MBot

What's New Change History Installation Guide SHA-256: 88a8fdc4f4263ad44b2a83663cb420d729efe433fc2c23097b668f2cacf1ccb6 Download

No content.Download

View changelog. Download

New API handlers Download

New API handlers Download

New Language Features C# 9.0 skip locals init Contributions Various improvements in pattern detection for records (by @yyjdelete in #2476) ILSpyCmd: Added support for single-file bundles (by @Freakness109 in #2499) BAML decompiler: Add missing x:Static (by @wwh1004 and @bert2 in #2536) Visual Studio AddIn We now have an addin for VS2022 https://marketplace.visualstudio.com/items?itemName=SharpDevelopTeam.ILSpy2022 that is separate from the legacy addin. If you had ILSpy installed in a preview version of VS2022, please uninstall the old version and install this new one. Enhancements Added ETW instrumentation to the decompiler for performance measurements. Added DecompilerTypeSystem.CreateAsync to allow asynchronous initialization. #2522: Support backticks in fully-qualified names when searching for type #2520: The matched pairs are hardly visible in the dark theme #2298: Allow to change the DecompilerTextView's font size through scrolling. Bug fixes #2518: "Other resources" section in resource files was not properly displayed #2534: Handle default implementations of properties and events in interfaces #2458, #2459: Fixed various correctness issues in IL code generated by C++/CLI. #2530: Stability fixes in pattern matching detection #2378: Stability fixes in deconstruction detection And many other fixes, for a full list click here. Download

Update submodules Download

Update submodules Download

v3.0.3 (2021-10-27) This is primarily a rule maintenance release: eight new rules, including all relevant techniques from ATT&CK v10, and two rules removed, due to the prevalence of false positives We've also tweaked the status codes returned by capa.exe to be more specific and added a bit more metadata to the JSON output format. As always, welcome first time contributors! still@teamt5.org zander.work@mandiant.com New Features show in which function a BB match is #130 @williballenthin main: exit with unique error codes when bailing #802 @williballenthin New Rules (8) nursery/resolve-function-by-fnv-1a-hash still@teamt5.org data-manipulation/encryption/encrypt-data-using-memfrob-from-glibc zander.work@mandiant.com collection/group-policy/discover-group-policy-via-gpresult william.ballenthin@mandiant.com host-interaction/bootloader/manipulate-safe-mode-programs william.ballenthin@mandiant.com nursery/enable-safe-mode-boot william.ballenthin@mandiant.com persistence/iis/persist-via-iis-module william.ballenthin@mandiant.com persistence/iis/persist-via-isapi-extension william.ballenthin@mandiant.com targeting/language/identify-system-language-via-api william.ballenthin@mandiant.com Removed rules (2) load-code/pe/parse-pe-exports: too many false positives in unrelated structure accesses anti-analysis/anti-vm/vm-detection/execute-anti-vm-instructions: too many false positives in junk code Bug Fixes update references from FireEye to Mandiant Raw diffs capa v3.0.2...v3.0.3 capa-rules v3.0.2...v3.0.3 Download

View changelog. Download

See https://frida.re/news/ for details. Download

See https://frida.re/news/ for details. Download

No content.Download

v1.12.2931.0 Download

Update frida-gum Download

See https://frida.re/news/ for details. Download

v1.12.2922.0 Download

v1.11.2921.0 Download

Release 2021.10 - Royal Kill Download

See https://frida.re/news/ for details. Download

View changelog. Download

New CLI entrypoint (no more 'run_speakeasy.py', it's just 'speakeasy' now) Child process emulation support New API handlers API handler bug fixes and improvements Download

New CLI entrypoint (no more 'run_speakeasy.py', it's just 'speakeasy' now) Child process emulation support New API handlers API handler bug fixes and improvements Download

Child process emulation support New CLI entrypoint (no more run_speakeasy.py) New API handlers API handler bug fixes Download

New Language Features Adjusted pattern detection for Roslyn 3.11 C# 7.0 pattern matching C# 9 covariant returns Contributions Updated ReadyToRun. (by @cshung in #2489) Analyzers: Return valid modules only. (by @zvirja in #2496) Extensibility: Make SearchTermMatches virtual. (by @beaverden in #2494) Support loading compressed Xamarin assemblies. (by @cpraehaus in #2471) Fix null check in BamlDecompilerTypeSystem.HasType (by @yyjdelete in #2509) Visual Studio AddIn Allow to open ILSpy on project and package references Enhancements Add "Extract package entry" context menu entry for binaries inside bundles/packages. Better support for voice commands/keyboard navigation. Proper support for long paths in Windows 10 in WholeProjectDecompiler. IL disassembly: Option to show raw offsets and instruction bytes. IL disassembly: Show header sizes. Add simple public API for XamlDecompiler Bug fixes #2379: This fixes an issue where return statements within try-blocks could turn into goto statements. #2052: BAML-to-XAML: Resolve namespaces of properties #1858 and #2188: Improved decompilation of display-classes. #2424: Suppress the string==null special-case within the string class itself. #2092: aggressively inline code in compiler-generated lambdas and expression trees. And many other fixes, for a full list click here. Download