Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cleaning/doccing searchfilter and static search #38

Open
elbee-cyber opened this issue May 29, 2024 · 2 comments
Open

Cleaning/doccing searchfilter and static search #38

elbee-cyber opened this issue May 29, 2024 · 2 comments

Comments

@elbee-cyber
Copy link
Owner

Clean and optimize static search, finish filter keyword translating and preset translating.

Keywords:

  • (Complete fallback try searching in disasm.contains)
  • has -> disasm.contains

Presets:

  • Write4 -> disasm.contains(regex
@elbee-cyber
Copy link
Owner Author

elbee-cyber commented Oct 24, 2024

Presets:

  • Change execve -> "rax==0xdeadbeef or rdi==0xdeadbeef or rdx==0 or rsi==0 or (disasm.has('syscall') and inst_cnt==1)"
  • srop -> "rax==15 or (inst_cnt==1 and disasm.has('syscall'))"
  • csu -> "disasm.has('pop rbp ; pop r12 ; pop r13 ; pop r14 ; pop r15') or disasm.has('mov rdx, r15 ;
    mov rsi, r14')" (depth needs to be high to detect full csu gadgets)

@elbee-cyber
Copy link
Owner Author

Add option to hide lower registers for amd64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant