gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-08 19:31:13 -08:00
Code Issues Packages Projects Releases Wiki Activity

improve bytes feature extraction

Browse Source
This commit is contained in:
Moritz Raabe
2021-01-29 11:16:12 +01:00
parent 14e65c4601
commit 9b5aaa40de
4 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/fixtures.py
View File

@@ -10,6 +10,7 @@
import os
import sys
import os.path
import binascii
import contextlib
import collections
@@ -444,6 +445,8 @@ FEATURE_PRESENCE_TESTS = [
("mimikatz", "function=0x40105D", capa.features.Bytes("SCardTransmit".encode("utf-16le")), True),
("mimikatz", "function=0x40105D", capa.features.Bytes("ACR > ".encode("utf-16le")), True),
("mimikatz", "function=0x40105D", capa.features.Bytes("nope".encode("ascii")), False),
# IDA features included byte sequences read from invalid memory, fixed in #409
("mimikatz", "function=0x44570F", capa.features.Bytes(binascii.unhexlify("FF" * 256)), False),
# insn/bytes, pointer to bytes
("mimikatz", "function=0x44EDEF", capa.features.Bytes("INPUTEVENT".encode("utf-16le")), True),
# insn/characteristic(nzxor)