MBot

ILSpy 8 is based on .NET 6.0 compared to .NET Framework 4.7.2 for the previous generations of ILSpy. All artifacts except the self-contained distribution are built framework-dependent, which means .NET 6.0.2+ must be installed prior to starting ILSpy. Note - none of the following lists are exhaustive except of course the first one: New Language Features C# 10: record structs C# 11: Required members C# 11: ref fields C# 10: Support DefaultInterpolatedStringHandler Output attributes on lambda expressions Updated pattern detection for Roslyn 4.4.0 Contributions More themes - Light/Dark are the original ones, R# & VS Code added (see #2906 and #2931 by @ltrzesniewski) Improve selected text highlighting (see #2938 by @Konctantin) Namespace nesting in ILSpy tree view (based on code provided by @ds5678 in #2667) ilspycmd received support for the "nested directories" option on project export. (see #2636 by @GreyXor) ilspycmd support for generating a solution from multiple projects (based on code provided by @marwie in #2364) Fix the ordering of COM interface methods, properties, and events to appear in their originally defined order (see #2639 by @zhuman) Allow user to provide ID when generating a PDB (see #2678 by @andrewcrawley) Assume conventionally named unresolved method references are properties or events (see #2677 by @fowl2) Add EnableWindowsTargeting propery to csprojs targeting net6.0-windows (see #2752 by @clin1234) Reduce allocations in TransformArrayInitializers (see #2731 by @ElektroKill) Fix crash target framework detection with C++/CLI (see #2698 by @kant2002) Add option to always fully qualify type names with global:: (see #2762 by @hexafluoride) Fix #2736: ILSpy decides to fully qualify type name when it is not necessary (see #2789 by @ElektroKill) Add progress reporting to PortablePdbWriter (see #2802 by @andrewcrawley) Add IEntityProcessor to ReflectionDisassembler (see #2835 by @tom-englert) Fix dynamic type index calculation in ApplyAttributeTypeVisitor (see #2840 by @ElektroKill) Add support for another using pattern (see #2841 by @ElektroKill) Fix debug assertion regarding using directives (see #2843 by @ElektroKill) Add support for VB cached delegate initialization (see #2844 by @ElektroKill) Add support for VB auto events (see #2845 by @ElektroKill) Add support for lock statements within yield return state machines (see #2846 by @ElektroKill) Add support for VB async state-machines (see #2853 by @ElektroKill) Enable various passing ignored tests (see #2852 and #2854 by @ElektroKill) Improve support for post-increment/decrement on pointers (see #2856 by @ElektroKill) Add support for record structs in CSharpAmbience (see #2911 by @ElektroKill) Add support for Visual Basic Yield Return state machine decompilation (see #2874 by @ElektroKill) Fix ResXResourceWriter support for MemoryStream resource element (see #2895 by @ElektroKill) Use .interfaceimpl type syntax (see #2903 by @ltrzesniewski) Fix empty parameter names in delegate declarations (see #2912 by @ElektroKill) Support disassembling ReadyToRun binaries compiled using composite mode (see #2944 by @cshung) Make return duplication in ControlFlowSimplification less aggressive (see #2972 by @ElektroKill) Show a dark title bar when a dark theme in ILSpy is selected (see #2948 by @tom-englert) Consider constructor type when lifting decimal constants (see #2953 by @ElektroKill) Extend EliminateRedundantTryFinally in ReduceNestingTransform (see #2959 by @ElektroKill) Enhancements Move Settings to ILSpyX (see #2869). Additionally, many platform-independent APIs have been moved to ICSharpCode.ILSpyX since Preview1. ILSpyX is published as a standalone NuGet package for others to reuse. Performance optimization of analyzers (see #2643) Various performance improvements in the type system and decompiler engine. (see #2766 and #2754) #2684: Iteratively unhide compiler-generated code, if it is referenced by user-code Support native ints in "Combine bit.and into shift" transform #2780: Show embedded resource size Use Unsafe.SizeOf when taking the size of a managed type Bug fixes Please see the release notes for Preview1 to RC1 for details or, for a full list of changes click here. Download

ILSpy 8 is based on .NET 6.0 compared to .NET Framework 4.7.2 for the previous generations of ILSpy. All artifacts except the self-contained distribution are built framework-dependent, which means .NET 6.0.2+ must be installed prior to starting ILSpy. Note - none of the following lists are exhaustive except of course the first one: New Language Features C# 10: record structs C# 11: Required members C# 11: ref fields C# 10: Support DefaultInterpolatedStringHandler Output attributes on lambda expressions Updated pattern detection for Roslyn 4.4.0 Contributions More themes - Light/Dark are the original ones, R# & VS Code added (see #2906 and #2931 by @ltrzesniewski) Improve selected text highlighting (see #2938 by @Konctantin) Namespace nesting in ILSpy tree view (based on code provided by @ds5678 in #2667) ilspycmd received support for the "nested directories" option on project export. (see #2636 by @GreyXor) ilspycmd support for generating a solution from multiple projects (based on code provided by @marwie in #2364) Fix the ordering of COM interface methods, properties, and events to appear in their originally defined order (see #2639 by @zhuman) Allow user to provide ID when generating a PDB (see #2678 by @andrewcrawley) Assume conventionally named unresolved method references are properties or events (see #2677 by @fowl2) Add EnableWindowsTargeting propery to csprojs targeting net6.0-windows (see #2752 by @clin1234) Reduce allocations in TransformArrayInitializers (see #2731 by @ElektroKill) Fix crash target framework detection with C++/CLI (see #2698 by @kant2002) Add option to always fully qualify type names with global:: (see #2762 by @hexafluoride) Fix #2736: ILSpy decides to fully qualify type name when it is not necessary (see #2789 by @ElektroKill) Add progress reporting to PortablePdbWriter (see #2802 by @andrewcrawley) Add IEntityProcessor to ReflectionDisassembler (see #2835 by @tom-englert) Fix dynamic type index calculation in ApplyAttributeTypeVisitor (see #2840 by @ElektroKill) Add support for another using pattern (see #2841 by @ElektroKill) Fix debug assertion regarding using directives (see #2843 by @ElektroKill) Add support for VB cached delegate initialization (see #2844 by @ElektroKill) Add support for VB auto events (see #2845 by @ElektroKill) Add support for lock statements within yield return state machines (see #2846 by @ElektroKill) Add support for VB async state-machines (see #2853 by @ElektroKill) Enable various passing ignored tests (see #2852 and #2854 by @ElektroKill) Improve support for post-increment/decrement on pointers (see #2856 by @ElektroKill) Add support for record structs in CSharpAmbience (see #2911 by @ElektroKill) Add support for Visual Basic Yield Return state machine decompilation (see #2874 by @ElektroKill) Fix ResXResourceWriter support for MemoryStream resource element (see #2895 by @ElektroKill) Use .interfaceimpl type syntax (see #2903 by @ltrzesniewski) Fix empty parameter names in delegate declarations (see #2912 by @ElektroKill) Support disassembling ReadyToRun binaries compiled using composite mode (see #2944 by @cshung) Make return duplication in ControlFlowSimplification less aggressive (see #2972 by @ElektroKill) Show a dark title bar when a dark theme in ILSpy is selected (see #2948 by @tom-englert) Consider constructor type when lifting decimal constants (see #2953 by @ElektroKill) Extend EliminateRedundantTryFinally in ReduceNestingTransform (see #2959 by @ElektroKill) Enhancements Move Settings to ILSpyX (see #2869). Additionally, many platform-independent APIs have been moved to ICSharpCode.ILSpyX since Preview1. ILSpyX is published as a standalone NuGet package for others to reuse. Performance optimization of analyzers (see #2643) Various performance improvements in the type system and decompiler engine. (see #2766 and #2754) #2684: Iteratively unhide compiler-generated code, if it is referenced by user-code Support native ints in "Combine bit.and into shift" transform #2780: Show embedded resource size Use Unsafe.SizeOf when taking the size of a managed type Bug fixes Please see the release notes for Preview1 to RC1 for details or, for a full list of changes click here. Download

[FEATURE] Copyright year up Download

[FEATURE] Copyright year up Download

ILSpy 8 is based on .NET 6.0 compared to .NET Framework 4.7.2 for the previous generations of ILSpy. All artifacts except the self-contained distribution are built framework-dependent, which means .NET 6.0.2 must be installed prior to starting ILSpy. Contributions PowerShell manifest (see #2976 by @jhoek) Make return duplication in ControlFlowSimplification less aggressive (see #2972 by @ElektroKill) Update Chinese translation (see #2970 by @Nyrest) Show a dark title bar when a dark theme in ILSpy is selected (see #2948 by @tom-englert) Consider constructor type when lifting decimal constants (see #2953 by @ElektroKill) Add more theme colors (see #2952 by @ltrzesniewski) Enhancements R2R package refreshes Bug fixes Fix #2956: Prevent loading all ResourceDictionaries eagerly Fix #2945: Do not treat arbitrary method references pointing to members of the current type definition as part of the method. Only do so for compiler-generated methods. Fix #2888: Tuple syntax cannot be used in is-expressions, use underlying type instead. Fix #2921: struct type definition contains duplicate default constructor. And many other fixes, for a full list click here. Download

GP-0 more doc revisions for release Download

submodules: Bump outdated Download

This is the third development build after the Windows Package Manager 1.4 build for Windows 10 (1809+) and Windows 11. This build will be released to Windows Insider Dev builds and Windows Package Manager Insiders. Experimental features are enabled in this release. The experimental feature for enabling Windows Features is now supported and included in this release. You can now specify the Windows feature name (i.e. netfx3) you want to enable in the WindowsFeature field in your installer manifest. Run winget features to see which experimental features are enabled or disabled. Add the following to your settings (winget settings) file to enable the experimental features including package pinning: "experimentalFeatures": { "pinning": true, "dependencies": true, "directMSI": true, "uninstallPreviousArgument": true, "windowsFeature": true, }, This release makes improvements to the overall user experience of WinGet with improvements to package correlation, COM APIs, logging/output, and Portable installation. This release also includes an early preview of our Microsoft.WinGet.Client PowerShell module. Information about getting started and usage can be found here. What's Changed Add std::endl after enabling/disabling Admin Setting by @Trenly in #2958 Update settings.schema.0.2.json to include pinning feature by @florelis in #2961 Update expect.txt by @RDMacLachlan in #2968 Config code by @JohnMcPMS in #2942 Add alternate url support for some predefined sources by @JohnMcPMS in #2970 Remove zip from 1.2 schema by @Trenly in #2996 Remove zip installer type from 1.0 and 1.1 manifests by @ryfu-msft in #3006 Fix order of pin labels by @Trenly in #3016 Configuration processors by @msftrubengu in #3008 docs: fix "default install root" location by @Lutra-Fs in #3034 Microsoft.Management.Configuration Windows target platform by @msftrubengu in #3032 Fix typo in MSStore get entitlement log by @yao-msft in #3031 AnyCPU for Microsoft.Management.Configuration.Projection and Microsoft.Management.Configuration.Processor by @msftrubengu in #3041 Expose Agreements and Locale Fields in COM by @ryfu-msft in #2897 Configuration commands by @JohnMcPMS in #3036 User/romaclac/spec enable store UI bypass by @RDMacLachlan in #3035 Clarify No installed package matching the input criteria was found in upgrade flow by @Trenly in #2877 Use copy instead of rename for moving extracted archive directories by @ryfu-msft in #3003 Add installed files and startup link metadata collection in Installer Metadata collection util by @yao-msft in #2985 Explicitly prevent fallthrough on OperationType by @Trenly in #3075 Schema draft for WinGet configure by @ryfu-msft in #2851 Fix PATH behavior of non-symlink installations for Portables/Zip by @ryfu-msft in #3002 Define properties object in configuration schema by @ryfu-msft in #3081 Make sure source agreements are initialized before checking by @yao-msft in #3080 Rework extra packaged files mechanism by @JohnMcPMS in #3064 Add new icon assets by @denelon in #3086 Add diagnostics to the processor component by @JohnMcPMS in #3087 Implement PowerShell cmdlets by @msftrubengu in #2838 Add logging around specific number of matches by @Trenly in #3094 Reformat Microsoft.WinGet.Client module output by @ryfu-msft in #3088 Make ConfigurationRemotingServer selfcontained by @msftrubengu in #3097 Processor improvements by @msftrubengu in #3101 Put required modules into the repo and consume them in dev scenarios by @JohnMcPMS in #3103 Throw exception if Import-Module fails by @msftrubengu in #3104 Add experimental feature support for enabling Windows Feature dependencies by @ryfu-msft in #3005 Fix internal build by @msftrubengu in #3106 Update the privacy statement link in README to link to correct page by @ShyAssassin in #3116 Remove one unnecessary lock per localization team suggestion by @yao-msft in #3115 Pass COM caller name to rest source in request header by @yao-msft in #3112 Enforce single install across winget processes by @JohnMcPMS in #3118 Support to Bypass Store Client App Policy When Called Through COM by @PaulJYim in #3105 Bug fixes by @msftrubengu in #3127 Use in-proc winget in PowerShell module when running as SYSTEM by @JohnMcPMS in #3129 Improve correlation by keeping arch info declared in manifest arp DisplayName entry by @yao-msft in #3100 Show Portable Installation Directories with --info by @Trenly in #3128 Use FolderId_ProgramFiles for non x86 default machine portable folder by @yao-msft in #3137 Add Windows10SDK 19041 Workload Component to VSConfig File by @ryfu-msft in #3143 Add support for bool, strings and arrays in Configuration settings by @msftrubengu in #3135 Add isPublic to IConfigurationUnitProcessorDetails by @msftrubengu in #3145 fix PRIVACY.md links by @ave9858 in #3147 Update README.md by @mdanish-kh in #3148 Add refreshed Store source certs by @yao-msft in #3149 Add configuration telemetry events by @JohnMcPMS in #3152 Improve configure user experience by @JohnMcPMS in #3158 Fix bugs with display paths by @JohnMcPMS in #3157 New Contributors @RDMacLachlan made their first contribution in #2968 @Lutra-Fs made their first contribution in #3034 @ShyAssassin made their first contribution in #3116 @PaulJYim made their first contribution in #3105 @ave9858 made their first contribution in #3147 @mdanish-kh made their first contribution in #3148 Full Changelog: v1.5.441-preview...v1.5.1081-preview Download

submodules: Bump outdated Download

BUGFIX: Functions import_rva and import_delayed_rva are now case-insensitive (#1904) BUGFIX: Fix heap-related issue in dotnet module on Windows (#1902) BUGFIX: Fix heap corruption with certain rules that have very long string sets (67cccf0) Download

See https://frida.re/news/ for details. Download

See https://frida.re/news/ for details. Download

submodules: Bump outdated Download

submodules: Bump outdated Download

Changelog: 2023.04 - Worst Dependent Highlights of Worst Dependent The update includes various changes to the installation script, bug fixes, updates to documentation, and improvements to the search-pattern command. Some changes involve updating the GH Action runners, ARM improvement (fixing CPSR and pointer size calculation) and Safe-Linking support (for GLibc >= 2.32 compat) Code stability has been improved with an increased coverage check through test. Last, more documentation was added making it more accessible and easily searchable. Contributors Author Number of commits hugsy 85 Dreg 6 clubby789 4 Grazfather 2 theguy147 2 Ananthu 1 Boris-Chengbiao Zhou 1 D4nnyLee 1 Jonathan Salwan 1 lain3d 1 liona24 1 Roderick 1 Tramadol 1 Wadim Mueller 1 Zhi-Qiang Zhou 1 Closed Issues 19 issues closed ( 943 • 937 • 935 • 930 • 929 • 928 • 927 • 925 • 923 • 922 • 921 • 920 • 919 • 916 • 915 • 913 • 911 • 910 • 909 ) Closed Pull Requests 11 PRs closed ( 945 • 942 • 941 • 938 • 936 • 932 • 931 • 918 • 917 • 914 • 912 ) Commit details 109 commits since 2022.06 Commit log 2022-06-27 b2458d6 • hugsy • Update gef-extras.sh installation script 2022-06-27 2b72f5d • hugsy • Quick fix on __load_time_ms since Py3.6 doesn't have perf_counter_ns 2022-06-27 885d71a • hugsy • [CI] Added Ubuntu-22.02 to GH Action runners 2022-06-28 290a984 • hugsy • Fix AARCH64 CPSR and pointer size calculation (#855) 2022-06-28 dbcd859 • hugsy • Update PULL_REQUEST_TEMPLATE.md 2022-06-28 091e298 • hugsy • [pattern-search] Make sure pattern is correctly built (#858) 2022-07-02 35c115a • Dreg • --regex support for search-pattern command (#860) 2022-07-02 366237c • Dreg • Slightly improve the code of search-pattern (#862) 2022-07-02 c2f87d9 • hugsy • [CI] Adds utils.find_symbol to cleanly find PIE symbols 2022-07-02 7c0a1ee • hugsy • Merge branch 'dev' of github.com:hugsy/gef into dev 2022-07-02 08c06b8 • Dreg • Add a maximum size for preview to print-format config settings (#863) 2022-07-02 e422530 • hugsy • Move syscall-args and is-syscall to gef-extras (#861) 2022-07-02 f54a622 • Dreg • missed return init SearchPatternCommand (#864) 2022-07-04 17fa7f9 • hugsy • Fixed TinyUrl links to point to main, not master (#868) 2022-07-04 1499023 • hugsy • Added callback to register_external_content_pane to conditionally display pane (#866) 2022-07-05 819917d • Dreg • Set main as the default branch for gef-extras / gef scripts for users (#870) 2022-07-05 c530aa5 • Dreg • Add a proper argument parsing to gef-extras.sh (#872) 2022-07-09 e545378 • hugsy • Use templated YAML files for Github Issues (#875) 2022-07-09 ad1bfaf • hugsy • Glibc* class now rely on ctypes.Structure (#869) 2022-07-09 01da142 • lain3d • Fix ptrsize for ARM to not return 2 ever (#876) 2022-07-09 4d4e801 • Wadim Mueller • Riscv/ble (#874) 2022-07-10 2e0115d • hugsy • Doc update 2022-08-09 2830670 • crazy hugsy • Moved GEF_DEFAULT_BRANCH to the top of the script so the value is know when update_gef is taken 2022-09-05 41d2700 • crazy hugsy • Update bug_report.yaml 2022-09-05 942f6b9 • crazy hugsy • Update bug_report.yaml 2022-09-05 ed070ce • crazy hugsy • Update bug_report.yaml 2022-09-05 bc419e4 • crazy hugsy • Update bug_report.yaml 2022-09-05 4afae16 • crazy hugsy • Update bug_report.yaml 2022-09-12 237760d • Grazfather • Remove deprecated use of checksec() (#888) 2022-09-20 2a4afa7 • D4nnyLee • Fix typo in docs/functions/base.md (#893) 2022-09-20 8406460 • crazy hugsy • Update gef-remote.md 2022-09-29 2b52a43 • Roderick • get pty by tmux command and close pane when gdb exit (#881) 2022-10-02 1f49f8a • crazy hugsy • explicitly forcing args : argparse.Namespace as a result of parse_arguments (#856) 2022-10-10 3f3151c • crazy hugsy • Update utils.py 2022-10-10 6f7b11a • crazy hugsy • Update run-tests.yml 2022-10-11 f2050af • liona24 • Explicitly close the remote session (#896) 2022-10-12 33fe436 • crazy hugsy • print warning messages when using target remote with gef (#899) 2022-10-12 1fd0f34 • crazy hugsy • Remove the Makefile in the root folder (#898) 2022-10-12 b54508a • crazy hugsy • [docs] fixed bad python version for coverage docs 2022-10-12 c3dbbe7 • crazy hugsy • [docs] added install directive for coverage 2022-10-12 dd7f881 • crazy hugsy • [docs] coverage actions: missing packages 2022-10-12 a759262 • crazy hugsy • [docs] adding link to coverage in docs navbar 2022-10-12 3af8221 • crazy hugsy • [ci] Adding a new test to validate new code is tested 2022-10-12 5faeed2 • crazy hugsy • [ci] Adding a new test to validate new code is tested 2022-10-12 ed9c01e • crazy hugsy • [ci] better bash 2022-10-12 26083dd • crazy hugsy • [ci] removing deprecated runner ubuntu-18.04 2022-10-13 e9f3351 • Zhi-Qiang Zhou • Fix Safe-Linking (GLIBC >= 2.32) and malloc_state struct (#878) 2022-10-13 0b17993 • hugsy • [ci] increased coverage result precision 2022-10-21 a36ffbe • clubby789 • Fix filesystem paths for debugging process in containers (#897) 2022-10-21 e48e2f3 • hugsy • [ci] upgrade some actions, removed set-output directives 2022-10-22 be82d55 • crazy hugsy • [ci] dummy typo 2022-10-22 850a45d • crazy hugsy • [CI] Fixed incorrect coverage check 2022-10-25 9edd73e • crazy hugsy • Update index.md 2022-11-07 50e54e0 • crazy hugsy • [ci] restored pytest-forked in requirements for tests, removed old style envvar 2022-11-07 a1b4f00 • crazy hugsy • [ci] added a margin for the coverage reduction test 2022-11-07 65eece7 • Grazfather • reset_architecture: Return after setting arch to a specified arch (#914) 2022-11-07 b52b758 • Ananthu • Added support for GDBHISTFILE env variable (#912) 2022-11-07 c05d62a • Boris-Chengbiao Zhou • Fix test command in documentation (#908) 2022-11-07 ea8273b • Jonathan Salwan • Fix shell-storm new API (#902) 2022-11-07 ec83f44 • crazy hugsy • fixed error from #902 2022-11-07 1bf74a8 • crazy hugsy • [CI] Refusing anything below 70% of coverage 2022-11-11 8713e3f • hugsy • Merge branch 'dev' of github.com:hugsy/gef into dev 2022-11-11 af63b4d • hugsy • rewrite: generate settings documentation 2022-11-12 75c76fe • clubby789 • Add option to disable buffering (#917) 2022-11-17 63ac481 • clubby789 • Determine the actual canary location (#918) 2022-11-17 05b17d0 • crazy hugsy • [ci] add delay to gdbserver_session 2022-11-17 4e89034 • hugsy • [ci] increased delay to appease GHActions gods 2022-11-22 d1833d3 • clubby789 • Fix searching when connected to qemu-system instance (#906) 2023-01-02 174830a • crazy hugsy • Fixed doc wording 2023-03-12 9590305 • crazy hugsy • Don't error out if disassembling previous instructions fails (#931) 2023-03-19 8e3eba8 • theguy147 • fix: make sure that heap_addr is aligned (#936) 2023-03-21 0cf291d • theguy147 • fix: add capability to glibc heap commands for bruteforcing the main_arena (#932) 2023-04-04 0f477e7 • Tramadol • Add backwards memory examination for the dereference command (#942) 2023-04-15 9848239 • crazy hugsy • Minor typo in docs/generate-settings-docs.sh 2023-04-16 b1a1b2a • crazy hugsy • [CI] Make coverage generate pull request comment instead of blocking validation (#938) 2023-04-16 18e2c9c • hugsy • [docs] better formatting for settings page 2023-04-16 5040cbe • hugsy • [scripts] add an explicit error message on failures in new-release File diff .github/ISSUE_TEMPLATE/bug_report.md | 64 - .github/ISSUE_TEMPLATE/bug_report.yaml | 90 + .github/ISSUE_TEMPLATE/feature_request.md | 21 - .github/ISSUE_TEMPLATE/feature_request.yaml | 50 + .github/PULL_REQUEST_TEMPLATE.md | 26 +- .github/workflows/coverage.yml | 50 + .github/workflows/generate-docs.yml | 10 +- .github/workflows/run-tests.yml | 37 +- Makefile | 42 - README.md | 4 +- docs/api/gef.md | 22909 -------------------------- docs/commands/aliases.md | 2 +- docs/commands/aslr.md | 2 +- docs/commands/canary.md | 2 +- docs/commands/checksec.md | 2 +- docs/commands/config.md | 2 +- docs/commands/context.md | 2 +- docs/commands/dereference.md | 15 +- docs/commands/edit-flags.md | 2 +- docs/commands/elf-info.md | 2 +- docs/commands/entry-break.md | 2 +- docs/commands/eval.md | 2 +- docs/commands/format-string-helper.md | 2 +- docs/commands/functions.md | 2 +- docs/commands/gef-remote.md | 2 +- docs/commands/gef.md | 2 +- docs/commands/got.md | 6 +- docs/commands/heap-analysis-helper.md | 2 +- docs/commands/heap.md | 24 +- docs/commands/help.md | 2 +- docs/commands/hexdump.md | 2 +- docs/commands/highlight.md | 2 +- docs/commands/hijack-fd.md | 2 +- docs/commands/is-syscall.md | 18 - docs/commands/ksymaddr.md | 2 +- docs/commands/memory.md | 2 +- docs/commands/name-break.md | 2 +- docs/commands/nop.md | 2 +- docs/commands/patch.md | 2 +- docs/commands/pattern.md | 6 +- docs/commands/pcustom.md | 2 +- docs/commands/pie.md | 2 +- docs/commands/print-format.md | 2 +- docs/commands/process-search.md | 2 +- docs/commands/process-status.md | 2 +- docs/commands/registers.md | 2 +- docs/commands/reset-cache.md | 2 +- docs/commands/scan.md | 2 +- docs/commands/search-pattern.md | 11 +- docs/commands/shellcode.md | 2 +- docs/commands/stub.md | 2 +- docs/commands/syscall-args.md | 49 - docs/commands/theme.md | 2 +- docs/commands/tmux-setup.md | 2 +- docs/commands/trace-run.md | 2 +- docs/commands/version.md | 2 +- docs/commands/vmmap.md | 2 +- docs/commands/xfiles.md | 2 +- docs/commands/xinfo.md | 2 +- docs/commands/xor-memory.md | 2 +- docs/deprecated.md | 2 + docs/faq.md | 8 + docs/functions/base.md | 2 +- docs/index.md | 6 +- docs/install.md | 6 +- docs/testing.md | 29 +- gef.py | 1573 +- mkdocs.yml | 3 +- scripts/gef-extras.sh | 35 +- scripts/generate-coverage-docs.sh | 24 + scripts/generate-settings-docs.sh | 40 + scripts/new-release.py | 21 +- tests/api/gef_disasemble.py | 30 + tests/api/gef_session.py | 40 +- tests/api/misc.py | 12 + tests/binaries/mmap-known-address.c | 50 + tests/binaries/set-permission.c | 34 - tests/binaries/syscall-args.c | 50 - tests/commands/canary.py | 15 +- tests/commands/dereference.py | 46 + tests/commands/gef.py | 5 +- tests/commands/heap.py | 29 +- tests/commands/nop.py | 13 +- tests/commands/pattern.py | 37 +- tests/commands/pie.py | 16 +- tests/commands/search_pattern.py | 15 +- tests/commands/syscall_args.py | 89 - pytest.ini => tests/pytest.ini | 5 +- tests/regressions/gdbserver_connection.py | 15 + tests/requirements.txt | 2 + tests/utils.py | 44 +- 91 files changed, 1663 insertions(+), 24149 deletions(-) Download

submodules: Bump outdated Download

v1.17.11043.0 - WPF NuGet Only Download

submodules: Bump outdated Download

capa version 5.1.0 adds a Protocol Buffers (protobuf) format for result documents. Additionally, the Vector35 team contributed a new feature extractor using Binary Ninja. Other new features are a new CLI flag to override the detected operating system, functionality to read and render existing result documents, and a output color format that's easier to read. Over 25 capa rules have been added and improved. Thanks for all the support, especially to @xusheng6, @captainGeech42, @ggold7046, @manasghandat, @ooprathamm, @linpeiyu164, @yelhamer, @HongThatCong, @naikordian, @stevemk14ebr, @emtuls, @raymondlleong, @bkojusner, @joren485, and everyone else who submitted bugs and provided feedback! New Features add protobuf format for result documents #1219 @williballenthin @mr-tz extractor: add Binary Ninja feature extractor @xusheng6 new cli flag --os to override auto-detected operating system for a sample @captainGeech42 change colour/highlight to "cyan" instead of "blue" for better readability #1384 @ggold7046 add new format to parse output json back to capa #1396 @ooprathamm parse ELF symbols' names to guess OS #1403 @yelhamer New Rules (26) persistence/scheduled-tasks/schedule-task-via-at joren485 data-manipulation/prng/generate-random-numbers-via-rtlgenrandom william.ballenthin@mandiant.com communication/ip/convert-ip-address-from-string @mr-tz data-manipulation/compression/compress-data-via-zlib-inflate-or-deflate blas.kojusner@mandiant.com executable/installer/dotnet/packaged-as-single-file-dotnet-application michael.hunhoff@mandiant.com communication/socket/create-raw-socket blas.kojusner@mandiant.com communication/http/reference-http-user-agent-string @mr-tz communication/http/get-http-content-length william.ballenthin@mandiant.com nursery/move-directory michael.hunhoff@mandiant.com nursery/get-http-request-uri william.ballenthin@mandiant.com nursery/create-zip-archive-in-dotnet michael.hunhoff@mandiant.com nursery/extract-zip-archive-in-dotnet anushka.virgaonkar@mandiant.com michael.hunhoff@mandiant.com data-manipulation/encryption/tea/decrypt-data-using-tea william.ballenthin@mandiant.com raymond.leong@mandiant.com data-manipulation/encryption/tea/encrypt-data-using-tea william.ballenthin@mandiant.com raymond.leong@mandiant.com data-manipulation/encryption/xtea/encrypt-data-using-xtea raymond.leong@mandiant.com data-manipulation/encryption/xxtea/encrypt-data-using-xxtea raymond.leong@mandiant.com nursery/hash-data-using-ripemd128 raymond.leong@mandiant.com nursery/hash-data-using-ripemd256 raymond.leong@mandiant.com nursery/hash-data-using-ripemd320 raymond.leong@mandiant.com nursery/set-web-proxy-in-dotnet michael.hunhoff@mandiant.com nursery/check-for-windows-sandbox-via-subdirectory echernofsky@google.com nursery/enumerate-pe-sections-in-dotnet @mr-tz nursery/destroy-software-breakpoint-capability echernofsky@google.com nursery/send-data-to-internet michael.hunhoff@mandiant.com nursery/compiled-with-cx_freeze @mr-tz nursery/contain-a-thread-local-storage-tls-section-in-dotnet michael.hunhoff@mandiant.com Bug Fixes extractor: removed '.dynsym' as the library name for ELF imports #1318 @stevemk14ebr extractor: fix vivisect loop detection corner case #1310 @mr-tz match: extend OS characteristic to match OS_ANY to all supported OSes #1324 @mike-hunhoff extractor: fix IDA and vivisect string and bytes features overlap and tests #1327 #1336 @xusheng6 capa explorer IDA Pro plugin fix exception when plugin loaded in IDA hosted under idat #1341 @mike-hunhoff improve embedded PE detection performance and reduce FP potential #1344 @mike-hunhoff Raw diffs capa v5.0.0...v5.1.0 capa-rules v5.0.0...v5.1.0 Download

ILSpy 8 is based on .NET 6.0 compared to .NET Framework 4.7.2 for the previous generations of ILSpy. All artifacts except the self-contained distribution are built framework-dependent, which means .NET 6.0.2 must be installed prior to starting ILSpy. Contributions More themes - Light/Dark are the original ones, R# & VS Code added (see #2906 and #2931 by @ltrzesniewski) Improve selected text highlighting (see #2938 by @Konctantin) Add support for record structs in CSharpAmbience (see #2911 by @ElektroKill) Add support for Visual Basic Yield Return state machine decompilation (see #2874 by @ElektroKill) Fix ResXResourceWriter support for MemoryStream resource element (see #2895 by @ElektroKill) Use .interfaceimpl type syntax (see #2903 by @ltrzesniewski) Fix empty parameter names in delegate declarations (see #2912 by @ElektroKill) Support disassembling ReadyToRun binaries compiled using composite mode (see #2944 by @cshung) Enhancements Move Settings to ILSpyX (see #2869) Move all code related to single instance logic to separate class (see #2871) Bug fixes Fix #2933: TwoLetterISOLanguageName is insufficient for loading localized documentation. Fix #2915: inassembly search filter is case sensitive and automatically suggests the wrong term Fix #2922: System.ArgumentOutOfRangeException when decompiling a function And many other fixes, for a full list click here. Download

What's Changed GitHub Actions by @mrexodia @Mattiwatti in #133 add Process Monitor to blacklisted processed by @rise-worlds in #142 Add compatibility for VMProtect 3.6+ by @heck-gd in #148 New Contributors @rise-worlds made their first contribution in #142 @heck-gd made their first contribution in #148 Full Changelog: snapshot-2021-08-23_13-27-50...v1.4 Download

please refer to the Changelog WARNING: The release will be live within an hour! UPDATE!! The official release has been postponed due to DockerHub issue with Github SSH Keys. See: https://hub.docker.com/repository/registry-1.docker.io/intelowlproject/intelowl/builds/3273413b-2d06-4156-8123-0099cf28d6c2 https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ Download

Fix tests while building with Bazel. Download

See https://frida.re/news/ for details. Download

[0.4.0] - 06/03/2023 Added Upload sandbox memdumps and screenshots thumbnails to obj storage #398. Upload sandbox desktop screenshots to obj storage #397. Sandbox agent health check + basic sysinfo and env data collection #395. Push sandbox payload results to the aggregator #391. MultiAV McAfee enable scan for potentially unwanted program #387. Numerous updates to support different types of messages for the aggregator #383. Add methods for the storage internal pkg to support bucket creation. Generate thumbnails for the sandbox screenshots and add health checks for VMs. Remove cluster-autoscaler form helm chart. Add documentation with the communication format used between services. Agent: collect screenshots and memdumps #380. Guess file extension and include PE signature #379. Curate PE scan results #378. Add inlets-operator and metallb charts #376. inlets-operator has been deleted later, and metallb is installed separately from the chart dependencies. Add kube-prometheus-stack CRDs and experiment with k3s for local dev. Add workflow_dispatch for helm-release and release services job. Changed [helm] Remove elastic stack that was used for logging #404. [helm] Do not include kube-prometheus-stack in main chart & remove elastic stack for logging #403. Hosting documentation/blog website in cloudflare #402. Set k8s version to the same as prod k8s version and update default user/password values in minio helm chart #392. Change protobuf message scheme to support uploading object to s3 #383. Bind k8s port forwarding services to 0.0.0.0. Bump wait-for and golang docker images. Bump yara, helm, kuberneters, exiftool, kind, kubens/kubectx and kube-capacity. Bump aws-efs-csi-driver, ingress-nginx, couchbase-operator and minio helm chart dependencies. Fixed Use wine + loadlibrary to make windows defender works again thanks to prsyahmi #386. MultiAV McAfee doesn't report other kind of malware besides trojan thanks to prsyahmi #387. Do not set the file extension/format when it is now known #381. MultiAV upgrade Avast to a newer major release. Download