument parsing #449 #450
- code style
- viv-utils needs to be py2 compatible (remove type annotations)
- new viv-utils release
- bump viv-utils dep
- collect re-distributable signature set fc12645
- add licenses to signature set 9a28279
Issue Analytics
- State:
- Created 3 years ago
- Comments:9
Top Results From Across the Web
ida - What is a FLIRT signature?
IDA flirt signatures are an attempt to create these sorts of signatures based off of a number of the initial bytes of a...
Read more >IDA F.L.I.R.T. Technology: In-Depth – Hex Rays
we only recognize and identify functions located in the code segment, we ignore the data segment. when a function has been sucessfully identified,...
Read more >Function Identification in Reverse Engineering of IoT Devices
Typical function identification technologies include the Fast Library Identification and Recognition Technology (FLIRT) in IDA and the rizzo ...
Read more >IDA FLIRT Signatures for Linux Binaries - Booz Allen
The library signatures will be applied. To view how many functions were identified, click View -> Open Subviews -> Signatures. The Signatures subview...
Read more >FLIRT/UserGuide - FSL - FslWiki
The simplest use of FLIRT is to register two single volumes together. This is done by choosing the Input image -> Reference image...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
with fixes from https://github.com/williballenthin/lancelot/issues/112, PMA16-01 is up to 141 matches against vc32rtf. there are only 189 functions total.
closed in #446