Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable SigKit and enable WARP by default #6231

Open
4 tasks
emesare opened this issue Dec 4, 2024 · 0 comments
Open
4 tasks

Disable SigKit and enable WARP by default #6231

emesare opened this issue Dec 4, 2024 · 0 comments
Assignees
@emesare
Labels
Component: WARP Effort: Medium Issue should take < 1 month Impact: High Issue adds or blocks important functionality
Milestone
Gallifrey

Comments

@emesare
Copy link
Member

emesare commented Dec 4, 2024

Right now on 4.2 dev we have SigKit as the function matching toolkit and and experimental WARP function matching toolkit. The intention is to disable SigKit and run just the WARP integration. Before this can be done we need to iron out the matching issues.

  • Function adjacency on identical function GUID's creates a cascading set of false positives.
  • Types with only GUID's are stored in the binary view.
  • Certain functions in msvcrt are not being matched due to mismatching basic blocks at the time of GUID creation.
  • Users should be able to blacklist WARP signatures
@emesare emesare added Impact: High Issue adds or blocks important functionality Effort: Medium Issue should take < 1 month Component: WARP labels Dec 4, 2024
@emesare emesare added this to the Gallifrey milestone Dec 4, 2024
@emesare emesare self-assigned this Dec 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emesare emesare

Labels
Component: WARP Effort: Medium Issue should take < 1 month Impact: High Issue adds or blocks important functionality
Projects
None yet
Milestone
Gallifrey
Development

No branches or pull requests
1 participant
@emesare