Closed vxcall closed 1 year ago
Hey, this is a rule dependency issue because the PEB BeingDebugged rule depends on PEB access which is located outside of this directory. To filter rules, please try the -t
option in the CLI tool, i.e. -t anti-debugging
. In the IDA plugin you can filter after running all rules in the search bar on top. Please let me know how this works for you.
Thank you it worked...! :relieved: I misunderstood that i had to specify particular directory containing .yml themselves. I cant wait to play with this amazing tool !!
Awesome, good luck and please let us know what works or how we can improve the tool!
Hi, I need help with the error i encountered. :pensive:
versions
windows 10 IDA 7.7 python 3.9.10 flare-capa 4.0.1 capa-rules 4.0.1
issue
I installed the plugin for IDA, and specified capa rules directory that is
capa-rules-4.0.1\anti-analysis\anti-debugging\debugger-detection
The following error appeared in the output pane.of course the rules are for capa 4.0.1, i downloaded from tags. The target is nothing complicated one. its from flare-on 9 :).
the issue maybe relate?
This is not happening with only IDA plugin, but with normal capa executable When I executed following command,
following error showed up