You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
we should be able to match the names recognized by FLIRT (etc). we have insn scope features (API) for this right now, but these are only relevant if an instruction references the function address (for example, with call strcpy). if the function is only referenced by vtable, such as the case with most CryptoPP (C++ library) functions, then we don't have a way to say "this file can AES encrypt data via CryptoPP".
we could enable API features at the file scope, associating them with the address of recognized library functions.
we should be able to match the names recognized by FLIRT (etc). we have insn scope features (
API
) for this right now, but these are only relevant if an instruction references the function address (for example, withcall strcpy
). if the function is only referenced by vtable, such as the case with most CryptoPP (C++ library) functions, then we don't have a way to say "this file can AES encrypt data via CryptoPP".we could enable
API
features at the file scope, associating them with the address of recognized library functions.motivated by mandiant/capa-rules#388 (comment)
The text was updated successfully, but these errors were encountered: