You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello! Thank you for this plugin as I find it very useful. I wanted to suggest a feature that I think may be useful and hopefully not too difficult to add.
Sometimes there are a lot of hashes near each other that can be resolved in a single swoop, which you have noted and created the ability to resolve all of them, which is really nice. But when these get used in malware, there is often an API_Struct of a sort that gets passed around using them. It would be nice to be able to have a struct that is generated that contains the resolved functions so that it can be applied to where this occurs.
This does not need to be anything beyond a simple struct with names, but an addition that could improve it even further might be something like incorporating the function prototypes for each resolved function so that the arguments can be populated as comments. This can sort of be seen in this blog post here about an IDA Plugin called StructTyper: https://www.mandiant.com/resources/blog/function-prototypes-indirect-calls
The text was updated successfully, but these errors were encountered:
Hello! Thank you for this plugin as I find it very useful. I wanted to suggest a feature that I think may be useful and hopefully not too difficult to add.
Sometimes there are a lot of hashes near each other that can be resolved in a single swoop, which you have noted and created the ability to resolve all of them, which is really nice. But when these get used in malware, there is often an API_Struct of a sort that gets passed around using them. It would be nice to be able to have a struct that is generated that contains the resolved functions so that it can be applied to where this occurs.
An example can be seen towards the middle/bottom of this blog post where it talks about
Create Struct: https://www.mandiant.com/resources/blog/precalculated-string-hashes-reverse-engineering-shellcodeThis does not need to be anything beyond a simple struct with names, but an addition that could improve it even further might be something like incorporating the function prototypes for each resolved function so that the arguments can be populated as comments. This can sort of be seen in this blog post here about an IDA Plugin called
StructTyper: https://www.mandiant.com/resources/blog/function-prototypes-indirect-callsThe text was updated successfully, but these errors were encountered: