UI: show file offsets and virtual address in verbose output for language-specific strings (Go and Rust)

mandiant / flare-floss

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

Apache License 2.0

3.12k stars 448 forks source link

UI: show file offsets and virtual address in verbose output for language-specific strings (Go and Rust) #937

Open mr-tz opened 6 months ago

mr-tz commented 6 months ago

Display raw and virtual offsets in verbose mode.

This could help to match things up more quickly between FLOSS output, the file, and disassembler view.

Om-Thorat commented 4 months ago

Hey, I would like to work on this. Though can you specify more? as to what output is needed? Should there be more columns in addition to the current offset and called at or should i just log them as info?

mr-tz commented 4 months ago

Hi! I imagined extra columns for this, correct.

Om-Thorat commented 4 months ago

Screenshot from 2024-02-27 18-59-44

Will something like this be ideal?

mr-tz commented 4 months ago

Yes, however, this doesn't apply so much to decoded strings vs. the language strings (Go and Rust). If we had something for the language strings that would be amazing!

mr-tz commented 1 month ago

related: #925

mr-tz commented 4 weeks ago

Would also be interesting to show (and order by) referenced from va or referenced from fva with the intuition that this would group relevant strings together vs. showing them grouped by length.