Commit Graph

2161 Commits

Author SHA1 Message Date
Peter Matula
04df6def88
fileformat/elf: Prevent creation of duplicate imports while parsing (#1210)
Some checks failed
RetDec CI / ${{ matrix.sys.os }} (${{ matrix.type }}) (map[os:macos-11 shell:bash], Debug) (push) Has been cancelled
RetDec CI / ${{ matrix.sys.os }} (${{ matrix.type }}) (map[os:macos-11 shell:bash], Release) (push) Has been cancelled
RetDec CI / ${{ matrix.sys.os }} (${{ matrix.type }}) (map[os:ubuntu-latest shell:bash], Debug) (push) Has been cancelled
RetDec CI / ${{ matrix.sys.os }} (${{ matrix.type }}) (map[os:ubuntu-latest shell:bash], Release) (push) Has been cancelled
RetDec CI / ${{ matrix.sys.os }} (${{ matrix.type }}) (map[os:windows-2019 shell:msys2 {0}], Debug) (push) Has been cancelled
RetDec CI / ${{ matrix.sys.os }} (${{ matrix.type }}) (map[os:windows-2019 shell:msys2 {0}], Release) (push) Has been cancelled
RetDec CI / doxygen-build (Linux) (push) Has been cancelled
* fileformat/elf: Prevent creation of duplicate imports while parsing
symbols

* fileformat/elf: use ptrs in import cache instead of refs
2024-09-25 11:29:53 +02:00
Marek Milkovič
b283e7e3fa
Merge pull request #1200 from avast/macho-llvm-fixes-update
Updated LLVM archive to fix Mach-O segfaults
2024-04-25 17:38:58 +02:00
Marek Milkovič
44de91d9da Updated LLVM archive to fix Mach-O segfaults 2024-04-25 15:16:25 +02:00
Ladislav Zezula
394d3aed31 Improved detections, added empty and corrupt 2024-04-23 10:15:52 +02:00
Ladislav Zezula
020c58763e Improved detection of newer PyInstallers 2024-04-23 10:15:52 +02:00
Ladislav Zezula
3fe61e8564
Merge pull request #1194 from avast/LZ_PeInOverlayDetection
Added detection of PE in overlay
2024-03-05 15:16:00 +01:00
Marek Milkovič
e119d3bb04 Changed security notice 2024-03-01 17:10:58 +01:00
Ladislav Zezula
071f184677 Added detection of PE in overlay 2024-02-28 12:59:30 +01:00
Marek Milkovič
373c6542ec
Merge pull request #1193 from avast/2024-02-14/update-authenticode-parser
Updated authenticode-parser to version from 2024-02-14
2024-02-14 03:43:44 +01:00
Marek Milkovič
f4c930408d
Fixed github action workflow (#1192)
* Debug github action workflow

* Putting expansion outside of quotes

zsh seems to be fine with it but bash behaves differently

* Copy the files even 1 folder up
2024-02-14 02:23:46 +01:00
Marek Milkovič
2921f93f45 Updated authenticode-parser to version from 2024-02-14 2024-02-14 00:48:08 +01:00
TAKANO Mitsuhiro
f9ec407fbe
Update doxygen.cfg.in (#1175) 2024-02-14 00:36:05 +01:00
Marek Milkovič
e08b0a573f Fixed path in Windows CI build script 2024-02-13 19:15:08 +01:00
Marek Milkovič
c7d8d5c0df
Merge pull request #1182 from takano32/ignore-doxygen-warnings
[GitHub Actions] ignore doxygen wranings
2024-02-13 19:05:28 +01:00
Marek Milkovič
86150131a3 Fix of github workflows on windows
There is a mismatch of OpenSSL versions being used for headers vs.
linked against
2024-02-13 19:03:52 +01:00
Marek Milkovič
21b1dda286
Merge pull request #1191 from avast/LZ_EntryTypeRecordNULL
Fixed crash when entryTypeRecord is NULL
2024-02-13 15:18:52 +01:00
Ladislav Zezula
887f20e81b Fixed crash when entryTypeRecord is NULL 2024-02-13 12:46:55 +01:00
Marek Milkovič
094a37393f Updated authenticode-parser to the latest version 2024-01-31 20:44:23 +01:00
Ladislav Zezula
153690d2d1 * QuickBatchFileCompiler: More structured version detection 2024-01-31 12:28:07 +01:00
Ladislav Zezula
a731237929 Spaces -> Tabs 2024-01-18 11:13:40 +01:00
Ladislav Zezula
36aeb648dc Added detection of Rust binaries 2024-01-17 10:35:06 +01:00
TAKANO Mitsuhiro
e1b5784901
ignore doxygen wranings
Document generated successfly if `make doc` exit code equals `0`

So, ignoring warnigs is reasonable in GitHub Actions
2023-10-22 11:51:32 +09:00
Marek Milkovič
ce18766a2a
Merge pull request #1178 from avast/llvm-consume-errors
LLVM Error objects actually need to be consumed before their destruction
2023-09-20 15:26:17 +02:00
Marek Milkovič
daed2000ec LLVM Error objects actually need to be consumed before their destruction 2023-09-19 14:59:35 +02:00
Ladislav Zezula
b9791c884a Added detection of AppPacker 2023-08-14 16:09:09 +02:00
TAKANO Mitsuhiro
616d0cef1e Fix warnings in make doc
Remove empty return types from doxygen comments to fix warnings.
2023-08-14 16:08:31 +02:00
Ladislav Zezula
a7574e14b8 Added detection of 'Clickteam Fusion tool' 2023-08-14 16:06:20 +02:00
HoundThe
885364e1de
Merge pull request #1168 from avast/dotnet-detection
Use isDotnet check before parsing binary as .NET
2023-08-02 00:27:54 +02:00
Karel Hájek
fbc60bf2a8 Remove unnecessary this-> 2023-08-01 18:36:40 +02:00
Marek Milkovič
4e7b52890d
Merge pull request #1169 from avast/fix-dotnet-class-namespace-loop
Ignore self-references when reconstructing full names of nested classes
2023-08-01 18:15:20 +02:00
Karel Hájek
2bddda90ef Ignore self-references when reconstructing full names of nested classes 2023-07-25 22:23:42 +02:00
Karel Hájek
644a84a0c9 Use isDotnet check before parsing binary as .NET 2023-07-25 16:53:02 +02:00
HoundThe
f7e82bb6b2
Merge pull request #1166 from avast/dotnet-looping
Fix .NET parser trying to read strings from String stream when out-of-bounds of the file
2023-07-18 18:37:14 +02:00
Karel Hájek
d3a2f15465 Merge branch 'dotnet-looping' of github.com:avast/retdec into dotnet-looping 2023-07-18 11:09:04 +02:00
Karel Hájek
157a518c83 Fix .NET parser trying to read out-of-bounds of the file 2023-07-18 11:08:20 +02:00
HoundThe
ac20bb0ab3
Merge pull request #1167 from avast/fix-macos-workflow
MacOS workflow fix - Use new version of python and ubuntu that is not deprecated
2023-07-18 11:05:26 +02:00
Karel Hájek
833d2a5574 Use latest ubuntu instead of deprecated 18.04 2023-07-17 01:30:04 +02:00
Karel Hájek
fc6583fec2 Use new version of python that is not deprecated 2023-07-15 14:59:18 +02:00
Karel Hájek
84482a38d9 Fix .NET parser trying to read out-of-bounds of the file 2023-07-14 17:42:11 +02:00
Marek Milkovič
6238ecada5
Merge pull request #1159 from avast/LZ_BinaryTools_AdvInstaller
Added detection of Advanced Installler
2023-05-25 01:23:02 +02:00
Marek Milkovič
dcef1b1579
Merge pull request #1157 from avast/LZ_BinaryTools_PyInstaller
Added detection of newer versions of PyInstaller
2023-05-25 01:22:10 +02:00
Ladislav Zezula
27a2ab119c Added detection of Advanced Installler 2023-05-18 09:19:32 +02:00
Ladislav Zezula
489afb3851 Added detection of newer versions of PyInstaller 2023-05-09 15:11:12 +02:00
Peter Matula
407f290c23 CHANGELOG.md: add entry on Intel MPX fix 2023-05-04 10:19:49 +02:00
Peter Matula
02d4cfe2c8 capstone2llvmir/x86: generate BND registers 2023-05-04 10:15:53 +02:00
Peter Matula
2fe1f1b9aa CHANGELOG.md: fix typo 2023-05-04 10:15:25 +02:00
Peter Matula
84d8d4b38c capstone2llvmir/x86: X86_INS_BNDCN translate to NOP 2023-05-04 10:04:57 +02:00
Nitr0-G
6df52a52cb
Intel MPX support (#1154)
* Intel MPX support

Skipping all MPX instructions has been added in order to eliminate bugs caused on these Issues
https://github.com/avast/retdec/issues/1148
https://github.com/avast/retdec/issues/1135

Intel MPX is a dead technology that has not been supported by the Linux kernel since 2020(proof: https://www.phoronix.com/news/Intel-MPX-Is-Dead). It was only in the Skylake and Intel Goldmont(atom) architecture, consider all current processors do not support this technology. Zydis & capstone mistakenly disassembles instructions added to Intel MPX(Intel MPX adds 7 new instructions, as well as BND0-3 registers in x64 and x32 mode for more information, see here(https://intel-mpx.github.io/design /)), a tool like Hiew also does not disassemble instructions of Intel MPX (https://fpic.in/VQ9yfJ1)

* Intel MPX support

Skipping all MPX instructions has been added in order to eliminate bugs caused on these Issues (https://github.com/avast/retdec/issues/1148
https://github.com/avast/retdec/issues/1135)

Intel MPX is a dead technology that has not been supported by the Linux kernel since 2020(proof: https://www.phoronix.com/news/Intel-MPX-Is-Dead). It was only in the Skylake and Intel Goldmont(atom) architecture, consider all current processors do not support this technology. Zydis & capstone mistakenly disassembles instructions added to Intel MPX(Intel MPX adds 7 new instructions, as well as BND0-3 registers in x64 and x32 mode for more information, see here(https://intel-mpx.github.io/design/ )), a tool like Hiew also does not disassemble instructions of Intel MPX (https://fpic.in/VQ9yfJ1)

* Add files via upload

* Intel MPX support

Skipping all MPX instructions has been added in order to eliminate bugs caused on these Issues (https://github.com/avast/retdec/issues/1148 https://github.com/avast/retdec/issues/1135)

Proof that these bugs have been fixed, you can find in the same Issue(https://github.com/avast/retdec/issues/1148 https://github.com/avast/retdec/issues/1135)

Intel MPX is a dead technology that has not been supported by the Linux kernel since 2020(proof: https://www.phoronix.com/news/Intel-MPX-Is-Dead). It was only in the Skylake and Intel Goldmont(atom) architecture, consider all current processors do not support this technology. Zydis & capstone mistakenly disassembles instructions added to Intel MPX(Intel MPX adds 7 new instructions, as well as BND0-3 registers in x64 and x32 mode for more information, see here(https://intel-mpx.github.io/design/ )), a tool like Hiew also does not disassemble instructions of Intel MPX (https://fpic.in/VQ9yfJ1)

Added 6 new instructions(MPX) that translates to NOP

* Intel MPX support

Skipping all MPX instructions has been added in order to eliminate bugs caused on these Issues (#1148 #1135)

Proof that these bugs have been fixed, you can find in the same Issue(#1148 #1135)

Intel MPX is a dead technology that has not been supported by the Linux kernel since 2020(proof: https://www.phoronix.com/news/Intel-MPX-Is-Dead). It was only in the Skylake and Intel Goldmont(atom) architecture, consider all current processors do not support this technology. Zydis & capstone mistakenly disassembles instructions added to Intel MPX(Intel MPX adds 7 new instructions, as well as BND0-3 registers in x64 and x32 mode for more information, see here(https://intel-mpx.github.io/design/ )), a tool like Hiew also does not disassemble instructions of Intel MPX (https://fpic.in/VQ9yfJ1)

Added 6 new instructions(MPX) that translates to NOP
2023-05-04 09:58:48 +02:00
Peter Matula
a309598b2a changelog: add entry for #1149 [skip ci] 2023-05-04 09:55:12 +02:00
Peter Matula
79d65efd82 fix gcc-13 compilation 2023-05-04 09:55:12 +02:00