fix: Replace PowerShell here-string to resolve YAML syntax error #3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The PowerShell here-string syntax was causing YAML parser errors. Replaced with individual Out-File statements for each line to avoid multi-line string parsing issues in YAML. This completely eliminates the YAML syntax error on line 90.
Sarks0
added a commit
that referenced
this pull request
Dec 6, 2025
P0 Bug #1: Fix breakpoint parameter handling - Add AddressValidationError exception for invalid addresses - Add _normalize_address helper with validation - Add _request_with_retry for retry logic with exponential backoff - Update all breakpoint methods to use validation and retry - Improve error messages with request context P0 Bug #2: Fix empty disassembly results - Add capstone>=5.0.0 dependency for local disassembly - Implement _disassemble_with_capstone fallback method - Try capstone when x64dbg API returns empty results - Provide descriptive errors when both methods fail P0 Bug #3: Fix memory breakpoint size limits - Auto-split large memory breakpoints (>4096 bytes) into chunks - Add warnings for unreliable large ranges - Return detailed result with breakpoint addresses - Document hardware breakpoint size limitations P0 Bug #4: Add Ghidra analysis timeout controls - Add GHIDRA_FUNCTION_TIMEOUT env var (per-function timeout) - Add GHIDRA_MAX_FUNCTIONS env var (limit analysis scope) - Add GHIDRA_SKIP_DECOMPILE env var (skip decompilation) - Track decompile timeouts and failures in analysis_stats - Return partial results instead of hanging indefinitely - Log skipped functions with reasons 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Sarks0
added a commit
that referenced
this pull request
Dec 6, 2025
P0 Bug #1: Fix breakpoint parameter handling - Add AddressValidationError exception for invalid addresses - Add _normalize_address helper with validation - Add _request_with_retry for retry logic with exponential backoff - Update all breakpoint methods to use validation and retry - Improve error messages with request context P0 Bug #2: Fix empty disassembly results - Add capstone>=5.0.0 dependency for local disassembly - Implement _disassemble_with_capstone fallback method - Try capstone when x64dbg API returns empty results - Provide descriptive errors when both methods fail P0 Bug #3: Fix memory breakpoint size limits - Auto-split large memory breakpoints (>4096 bytes) into chunks - Add warnings for unreliable large ranges - Return detailed result with breakpoint addresses - Document hardware breakpoint size limitations P0 Bug #4: Add Ghidra analysis timeout controls - Add GHIDRA_FUNCTION_TIMEOUT env var (per-function timeout) - Add GHIDRA_MAX_FUNCTIONS env var (limit analysis scope) - Add GHIDRA_SKIP_DECOMPILE env var (skip decompilation) - Track decompile timeouts and failures in analysis_stats - Return partial results instead of hanging indefinitely - Log skipped functions with reasons
Sarks0
added a commit
that referenced
this pull request
Dec 7, 2025
* update * fix: Address P0 critical bugs from feedback P0 Bug #1: Fix breakpoint parameter handling - Add AddressValidationError exception for invalid addresses - Add _normalize_address helper with validation - Add _request_with_retry for retry logic with exponential backoff - Update all breakpoint methods to use validation and retry - Improve error messages with request context P0 Bug #2: Fix empty disassembly results - Add capstone>=5.0.0 dependency for local disassembly - Implement _disassemble_with_capstone fallback method - Try capstone when x64dbg API returns empty results - Provide descriptive errors when both methods fail P0 Bug #3: Fix memory breakpoint size limits - Auto-split large memory breakpoints (>4096 bytes) into chunks - Add warnings for unreliable large ranges - Return detailed result with breakpoint addresses - Document hardware breakpoint size limitations P0 Bug #4: Add Ghidra analysis timeout controls - Add GHIDRA_FUNCTION_TIMEOUT env var (per-function timeout) - Add GHIDRA_MAX_FUNCTIONS env var (limit analysis scope) - Add GHIDRA_SKIP_DECOMPILE env var (skip decompilation) - Track decompile timeouts and failures in analysis_stats - Return partial results instead of hanging indefinitely - Log skipped functions with reasons * feat: Add batch breakpoint commands (P1) Add efficient batch operations for setting and deleting multiple breakpoints in a single call: - x64dbg_set_breakpoints(): Set multiple breakpoints at once - Supports software, hardware, and memory breakpoints - Returns success/failure count with detailed errors - x64dbg_delete_breakpoints(): Delete multiple breakpoints at once - Takes list of addresses to remove - Returns aggregate results Benefits: - Reduces N API round-trips to 1 for bulk operations - Critical for setting up analysis environment quickly - Useful for batch operations from address lists Also mark P1: Improved error messages as complete (implemented with P0 bug fixes - AddressValidationError, detailed error context). * feat: Add P1 dynamic analysis improvements - Add batch breakpoint commands (set_breakpoints, delete_breakpoints) - Add enhanced anti-debug bypass with profiles (minimal, standard, aggressive) - Add structured API trace output with module mapping - Add x64dbg_get_api_params for API parameter decoding (x64 calling convention) - Add memory dump with PE reconstruction (x64dbg_dump_module) * feat: Add P2 dynamic analysis features - Conditional breakpoint logging with template formatting - Static/dynamic cross-reference for Ghidra/IDA address resolution - Session state persistence (save/restore breakpoints, debug state) - API hook detection (inline hooks, JMP/CALL patches) - Memory watch/diff with entropy analysis for decryption detection * feat: Add encrypted payload analysis tools - Create crypto_analysis.py utility module - Add detect_crypto_patterns for encryption detection - Add analyze_xor_encryption for XOR key recovery - Add decrypt_xor for XOR decryption with specified key - Add decode_base64_file for Base64 decoding - Support entropy calculation and file signature detection * feat: Add Python bytecode analysis tools Add detection and extraction for Python-packed executables: - detect_python_packer: Identify py2exe, PyInstaller, cx_Freeze, Nuitka - extract_python_packed: Extract embedded files from packed executables - analyze_pyc_file: Parse .pyc headers for Python version detection - list_python_archive_contents: List embedded archive contents New PythonPackerAnalyzer class with: - Signature-based packer detection with confidence scores - PyInstaller archive magic detection - py2exe ZIP overlay extraction - .pyc magic number to Python version mapping (2.6-3.12) * feat: Add VirusTotal integration with .env config support Add VT tools for malware reputation lookup: - vt_lookup: Query by hash or file path - vt_behavior: Get sandbox behavior reports - vt_search: Search VT Intelligence (requires premium) - vt_check_api: Verify API configuration Add configuration management: - src/utils/config.py: Load settings from .env or environment - .env.example: Template with all available config options - .gitignore: Exclude .env files to protect secrets Config supports: VT_API_KEY, GHIDRA_HOME, X64DBG_BRIDGE_URL, etc. * feat: Add P3 triage, reporting, and Yara tools Add quick_scan malware triage tool: - File type detection (PE, ELF, Mach-O, .NET, MSI) - Packer detection (UPX, Themida, VMProtect, PyInstaller, etc.) - Anti-analysis technique detection (anti-debug, anti-VM, anti-sandbox) - Suspicious import analysis with severity ratings - IOC extraction (URLs, IPs, file paths, registry keys) - Analysis recommendations based on findings Add reporting tools: - generate_report: Create Markdown reports with MITRE ATT&CK mapping - export_iocs: Export IOCs in text, CSV, or JSON format Add Yara rule generation: - generate_yara_rule_from_session: Create rules from analysis data - generate_yara_rule_from_strings: Create rules from binary strings - Configurable strictness levels (low/medium/high) * fix: Address ruff lint errors - Use lowercase for function-local constants (max_reliable_size, chunk_size) - Remove unused imports (os, time, Any, AnalysisType, safe_error_message) - Remove unused variables (size_of_image_offset, machine, start) - Remove extraneous f-string prefixes on strings without placeholders - Fix import block ordering (stdlib before local imports) - Remove unnecessary mode argument in open() * fix: Sort imports alphabetically and remove trailing whitespace * fix: Split import to satisfy ruff formatting --------- Co-authored-by: Sarks0 <Sarks0@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The PowerShell here-string syntax was causing YAML parser errors. Replaced with individual Out-File statements for each line to avoid multi-line string parsing issues in YAML.
This completely eliminates the YAML syntax error on line 90.