remove /x32 /x64 decorators from offset and number features #932
Assignees
Labels
breaking-change
introduces a breaking change that should be released in a major version
enhancement
New feature or request
Milestone
Comments
|
this will be a breaking change |
williballenthin
added
enhancement
|
Here are the rules where we currently use these features: ❯ rg "(offset|number)/x" -l
linking/runtime-linking/access-peb-ldr_data.yml
linking/runtime-linking/get-ntdll-base-address.yml
linking/runtime-linking/get-kernel32-base-address.yml
nursery/log-keystrokes-via-raw-input-data.yml
communication/socket/tcp/send/obtain-transmitpackets-callback-function-via-wsaioctl.yml
host-interaction/hardware/cpu/get-number-of-processors.yml
host-interaction/process/create/create-a-process-with-modified-io-handles-and-window.yml
host-interaction/process/get-process-heap-force-flags.yml
host-interaction/process/get-process-heap-flags.yml
lib/peb-access.yml
anti-analysis/anti-forensic/patch-process-command-line.yml
anti-analysis/anti-debugging/debugger-detection/check-for-peb-ntglobalflag-flag.yml
load-code/pe/enumerate-pe-sections.yml
load-code/pe/rebuild-import-table.yml
load-code/pe/parse-pe-header.yml |
|
during meeting, @mr-tz and @mike-hunhoff agreed that this should be removed. |
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
as discussed in #930, we have a better way to specify bitness logic (e.g.
number/x32: ...) today:while its a bit more verbose, its consistent with
os,format, etc. features.removing these flavors will reduce the amount of code we have to maintain (that threads bitness throughout feature sets).
it will also reduce the number of features we extract. for example, when considering mimikatz.exe, the vivisect backend extracts 322,647 total features, of which 49,206 (15%) are bitness flavored numbers and offsets.
The text was updated successfully, but these errors were encountered: