mandiant / capa

The FLARE team's open-source tool to identify capabilities in executable files.
https://mandiant.github.io/capa/
Apache License 2.0
4.91k stars 565 forks source link

binexport: fixture 687e79.be2 tight loop not matched #2113

Closed mike-hunhoff closed 6 months ago

mike-hunhoff commented 6 months ago

see original comment: https://github.com/mandiant/capa/pull/1950/files/b578c4d052e8899e82e06dd948c8e7395f391cec#r1622150361

mike-hunhoff commented 6 months ago

@mr-tz I ran a test script and wasn't able to find any tight loops in the referenced sample. I was able to confirm that tight loops appear to work in other x86 / ARM samples. Therefore, this doesn't appear to be a bug but if you have a specific example of where this failed in the referenced sample we can reopen.

mr-tz commented 6 months ago

ha, yeah, good find, I've updated the tests in https://github.com/mandiant/capa/pull/1950/commits/fe2e80fb90c8807af6acf16e65f14c2ec995d871