Proxied "eval" code should be implemented.

bobbystacksmash / Construct

A cross-platform Windows Script Host emulator for dynamically analysing malicious JScript programs.

GNU General Public License v3.0

8 stars 2 forks source link

Closed bobbystacksmash closed 6 years ago

bobbystacksmash commented 6 years ago

When code is passed through to eval() the eval/capture module intercepts the call, emits and then returns the string value.

There should be an option here where we instrument the eval() code in the same way we do for code we're already analysing in the sandbox.

bobbystacksmash commented 6 years ago

This has been implemented. Please see lib/metaprogramming/plugins/capture_eval.js for implementation.