gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-06 09:44:11 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #346 from fireeye/extract/api-jmps

Browse Source 
Extract/api jmps
This commit is contained in:
Moritz
2020-10-23 13:15:10 +02:00
committed by GitHub
parent 8bb305038b 69a4b99d70
commit 425613ee42
4 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/fixtures.py
View File

@@ -375,6 +375,10 @@ FEATURE_PRESENCE_TESTS = [
("kernel32-64", "function=0x1800202B0", capa.features.insn.API("RtlCaptureContext"), True),
# insn/api: x64 nested thunk
("82bf6", "function=0x140059342", capa.features.insn.API("ElfClearEventLogFile"), True),
# insn/api: call via jmp
("mimikatz", "function=0x40B3C6", capa.features.insn.API("LocalFree"), True),
("c91887...", "function=0x40156F", capa.features.insn.API("CloseClipboard"), True),
# TODO ignore thunk functions that call via jmp?
# insn/api: resolve indirect calls
("c91887...", "function=0x401A77", capa.features.insn.API("kernel32.CreatePipe"), True),
("c91887...", "function=0x401A77", capa.features.insn.API("kernel32.SetHandleInformation"), True),