Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lint: skip check of ntdll.NtProtectVirtualMemory #1675

Closed
williballenthin opened this issue Aug 2, 2023 · 1 comment · Fixed by #1676
Closed

lint: skip check of ntdll.NtProtectVirtualMemory #1675

williballenthin opened this issue Aug 2, 2023 · 1 comment · Fixed by #1676
Assignees
@williballenthin
Labels
bug Something isn't working

Comments

@williballenthin
Copy link
Collaborator 

@williballenthin ➜ /workspaces/capa (master) $ python scripts/lint.py -t "Tracing" rules/ 
INFO:lint:successfully loaded 823 rules
INFO:lint:collecting potentially referenced samples
                                                                                     
 patch Event Tracing for Windows function                                            
  WARN: feature api may overlap with ntdll and ntoskrnl: check if NtProtectVirtualMemory is exported by both ntdll and ntoskrnl; if true, consider removing ntdll module requirement to improve detection
                                                                                     
rules with WARN:                                                                     
  - patch Event Tracing for Windows function

INFO:lint:no lints failed, nice!
@williballenthin williballenthin added the enhancement New feature or request label Aug 2, 2023
@williballenthin williballenthin self-assigned this Aug 2, 2023
williballenthin added a commit that referenced this issue Aug 2, 2023
@williballenthin
linter: skip native API check for NtProtectVirtualMemory
04fbcbb 
closes #1675
@williballenthin williballenthin mentioned this issue Aug 2, 2023
Merged
3 tasks
@williballenthin williballenthin added bug Something isn't working and removed enhancement New feature or request labels Aug 2, 2023
@williballenthin
Copy link
Collaborator Author

also:

@williballenthin ➜ /workspaces/capa (fix/issue-1675) $ python scripts/lint.py rules/ 

INFO:lint:successfully loaded 826 rules
INFO:lint:collecting potentially referenced samples
                                                                                                                                                                                                                                      
 get UEFI variable                                                                                                                                                                                                                    
  WARN: feature api may overlap with ntdll and ntoskrnl: check if NtEnumerateSystemEnvironmentValuesEx is exported by both ntdll and ntoskrnl; if true, consider removing ntdll module requirement to improve detection               
                                                                                                                                                                                                                                      
rules with WARN:                                                                                                                                                                                                                      
  - get UEFI variable

INFO:lint:no lints failed, nice!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@williballenthin williballenthin

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

linter: skip native API check for NtProtectVirtualMemory mandiant/capa
1 participant
@williballenthin