You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When run on some larger files, I am encountering a problem where either section data isn't returned to me in full, or all sections aren't included. In particular, in both b3c4a359fa27d3999295ca3623b77fd18cc24f903a3302e09a98ae7129b61519 and cde88a1dfcad2b6c04fc887ce057172ec3a3078000479679d7205c2eb3163908 (not attached as they're malware) I am looking for ".debug_aranges" which I can find in both HxD and via opening up the file and reading the bytes with mmap. However when I iterate over all sections, using .get_data() and searching for the bytes I am not able to find the string. Thanks!
The text was updated successfully, but these errors were encountered:
I am also working with malware. I think maybe these files are from the SOREL group? Either way, you can check out the issue I am having here, if interested: #358.
I think that the malware authors may have obfuscated these files in such a way that makes them challenging for these tools to work with. I'd be interested to know if you managed to work through your problem or not.
When run on some larger files, I am encountering a problem where either section data isn't returned to me in full, or all sections aren't included. In particular, in both b3c4a359fa27d3999295ca3623b77fd18cc24f903a3302e09a98ae7129b61519 and cde88a1dfcad2b6c04fc887ce057172ec3a3078000479679d7205c2eb3163908 (not attached as they're malware) I am looking for ".debug_aranges" which I can find in both HxD and via opening up the file and reading the bytes with mmap. However when I iterate over all sections, using .get_data() and searching for the bytes I am not able to find the string. Thanks!
The text was updated successfully, but these errors were encountered: