-
Postagens
695 -
Registro em
-
Última visita
Nunca -
Dias Ganhos
1
Tipo de Conteúdo
Fóruns
Treinamentos
Notícias
Artigos
Contribuindo
Profissões
Materiais de estudo
Pesquisa
Downloads
Loja
Eventos
Blogs
Galeria
Posts postados por MBot
-
-
Please see the file NEWS for a detailed list of changes.
Note: all versions are functionally equivalent, i.e. each version can handle all executable formats, so you only need the file that runs on your host OS.
Security/VirusTotal links are listed in the pinned issue #437
Asset / File Description / Host OS upx-4.0.0-amd64_linux.tar.xz UPX - Linux version upx-4.0.0-arm64_linux.tar.xz UPX - Linux version upx-4.0.0-armeb_linux.tar.xz UPX - Linux version upx-4.0.0-arm_linux.tar.xz UPX - Linux version upx-4.0.0-dos.zip UPX - DOS version upx-4.0.0-i386_linux.tar.xz UPX - Linux version upx-4.0.0-mipsel_linux.tar.xz UPX - Linux version upx-4.0.0-mips_linux.tar.xz UPX - Linux version upx-4.0.0-powerpc64le_linux.tar.xz UPX - Linux version upx-4.0.0-powerpc_linux.tar.xz UPX - Linux version upx-4.0.0-src.tar.xz UPX - source code tarball upx-4.0.0-win32.zip UPX - X86 Win32 version upx-4.0.0-win64.zip UPX - X64 Win64 version -
Release 0.5.4
-
submodules: Bump outdated
-
-
v1.15.2784 (Windows 10) and v1.15.2785 (Windows 11) are servicing updates to Windows Terminal Stable v1.15. It is highly recommended that you install this version if you're using Windows 11 22H2 (October Update).
As a reminder, Terminal 1.12 was the last version of Windows Terminal that supports Windows 19H1 or 19H2.
Preinstallation Kit info
Those versions of Windows went out of support in May, so you really may want to consider upgrading.A preinstallation kit is available for system integrators and OEMs interested in prepackaging Windows Terminal with a Windows image. More information is available in the DISM documentation on preinstallation. Users who do not intend to preinstall Windows Terminal should continue using the msixbundle distribution.
Why are there so many packages? How do I choose? This version of Windows Terminal is distributed in two bundles, one of which works on Windows 10-11 and the other of which only works on Windows 11. The Windows 11 version is much smaller because we no longer need to work around a platform issue related to our dependencies.If you intend on using Terminal as an unpackaged application--that is, extracting the
msix
file--we recommend that
you use theWin10
bundle. You will need the Visual C++ runtime redistributable.In addition, if you install the packaged version on either Windows 10 or Windows 11, it now depends on the Visual C++ Universal Runtime Package.
Despite these distributions having different version numbers, they are built from the same code and there is no
functional difference between them.If you install the Windows 10 version on Windows 11, it will probably automatically upgrade itself to the Windows 11
version.This servicing release supersedes the v1.15.2712.0 release (not uploaded to GitHub) and contains the following bug fixes and changes:
Changes
- Terminal will now detect the title of a LNK or EXE as the default terminal (backport from 1.16) (#13570)
Bug Fixes
Stability and Security
- Windows Terminal once again works on Windows N (no media) SKUs
OSC 9;9
will now reject malformed paths (#14093)OSC 8
URIs will be limited to 2MB in length, following iTerm2 (and only 1024 bytes will be displayed in the tooltip) (#14198)- We've fixed some lag and deadlocking that would happen when you close a tab (#14041)
- We will no longer leak
OpenConsole
processes when they're running a Visual Studio Developer Shell (#14160) - An application calling
system()
on its main thread will no longer deadlock itself and Terminal (when Terminal is set as default) (#14195) - We've fixed a potential race condition causing a crash on tab close (#13882)
Accessibility
- The WPF control now supports accessibility notifications (#14097)
- The Settings UI title/breadcrumb bar is now readable by screen readers (#14180)
Usability
- You can now duplicate unfocused tabs (#13964) (thanks @JerBast!)
- The Open in Terminal shell extension should appear more reliably on the Desktop context menu (#14048) (#14211)
- "Export Text" will no longer suggest illegal filenames (#13693) (thanks @EliaSchiavon!)
- Alt+Space will now open the system menu in the Settings UI and Command Palette (#14221)
intenseTextStyle
is now included properly in the JSON schema (whoops) (#14210) (thanks @neersighted!)
-
v1.15.2712.0
-
-
See https://frida.re/news/ for details.
-
See https://frida.re/news/ for details.
-
This is the second stable release of the Windows Package Manager 1.3.
This release is just for the sake of transparency for Windows Package Manager users. This ensures that the GitHub release is aligned with any changes related to AppInstaller. The changes associated with this release only affect AppInstaller. No additional features or bug fixes related to winget were included.
Experimental features are disabled in this release.
-
Here on this day of September 2022, we've quashed a number of bugs in the 1.16 preview release and added some new features to boot.
Enjoy!Changes
- Terminal now understands the sizes of characters newly-added in Unicode 15.0 (#14001)
- We've added support for fractional font sizes (surprise! on a point release!) (#14013) (#14040)
- If you're using the new text rendering engine plus the Terminus TTF font, you can now select a font size that perfectly matches a bitmap strike . . . and it works!
Bug Fixes
New Rendering Engine
- Bitmap fonts should look much better now (#14014)
- As a side effect, we are now intentionally ignoring the typographic line gap. We have found that monospaced terminal fonts have a line gap of zero, and the ones that don't should.
- See above. Some bitmap fonts require fractional point sizes . . . so now you can see them in their full glory!
- On devices that don't support Shader Model 4.0 but do support DirectX 10, we will no longer try to use the glyph atlas (#13994)
- ... and if we did, we would no longer tell you about the error 10,000 times (#13995) (thanks to @Its-Nevmo and @noinkling for testing!)
- No longer should there be streaks of cursor left all over the left side of the screen (#14038)
- If you were to specify
\e#3
, we might have crashed before, but now we will not (#13966) - You can once again use shaders for
experimental.pixelShaderPath
that are not technically perfect (ones that compile wit warnings) (#13998) (thanks @mrange!) - Some text (especially that which requires fake italics) should now look less like
a RaNsOm nOtE
(#14039)- It might still look a little bit like a ransom note, sorry. Just less so.
Reliability
-
This one almost speaks for itself. Dang. Welcome to Terminal: Really Long Release Notes Edition!
Features
- Themes: Terminal now has support for themes! (#12992) (#13049) (#13178) (#13348) (#13465) (#13689) (#13702) (#13871)
- To celebrate this, we've changed the default theme to Windows Dark. If you are not happy about that, you can change it back to light or anything you like (#13743)
- New Text Rendering Engine
- The new text rendering engine is now enabled by default in Preview builds (#13752)
- We've added support for the
experimental.pixelShaderPath
andexperimental.retroTerminalEffect
settings... (#13885)- ... with a further optimization: shaders that do not use the
time
component will not trigger a redraw every frame! (#13903)
- ... with a further optimization: shaders that do not use the
- It now supports...
- Glyphs that have not been used in some time will be aged out and replaced (#13458) (#13607) (#13784) (#13477)
- Performance over RDP to a machine that has no GPU has been improved (#13816)
- (at the cost of some fidelity)
experimental.rendering.software
will enable this fallback mode as a last resort for compatibility
- Glyphs that do not fit in a cell will be scaled up or down as appropriate (#13549), including "Powerline" glyphs (#13650)
- We've added a setting in the Rendering section, and promoted
useAtlasEngine
out of theexperimental.
compartment (#13939) - Fonts whose cell sizes were borderline are now rounded instead of clamped to the next pixel size up (#13833)
- We've made some other correctness and compatibility fixes, far too minute to name (#13956) (#13496) (#13906) (#13530) (#13608)
- Somewhat as a side effect of all this, you may notice that you're seeing an inverted cursor where you had not previously seen one!
- This release marks the triumphant return of the "adjust brightness of indistinguishable colors" feature... (#13343)
- ...and it's brought friends: you can now enable it for all color pairs (#13512)
- You can enable it with the profile setting
adjustIndistinguishableColors
(enumnever
,indexed
,always
; defaultnever
)
- We've redesigned the color schemes page (#13269) and made updates all over the settings UI (#13179) (#13390) (#13378) (#13377) (#13391)
- New in this release: color scheme previews, and an easy-access "Set as default color scheme" button!
- You can now configure Terminal to hide when it loses focus (#13478) (thanks @davidegiacometti!)
- You can now close all panes other than the focused one with the
closeOtherPanes
action! (#13547) (thanks @JerBast!) - There's a new option that lets you configure where new tabs appear: next to the current one, or at the end (#13421) (#13602) (#13469) (thanks @serd2011!)
- JSON setting
newTabPosition
(enumafterLastTab
(default),afterCurrentTab
)
- JSON setting
- Tab and Shift+Tab now navigate between hyperlinks in Mark Mode. You can open the selected link with Ctrl+Enter. (#13405) (#13494)
- You can now
expandSelectionToWord
, which will... well, you know. (#13765) - We will now try to detect the title when Terminal is launched by default from an LNK file (#13570)
- For the old conhost fans in the room, you can now set
experimental.enableColorSelection
(global, bool, defaultfalse
) to add 31 new actions that will highlight search results in the colors of the rainbow (#13429)- This conhost feature used to be hidden behind a registry key. If you know about it, I think I'm supposed to say you're "one of the real ones?"
Changes
Interaction
- When in mark mode, its built in key bindings Ctrl+A and the modified arrow keys will take precedence over your key bindings (#13659)
- We've polished how existing selections interact with mark mode (#13893)
- @AdamSotak has added quick access buttons for the source code and filing feedback to the About dialog (#13510) (thanks!)
- When your pane is in a light color scheme, the bell flash will now be dark (#13707) (thanks @Fyrebright!)
- Inverted cursors (which you might find lying around) will now be slightly modulated to account for accidental color overlaps (#13748) (thanks @alabuzhev!)
- When you Select All, we'll scroll to the top of the screen (#13656)
- Multi-line paste will no longer strip newlines if there are other newlines in the content (#13698) (thanks @serd2011!)
- This is to aid in the pasting (after confirmation, of course!) of multi-line commands.
UI
- @dansmor7 figured out that we don't need to draw our caption buttons ourselves; now they look great on all versions of Windows! (#13341) (thanks!)
Console Compatibility
- We will now discard empty command histories before discarding LRU non-empty ones (#13869) (thanks @serd2011!)
ReadConsoleOutput
will no longer return nonsense if you wrote nonsense to the text buffer (API BREAKING CHANGE) (#13321)
VT Support
- We now support
DECBKM
(Backarrow Key Mode) (#13894) (thanks @j4james!) - The slow march to soft font support in Terminal continues . . . (#13362) (thanks @j4james!)
Bug Fixes
Interaction
- Terminal will now use the tab's active title for
Export Text
(#13915) (thanks @serd2011!) - The Emoji picker, PinYin IME or any other IME will no longer drift off the bottom of the screen (oops) (#13785)
- The settings UI will now disable "Always show tabs" when "Hide the title bar" is enabled (#13694) (thanks @leejy12!)
- We'll no longer helpfully offer to put things like
\\
and:
in your filenames for Export Text (oops) (#13693) (thanks @EliaSchiavon!) - We've fixed command line argument parsing when there was a one-letter argument followed by a
;
(#13706) (thanks @serd2011!) - In the command palette, the 'go back' button will finally returns to the previously selected action (#13504) (thanks @JerBast!)
UI
- No longer is there a 1-pixel gap under inactive tabs (#13897)
Accessibility
- The Command Palette has become much chattier, announcing (to a screen reader) the name of the selected item (#13519)
- Asking for
INT_MAX
characters via UIA will no longer wig us out or try to send you multiple gigabytes of null bytes (#13779)- However, it remains impolite to ask for
INT_MAX
characters viaITextPattern::GetText
.
- However, it remains impolite to ask for
Performance
- Terminal is now 1.2 megabytes smaller on disk (uncompressed) thanks to not using RTTI (#13947) (thanks RTTI!)
- Updating the jumplist used to happen on every launch. Now it will only happen if you've actually changed your settings (#13692)
Reliability
- Fixed a number of crashes, not all of which were common or user-impacting:
- Attempted a fix for the
SignalTextChanged
crash (#13876) - Attempted another fix, this time for the
_refreshSizeUnderLock
crash (#13857) - Fixed a crash in
_WritePseudoWindowCallback
(#13777) - Fixed a crash on exit with the command palette open (#13778)
- Fixed a race condition in UpdatePatternLocations (#13859)
- Fixed two race conditions around pseudo window visibility (#13832)
- Fixed a crash in NVDA, caused by us considering a specific text range invalid (#13907)
- Fixed a ControlCore race condition on connection close (#13882)
- Fixed a crash on settings reload (#13644)
- Fixed a crash when showTabsInTitlebar:false (#13561)
- Fixed crash on save in rejuv'd Color Schemes page (#13902)
- Attempted a fix for the
- Terminal should now more reliably appear in the context menu
- We've stopped conhost from buying the farm when it got
--headless
without--signal
(#13950)
With additional thanks to our documentation and code health contributors @jsoref and @LitoMore.
- Themes: Terminal now has support for themes! (#12992) (#13049) (#13178) (#13348) (#13465) (#13689) (#13702) (#13871)
-
This release migrates some awesome features, changes and bug fixes from Terminal 1.15 Preview into the stable channel!
- Terminal now supports "Mark Mode", a keyboard-first text selection and navigation mode. The name is an homage to the traditional Windows Console Host!
- It is bound by default to Ctrl+Shift+M
Please see the following release notes for additional details:
- Windows Terminal Preview v1.15.228
- Windows Terminal Preview v1.15.200
- Windows Terminal Preview v1.15.186
Note that the new text rendering engine and scrollbar mark feature is not included in this Stable build. Yet.
IMPORTANT
This version was made available to the Dev External flighting ring (Windows Insiders) first, and will be
released to general availability one or two weeks later depending on its reliability.As a reminder, Terminal 1.12 was the last version of Windows Terminal that supports Windows 19H1 or 19H2.
Preinstallation Kit info
That version of windows is going out of support soon, so you may want to consider upgrading.A preinstallation kit is available for system integrators and OEMs interested in prepackaging Windows Terminal with a Windows image. More information is available in the DISM documentation on preinstallation. Users who do not intend to preinstall Windows Terminal should continue using the msixbundle distribution.
Why are there so many packages? How do I choose? This version of Windows Terminal is distributed in two bundles, one of which works on Windows 10-11 and the other of which only works on Windows 11. The Windows 11 version is much smaller because we no longer need to work around a platform issue related to our dependencies.If you intend on using Terminal as an unpackaged application--that is, extracting the
msix
file--we recommend that
you use theWin10
bundle. You will need the Visual C++ runtime redistributable.In addition, if you install the packaged version on either Windows 10 or Windows 11, it now depends on the Visual C++ Universal Runtime Package.
Despite these distributions having different version numbers, they are built from the same code and there is no
functional difference between them.If you install the Windows 10 version on Windows 11, it will probably automatically upgrade itself to the Windows 11
version. It turns out that it is impossible to have two bundles with the same version number, so it has to be this
way.In addition to the above, we've backported the following changes and bugfixes from Windows Terminal Preview 1.16:
Changes
Interaction
- When in mark mode, its built in key bindings Ctrl+A and the modified arrow keys will take precedence over your key bindings (#13659)
- We've polished how existing selections interact with mark mode (#13893)
UI
- @dansmor7 figured out that we don't need to draw our caption buttons ourselves; now they look great on all versions of Windows! (#13341) (thanks!)
Bug Fixes
Interaction
- Terminal will now use the tab's active title for
Export Text
(#13915) (thanks @serd2011!) - The Emoji picker, PinYin IME or any other IME will no longer drift off the bottom of the screen (oops) (#13785)
Accessibility
- The Command Palette has become much chattier, announcing (to a screen reader) the name of the selected item (#13519)
- Asking for
INT_MAX
characters via UIA will no longer wig us out or try to send you multiple gigabytes of null bytes (#13779)- However, it remains impolite to ask for
INT_MAX
characters viaITextPattern::GetText
.
- However, it remains impolite to ask for
Performance
- Terminal is now 1.2 megabytes smaller on disk (uncompressed) thanks to not using RTTI (#13947) (thanks RTTI!)
Reliability
- Fixed a number of crashes (smaller number than that in Preview), not all of which were common or user-impacting:
- Attempted a fix for the
SignalTextChanged
crash (#13876) - Attempted another fix, this time for the
_refreshSizeUnderLock
crash (#13857) - Fixed a crash in
_WritePseudoWindowCallback
(#13777) - Fixed a crash on exit with the command palette open (#13778)
- Fixed a race condition in UpdatePatternLocations (#13859)
- Fixed two race conditions around pseudo window visibility (#13832)
- Fixed a crash in NVDA, caused by us considering a specific text range invalid (#13907)
- Attempted a fix for the
- Terminal should now more reliably appear in the context menu
With additional thanks to our documentation and code health contributors @jsoref and @LitoMore.
- Terminal now supports "Mark Mode", a keyboard-first text selection and navigation mode. The name is an homage to the traditional Windows Console Host!
-
New Features
- add
--large-file
argument to process larger files - Python package now contains the signature files to identify library functions
Other Updates
- updated IDA Pro integration and annotation scripts
- add
-
Please see the file CHANGELOG for a detailed list of changes.
Asset / File Description / Host OS die_sourcecode_3.06.tar.gz Source code tarball Detect_It_Easy-3.06-x86_64.AppImage Portable version for Linux How to run die_3.06_Debian_9.13_amd64.deb Installer for Debian 9 die_3.06_Debian_10_amd64.deb Installer for Debian 10 die_3.06_Debian_11_amd64.deb Installer for Debian 11 die_3.06_Ubuntu_14.04_amd64.deb Installer for Ubuntu 14.04 die_3.06_Ubuntu_16.04_amd64.deb Installer for Ubuntu 16.04 die_3.06_Ubuntu_18.04_amd64.deb Installer for Ubuntu 18.04 die_3.06_Ubuntu_20.04_amd64.deb Installer for Ubuntu 20.04 die_3.06_Ubuntu_22.04_amd64.deb Installer for Ubuntu 22.04 die_3.06_portable_Ubuntu_20.04_amd64.tar.gz Portable version for Ubuntu 20.04 detect-it-easy-3.06-1-x86_64.pkg.tar.zst Installer for Arch Linux die_mac_3.06.pkg Installer for macOS die_mac_qt6_3.06.pkg Installer for macOS Qt6 M1 processor die_mac_portable_3.06.zip Portable version for macOS die_win32_portable_3.06.zip Portable version for x86 Win32 (Win7-Win11) die_win64_portable_3.06.zip Portable version for x64 Win64 (Win7-Win11) die_winxp_portable_3.06.zip Portable version for Windows XP (WinXP-Win11) Experimental versions - There may be bugs in the GUI
Asset / File Description / Host OS die_win64_qt6_portable_3.06.zip Portable version for x64 Win64 Qt6 (Win10-Win11) -
This is another servicing release for the Preview channel of Windows Terminal! We fixed that Alt+Tab issue!
Note
People in the Beta channel of the Windows Insider program will receive 1.15 as a Stable channel update while we test out coming features for the next version of Windows. It is roughly equivalent to the build included here, but it does not include the experimental text rendering engine.It contains the following other things as well:
Bug Fixes
Usability
- We've restored the ability for Alt+Tab to restore the Terminal after it was minimized with the taskbar icon (#13624)
- Terminal will no longer replace colored backgrounds with blank spaces on first launch (#13665)
- We will once again display underlines, hyperlinks, and more to the end of the line instead of getting tired and stopping early (#13661)
- Sessions handed off from the Windows Console will no longer stick around with an ominous and annoying "process exited with code ..." message, unless you explicitly configure them to.
- Select All and Mark Mode will now trigger scrolling to make sure that one of the selection endpoints is visible. (#13660)
SendInput
with high unicode characters will no longer fail (#13667)- Text input in Japanese, Vietnamese, Korean and Chinese should be more reasonably switch between alphanumeric modes (#13678) (#13677)
Reliability
- We've upgraded to XAML 2.7.3 to fix a crash in closing the Settings page (#13761)
- The "Open Terminal Here" context menu item should show up more reliably (and crash less) (reverted PR #13206)
- We've solved--or at least, reduced the incidence of--one source of deadlocks in rendering (#13758)
- We'll try much harder to defibrillate a Terminal session that can't talk to the "primary" Terminal session to improve reliability (#13604)
- We will now listen to signals the OS sends us telling us that it's taking us down for an update. It's not going to help us stop it form happening,
but it puts us in a better position to handle it later (#13614)
Performance
-
This servicing release of Windows Terminal v1.14 originally became available in the Release Preview channel on August 17th
Preinstallation Kit infoA preinstallation kit is available for system integrators and OEMs interested in prepackaging Windows Terminal with a Windows image. More information is available in the DISM documentation on preinstallation. Users who do not intend to preinstall Windows Terminal should continue using the msixbundle distribution.
Why are there so many packages? How do I choose? This version of Windows Terminal is distributed in two bundles, one of which works on Windows 10-11 and the other of which only works on Windows 11. The Windows 11 version is much smaller because we no longer need to work around a platform issue related to our dependencies.If you intend on using Terminal as an unpackaged application--that is, extracting the
msix
file--we recommend that
you use theWin10
bundle. You will need the Visual C++ runtime redistributable.In addition, if you install the packaged version on either Windows 10 or Windows 11, it now depends on the Visual C++ Universal Runtime Package.
Despite these distributions having different version numbers, they are built from the same code and there is no
functional difference between them.If you install the Windows 10 verison on Windows 11, it will probably automatically upgrade itself to the Windows 11
version. It turns out that it is impossible to have two bundles with the same version number, so it has to be this
way.It contains the following fixes:
- We've upgraded to XAML 2.7.3 to fix a crash in closing the Settings page (#13761)
- The "Open Terminal Here" context menu item should show up more reliably (and crash less) (reverted PR #13206)
- We've solved--or at least, reduced the incidence of--one source of deadlocks in rendering (#13758)
- Terminal will no longer replace colored backgrounds with blank spaces on first launch (#13665)
- We will once again display underlines, hyperlinks, and more to the end of the line instead of getting tired and stopping early (#13661)
SendInput
with high unicode characters will no longer fail (#13667)- We've restored the ability for Alt+Tab to restore the Terminal after it was minimized with the taskbar icon (#13624)
-
Some rules contained invalid metadata fields that caused an error when rendering rule hits. We've updated all rules and enhanced the rule linter to catch such issues.
New Rules (1)
- anti-analysis/obfuscation/obfuscated-with-vs-obfuscation jakub.jozwiak@mandiant.com
Bug Fixes
- linter: use pydantic to validate rule metadata #1141 @mike-hunhoff
- build binaries using PyInstaller no longer overwrites functions in version.py #1136 @mr-tz
Raw diffs
-
Version 4 adds support for analyzing .NET executables. capa will autodetect .NET modules, or you can explicitly invoke the new feature extractor via
--format dotnet
. We've also extended the rule syntax for .NET features includingnamespace
andclass
.Additionally, new
instruction
scope andoperand
features enable users to create more explicit rules. These features are not backwards compatible. We removed the previously used/x32
and/x64
flavors of number and operand features.We updated 49 existing rules and added 22 new rules leveraging these new features and characteristics to detect capabilities seen in .NET malware.
More breaking changes include updates to the JSON results document, freeze file format schema (now format version v2), and the internal handling of addresses.
Thanks for all the support, especially to @htnhan, @jtothej, @sara-rn, @anushkavirgaonkar, and @_re_fox!
Deprecation warning: v4.0 will be the last capa version to support the SMDA backend.
New Features
- add new scope "instruction" for matching mnemonics and operands #767 @williballenthin
- add new feature "operand[{0, 1, 2}].number" for matching instruction operand immediate values #767 @williballenthin
- add new feature "operand[{0, 1, 2}].offset" for matching instruction operand offsets #767 @williballenthin
- extract additional offset/number features in certain circumstances #320 @williballenthin
- add detection and basic feature extraction for dotnet #987 @mr-tz, @mike-hunhoff, @williballenthin
- add file string extraction for dotnet files #1012 @mike-hunhoff
- add file function-name extraction for dotnet files #1015 @mike-hunhoff
- add unmanaged call characteristic for dotnet files #1023 @mike-hunhoff
- add mixed mode characteristic feature extraction for dotnet files #1024 @mike-hunhoff
- emit class and namespace features for dotnet files #1030 @mike-hunhoff
- render: support Addresses that aren't simple integers, like .NET token+offset #981 @williballenthin
- document rule tags and branches #1006 @williballenthin, @mr-tz
Breaking Changes
- instruction scope and operand feature are new and are not backwards compatible with older versions of capa
- Python 3.7 is now the minimum supported Python version #866 @williballenthin
- remove /x32 and /x64 flavors of number and operand features #932 @williballenthin
- the tool now accepts multiple paths to rules, and JSON doc updated accordingly @williballenthin
- extractors must use handles to identify functions/basic blocks/instructions #981 @williballenthin
- the freeze file format schema was updated, including format version bump to v2 #986 @williballenthin
Deprecation notice: as described in #937, we plan to remove the SMDA backend for v5. If you rely on this backend, please reach out so we can discuss extending the support for SMDA or transitioning your workflow to use vivisect.
New Rules (30)
- data-manipulation/encryption/aes/manually-build-aes-constants huynh.t.nhan@gmail.com
- nursery/get-process-image-filename michael.hunhoff@mandiant.com
- compiler/v/compiled-with-v jakub.jozwiak@mandiant.com
- compiler/zig/compiled-with-zig jakub.jozwiak@mandiant.com
- anti-analysis/packer/huan/packed-with-huan jakub.jozwiak@mandiant.com
- internal/limitation/file/internal-dotnet-file-limitation william.ballenthin@mandiant.com
- nursery/get-os-information-via-kuser_shared_data @mr-tz
- load-code/pe/resolve-function-by-parsing-PE-exports @sara-rn
- anti-analysis/packer/huan/packed-with-huan jakub.jozwiak@mandiant.com
- nursery/execute-dotnet-assembly anushka.virgaonkar@mandiant.com
- nursery/invoke-dotnet-assembly-method anushka.virgaonkar@mandiant.com
- collection/screenshot/capture-screenshot-via-keybd-event @_re_fox
- collection/browser/gather-chrome-based-browser-login-information @_re_fox
- nursery/power-down-monitor michael.hunhoff@mandiant.com
- nursery/hash-data-using-aphash @_re_fox
- nursery/hash-data-using-jshash @_re_fox
- host-interaction/file-system/files/list/enumerate-files-on-windows moritz.raabe@mandiant.com anushka.virgaonkar@mandiant.com
- nursery/check-clipboard-data anushka.virgaonkar@mandiant.com
- nursery/clear-clipboard-data anushka.virgaonkar@mandiant.com
- nursery/compile-dotnet-assembly anushka.virgaonkar@mandiant.com
- nursery/create-process-via-wmi anushka.virgaonkar@mandiant.com
- nursery/display-service-notification-message-box anushka.virgaonkar@mandiant.com
- nursery/find-process-by-name anushka.virgaonkar@mandiant.com
- nursery/generate-random-numbers-in-dotnet anushka.virgaonkar@mandiant.com
- nursery/send-keystrokes anushka.virgaonkar@mandiant.com
- nursery/send-request-in-dotnet anushka.virgaonakr@mandiant.com
- nursery/terminate-process-by-name-in-dotnet anushka.virgaonkar@mandiant.com
- nursery/hash-data-using-rshash @_re_fox
- persistence/authentication-process/act-as-credential-manager-dll jakub.jozwiak@mandiant.com
- persistence/authentication-process/act-as-password-filter-dll jakub.jozwiak@mandiant.com
Bug Fixes
- improve handling _ prefix compile/link artifact #924 @mike-hunhoff
- better detect OS in ELF samples #988 @williballenthin
- display number feature zero in vverbose #1097 @mike-hunhoff
capa explorer IDA Pro plugin
- improve file format extraction #918 @mike-hunhoff
- remove decorators added by IDA to ELF imports #919 @mike-hunhoff
- bug fixes for Address abstraction #1091 @mike-hunhoff
Raw diffs
-
Bump version number.
-
Bump version to 5.6.0.
-
This is the second development build after the Windows Package Manager 1.3 build for Windows 10 (1809+) and Windows 11.
Experimental features are enabled in this release. The experimental support for installing from a zip file (except portable packages) is included in this release. This build will be released to Windows Insider Dev builds, and Windows Package Manager Insiders.
Run
winget features
to see which experimental features are enabled or disabled.
Add the following to your settings (winget settings
) file to enable support for testing .zip manifests:"experimentalFeatures": {"zipInstall": true}
Note: The Windows Package Manager Community Repository does not accept zip applications. They will not be accepted until after 1.4 is Generally Available and has been rolled out to the majority of Windows systems via the automatic upgrade from the Microsoft Store. Users may test with local manifests.
We've also made progress towards native PowerShell cmdlets. These will work with PowerShell 6 and PowerShell 7. We're still working on the hurdles associated with PowerShell 5.1. We're planning to have a downloadable module for import in a future release. Join the PowerShell discussions if you're interested.
Features
- Add Microsoft.WinGet.Client PowerShell Module files #2314
- winget find should be a synonym of winget search #1299
- Add aliases for installation and uninstallation #2303
- Add winget remove as an alias command for winget uninstall #1978
- Make "Update" an alias for "Upgrade" #1026
- Command aliases #380
Bugs
- winget 1.4.2011-preview can't install MSI-based applications #2365
What's Changed
- Add InstallationMetadata to manifests for future deep installation detection by @yao-msft in #2350
- Expand WinMD discovery by @jontab in #2348
- Move to using sqlite3_errmsg to extract a contextual error for SQLite failures by @JohnMcPMS in #2352
- Add in-process and out-of-process E2E tests by @AmelBawa-msft in #2315
- Implement FolderFileWatcher by @msftrubengu in #2336
- Update CsWinRTWindowsMetadata value by @AmelBawa-msft in #2357
- Remove correlation blocker for remote->local in some cases by @JohnMcPMS in #2362
- Update documentation with 1.3 settings by @ryfu-msft in #2363
- Add Microsoft.WinGet.Client PowerShell Module files by @jontab in #2314
- Fix file overwrite warning displayed on clean first install by @ryfu-msft in #2375
- Logging improvements by @JohnMcPMS in #2378
- Add SYSTEM to explicit ACLs by @JohnMcPMS in #2370
- Remove tests that no longer serve a purpose by @JohnMcPMS in #2379
- Check for symlink creation privilege for portable install by @ryfu-msft in #2369
- Server certificate pinning for Store source by @JohnMcPMS in #2347
- Remove scope filter from being applied to portables by @ryfu-msft in #2383
- Validate SignatureSha256 for MSIX packages during the manifest validation by @AmelBawa-msft in #2384
- Enable MSI testing in CI/CD pipeline by @JohnMcPMS in #2386
- Standardize 'Show' labels to manifest fields by @Trenly in #2311
- fix
ms-windows-store
link not rendered in md by @iamCristYe in #2403 - Add command aliases by @Trenly in #2390
- Add support for
RequireExplicitUpgrade
manifest element by @lechacon in #1795 - Add the ability to specify "scope or unknown" via COM by @JohnMcPMS in #2402
New Contributors
- @iamCristYe made their first contribution in #2403
Full Changelog: release-v1.3.1872...release-v1.4.2161-preview
-
Official GNU Binutils 2.39 release
- 1
-
ILSpy 8 is based on .NET 6.0 compared to .NET Framework 4.7.2 for the previous generations of ILSpy. All artifacts except the self-contained distribution are built framework-dependent, which means .NET 6.0 must be installed prior to starting ILSpy.
New Language Features
- C# 11: ref fields
- C# 10: record structs
- C# 10: Support DefaultInterpolatedStringHandler
- Updated pattern detection for Roslyn 4.3.0
- Output attributes on lambda expressions
Contributions
- Allow user to provide ID when generating a PDB (see #2678 by @andrewcrawley)
- Assume conventionally named unresolved method references are properties or events (see #2677 by @fowl2)
- Add EnableWindowsTargeting propery to csprojs targeting net6.0-windows (see #2752 by @clin1234)
- Reduce allocations in TransformArrayInitializers (see #2731 by @ElektroKill)
- Fix allowed language versions in
ilspycmd
(see #2703 by @superstrom) - Fix crash target framework detection with C++/CLI (see #2698 by kant2002)
Enhancements
- #2684: Iteratively unhide compiler-generated code, if it is referenced by user-code
- Use
Unsafe.SizeOf
when taking the size of a managed type - #2718: Move XAML files that have an x:Class declaration next to their C# counterparts when using WholeProjectDecompiler
Bug fixes
- #2691: Do not use AssemblyDefintion.GetAssemblyName(). This fails in culture-invariant mode (ilspycmd) when trying to work with satellite assemblies, because System.Reflection.AssemblyName tries to retrieve CultureInfo of the assembly culture
- #2733: Ignore bad metadata when trying to resolve ResolutionScope
- #2741: CallBuilder produces invalid invocation target when disambiguating calls to protected methods
And many other fixes, for a full list click here.
Ghidra 10.2
em Releases de software
Postado
a5163f50bd6ce725c4c8638f7505b64bb603ea6bfe3f7d9ed4e403236716f787
Download