Moritz
Moritz
gets identified now, but emulation fails
Test candidates: A47FD9031D7C45AB61F9E8C68458BA81, 1D081F79D698DBDE8FBD8B6C857ECCA8, and 164EF16A5257311859822765778383D0 (all from the same malware family).
> here is a good example of an obfuscated elf binary: a0cd554c35dee3fed3d1607dc18debd1296faaee29b5bd77ff83ab6956a6f9d6 https://www.intezer.com/blog/research/new-linux-threat-symbiote/ - https://github.com/mandiant/flare-floss/issues/276#issuecomment-1168244301
Currently, I'm leaning towards removing `idaplugin.py` and rely on `scripts/render-ida-import-script.py` instead. Would that also work for you?
Hello, @HongThatCong, can you check out if the updates in #580 match your needs?
Function ID fails, because both of these functions wrap the real decoding function `sub_100075CE`. Could add an abstracter "wraps function X and is called a lot" etc. or simply emulate...
Does the example in https://github.com/mandiant/flare-floss/blob/master/tests/conftest.py help? The new FLOSS output is all JSON based so hopefully that makes integrations easier.
Closing stale issue. Please re-open if this is still a problem.
If you could provide (a) sample(s) for testing that would be best. I've seen rare instances where vivisect spins forever, but it could also be that the FLOSS core goes...
Great, thank you. I'll only use the samples to test this issue.