gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

comments on a test where disassembly differs among backends

Browse Source
This commit is contained in:
Daniel Plohmann (jupiter)
2020-10-30 15:29:38 +01:00
parent f3b59b342a
commit d276a07a71
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tests/fixtures.py
View File

@@ -393,6 +393,11 @@ FEATURE_PRESENCE_TESTS = [
("kernel32-64", "function=0x1800202B0", capa.features.insn.API("RtlCaptureContext"), True),
# insn/api: x64 nested thunk
("82bf6", "function=0x140059342", capa.features.insn.API("ElfClearEventLogFile"), True),
# TODO decide how to adjust the above test to make it compatible across disassemblers
# this is a test adjusted to the function entry point when disassembled by IDA/SMDA:
# ("82bf6", "function=14005E0C0", capa.features.insn.API("ElfClearEventLogFile"), True),
# this is another x64 nested thunk, but function is not recognized by vivisect:
# ("82bf6", "function=0x1400615c0", capa.features.insn.API("IsProcessorFeaturePresent"), True),
# insn/api: call via jmp
("mimikatz", "function=0x40B3C6", capa.features.insn.API("LocalFree"), True),
("c91887...", "function=0x40156F", capa.features.insn.API("CloseClipboard"), True),