Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not remove a function during auto-analysis if there is a LibraryFunctionSymbol on it #6200

Open
xusheng6 opened this issue Nov 26, 2024 · 1 comment
Open

Do not remove a function during auto-analysis if there is a LibraryFunctionSymbol on it #6200

xusheng6 opened this issue Nov 26, 2024 · 1 comment
Assignees
@xusheng6
Labels
Component: Core Issue needs changes to the core Effort: Low Issue should take < 1 week Impact: Low Issue is a papercut or has a good, supported workaround Type: Bug Issue is a non-crashing bug with repro steps
Milestone
Gallifrey

Comments

@xusheng6
Copy link
Member

While analyzing
al-khaser_x64.exe_.zip, the function at 0x14004b4f0 is first created, and then removed, for unknown reason. This is causing mandiant/capa#2507
@xusheng6 xusheng6 self-assigned this Nov 26, 2024
@xusheng6 xusheng6 added this to the Gallifrey milestone Nov 26, 2024
@xusheng6 xusheng6 changed the title Function gets removed during auto-analysis Do not remove a function during auto-analysis if there is a LibraryFunctionSymbol on it Nov 26, 2024
@xusheng6
Copy link
Member Author

image

@xusheng6 xusheng6 added Type: Bug Issue is a non-crashing bug with repro steps Component: Core Issue needs changes to the core Impact: Low Issue is a papercut or has a good, supported workaround Effort: Low Issue should take < 1 week labels Nov 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xusheng6 xusheng6

Labels
Component: Core Issue needs changes to the core Effort: Low Issue should take < 1 week Impact: Low Issue is a papercut or has a good, supported workaround Type: Bug Issue is a non-crashing bug with repro steps
Projects
None yet
Milestone
Gallifrey
Development

No branches or pull requests
1 participant
@xusheng6