Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dynamic: vmray: add support for "container" function call parameters #2245

Open
mike-hunhoff opened this issue Jul 30, 2024 · 0 comments
Open

dynamic: vmray: add support for "container" function call parameters #2245

mike-hunhoff opened this issue Jul 30, 2024 · 0 comments
Labels
dynamic related to dynamic analysis flavor enhancement New feature or request vmray related to VMRay sandbox report analysis

Comments

@mike-hunhoff
Copy link
Collaborator

The "container" type roughly maps to structure and bitfield data. We must first determine if capa can emit features from containers without polluting the matches and then handle the nested structure.

e.g.

[...]
		<param name="pAddrInfo" type="ptr" value="0x5b4030">
			<deref type="container">
				<member name="ai_flags" type="signed_32bit" value="4"/>
				<member name="ai_family" type="signed_32bit" value="2"/>
				<member name="ai_socktype" type="signed_32bit" value="0"/>
				<member name="ai_protocol" type="signed_32bit" value="0"/>
				<member name="ai_addrlen" type="void_ptr" value="0x10"/>
				<member name="ai_canonname" type="void_ptr" value="0x0"/>
				<member name="ai_addr" type="ptr" value="0x5af1a0">
					<deref type="container">
						<member name="sa_family" type="signed_16bit" value="2"/>
						<member name="sin_port" type="unsigned_16bit" value="0x0"/>
						<member name="sin_addr" type="ptr" value="0x100007f">
							<deref type="str" value="127.0.0.1"/>
						</member>
					</deref>
				</member>
				<member name="ai_next" type="void_ptr" value="0x0"/>
			</deref>
		</param>
[...]
@mike-hunhoff mike-hunhoff added enhancement New feature or request dynamic related to dynamic analysis flavor vmray related to VMRay sandbox report analysis labels Jul 30, 2024
@mike-hunhoff mike-hunhoff mentioned this issue Jul 30, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dynamic related to dynamic analysis flavor enhancement New feature or request vmray related to VMRay sandbox report analysis
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mike-hunhoff