Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add format to global features and code refactors #1284

Merged
merged 4 commits into from
Jan 19, 2023
Merged

add format to global features and code refactors #1284

merged 4 commits into from
Jan 19, 2023

Conversation

mr-tz
Copy link
Collaborator

@mr-tz mr-tz commented Jan 12, 2023
edited
Loading

closes #1258

related to #1187

tests succeed in IDA

--------------------------------------------------------------------------------
OK   mimikatz-function=0x40E5C2-basic block-7
OK   mimikatz-function=0x4702FD-characteristic(calls from)-0
OK   mimikatz-function=0x40E5C2-characteristic(calls from)-3
OK   mimikatz-function=0x4556E5-characteristic(calls to)-0
OK   mimikatz-function=0x40B1F1-characteristic(calls to)-3
...
OK   mimikatz-file-string(SCardControl)-True
OK   mimikatz-file-string(SCardTransmit)-True
OK   mimikatz-file-string(ACR  > )-True
OK   mimikatz-file-string(nope)-False
OK   mimikatz-file-section(.text)-True
OK   mimikatz-file-section(.nope)-False
OK   mimikatz-file-import(advapi32.CryptSetHashParam)-True
OK   mimikatz-file-import(CryptSetHashParam)-True
OK   mimikatz-file-import(kernel32.IsWow64Process)-True
OK   mimikatz-file-import(msvcrt.exit)-True
OK   mimikatz-file-import(cabinet.#11)-True
OK   mimikatz-file-import(#11)-False
OK   mimikatz-file-import(#nope)-False
OK   mimikatz-file-import(nope)-False
OK   mimikatz-file-import(advapi32.CryptAcquireContextW)-True
OK   mimikatz-file-import(advapi32.CryptAcquireContext)-True
OK   mimikatz-file-import(CryptAcquireContextW)-True
OK   mimikatz-file-import(CryptAcquireContext)-True
OK   mimikatz-file-os(windows)-True
OK   mimikatz-file-arch(i386)-True
OK   mimikatz-file-format(pe)-True
OK   mimikatz-function=0x401000-characteristic(loop)-False
OK   mimikatz-function=0x401000-characteristic(tight loop)-False
OK   mimikatz-function=0x401000-characteristic(stack string)-False
OK   mimikatz-function=0x401000-number(0x0)-True
OK   mimikatz-function=0x401000,bb=0x401000-characteristic(tight loop)-False
OK   mimikatz-function=0x40105D-mnemonic(push)-True
OK   mimikatz-function=0x40105D-mnemonic(movzx)-True
OK   mimikatz-function=0x40105D-mnemonic(xor)-True
OK   mimikatz-function=0x40105D-mnemonic(in)-False
OK   mimikatz-function=0x40105D-mnemonic(out)-False
OK   mimikatz-function=0x40105D-number(0xFF)-True
OK   mimikatz-function=0x40105D-number(0x3136B0)-True
OK   mimikatz-function=0x40105D-number(0xC)-False
OK   mimikatz-function=0x40105D-number(0x10)-False
OK   mimikatz-function=0x40105D-offset(0x0)-True
OK   mimikatz-function=0x40105D-offset(0x4)-True
OK   mimikatz-function=0x40105D-offset(0xC)-True
OK   mimikatz-function=0x40105D-offset(0x8)-False
OK   mimikatz-function=0x40105D-offset(0x10)-False
OK   mimikatz-function=0x40105D-string(SCardControl)-True
OK   mimikatz-function=0x40105D-string(SCardTransmit)-True
OK   mimikatz-function=0x40105D-string(ACR  > )-True
OK   mimikatz-function=0x40105D-string(nope)-False
OK   mimikatz-function=0x40105D-bytes(53 00 43 00 61 00 72 00 64 00 43 00 6F 00 6E 00 74 00 72 00 6F 00 6C 00)-True
OK   mimikatz-function=0x40105D-bytes(53 00 43 00 61 00 72 00 64 00 54 00 72 00 61 00 6E 00 73 00 6D 00 69 00 74 00)-True
OK   mimikatz-function=0x40105D-bytes(41 00 43 00 52 00 20 00 20 00 3E 00 20 00)-True
OK   mimikatz-function=0x40105D-bytes(6E 6F 70 65)-False
OK   mimikatz-function=0x40105D-characteristic(nzxor)-False
OK   mimikatz-function=0x40105D-characteristic(calls to)-True
OK   mimikatz-function=0x40105D-os(windows)-True
OK   mimikatz-function=0x40105D-arch(i386)-True
OK   mimikatz-function=0x40105D,bb=0x401073-operand[1].number(0xFF)-True
OK   mimikatz-function=0x40105D,bb=0x401073-operand[0].number(0xFF)-False
OK   mimikatz-function=0x40105D,bb=0x4010B0-operand[0].offset(0x4)-True
OK   mimikatz-function=0x40105D,bb=0x4010B0-operand[1].offset(0x4)-False
OK   mimikatz-function=0x4011FB-offset(-0x1)-True
OK   mimikatz-function=0x4011FB-offset(-0x2)-True
OK   mimikatz-function=0x401517-characteristic(loop)-True
OK   mimikatz-function=0x401553-number(0xFFFFFFFF)-True
OK   mimikatz-function=0x401873,bb=0x4018B2,insn=0x4018C0-number(0x2)-True
OK   mimikatz-function=0x401CC7,bb=0x401CDE,insn=0x401CF6-offset(0x10)-False
OK   mimikatz-function=0x401D64,bb=0x401D73,insn=0x401D85-offset(0x80000000)-False
OK   mimikatz-function=0x402203,bb=0x402221,insn=0x40223C-offset(0x4)-True
OK   mimikatz-function=0x402EC4-characteristic(tight loop)-True
OK   mimikatz-function=0x402EC4,bb=0x402F8E-characteristic(tight loop)-True
OK   mimikatz-function=0x403BAC-api(advapi32.CryptAcquireContextW)-True
OK   mimikatz-function=0x403BAC-api(advapi32.CryptAcquireContext)-True
OK   mimikatz-function=0x403BAC-api(advapi32.CryptGenKey)-True
OK   mimikatz-function=0x403BAC-api(advapi32.CryptImportKey)-True
OK   mimikatz-function=0x403BAC-api(advapi32.CryptDestroyKey)-True
OK   mimikatz-function=0x403BAC-api(CryptAcquireContextW)-True
OK   mimikatz-function=0x403BAC-api(CryptAcquireContext)-True
OK   mimikatz-function=0x403BAC-api(CryptGenKey)-True
OK   mimikatz-function=0x403BAC-api(CryptImportKey)-True
OK   mimikatz-function=0x403BAC-api(CryptDestroyKey)-True
OK   mimikatz-function=0x403BAC-api(Nope)-False
OK   mimikatz-function=0x403BAC-api(advapi32.Nope)-False
OK   mimikatz-function=0x40640e-characteristic(recursive call)-True
OK   mimikatz-function=0x40B3C6-api(LocalFree)-True
OK   mimikatz-function=0x410DFC-characteristic(nzxor)-True
OK   mimikatz-function=0x4175FF-characteristic(recursive call)-False
OK   mimikatz-function=0x4175FF-characteristic(indirect call)-True
OK   mimikatz-function=0x43e543-number(0xFFFFFFF0)-True
OK   mimikatz-function=0x44570F-bytes(FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF)-False
OK   mimikatz-function=0x44EDEF-string(INPUTEVENT)-True
OK   mimikatz-function=0x44EDEF-bytes(49 00 4E 00 50 00 55 00 54 00 45 00 56 00 45 00 4E 00 54 00)-True
OK   mimikatz-function=0x4556E5-characteristic(stack string)-True
OK   mimikatz-function=0x4556E5-api(advapi32.LsaQueryInformationPolicy)-True
OK   mimikatz-function=0x4556E5-api(LsaQueryInformationPolicy)-True
OK   mimikatz-function=0x4556E5-characteristic(peb access)-False
OK   mimikatz-function=0x4556E5-characteristic(gs access)-False
OK   mimikatz-function=0x4556E5-characteristic(cross section flow)-False
OK   mimikatz-function=0x4556E5-characteristic(indirect call)-False
OK   mimikatz-function=0x4556E5-characteristic(calls from)-True
OK   mimikatz-function=0x456BB9-characteristic(calls to)-False
OK   mimikatz-function=0x456BB9-format(pe)-True
OK   mimikatz-function=0x46D534-characteristic(nzxor)-False
OK   mimikatz-function=0x46D6CE-string((null))-True
OK   mimikatz-function=0x4702FD-characteristic(calls from)-False
OK   mimikatz-function=0x47153B,bb=0x4717AB,insn=0x4717B1-number(-0x30)-False
OK   mimikatz-function=0x471EAB,bb=0x471ED8,insn=0x471EE6-number(0x4)-False
...
OK   mimikatz-file-import(cabinet.FCIAddFile)-True
DONE

Checklist

  • No CHANGELOG update needed
  • No new tests needed
  • No documentation update needed

@mr-tz mr-tz requested review from mike-hunhoff and williballenthin and removed request for mike-hunhoff January 12, 2023 15:07
@mr-tz mr-tz merged commit fa0ddba into master Jan 19, 2023
@mr-tz mr-tz deleted the ref-format-feat branch January 19, 2023 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@williballenthin williballenthin williballenthin approved these changes

@mike-hunhoff mike-hunhoff Awaiting requested review from mike-hunhoff

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

format not included in global features and cannot be matched < file scope
2 participants
@mr-tz @williballenthin