Skip to content

Disable SigKit and enable WARP by default #6231

New issue
New issue
Open
Open
Disable SigKit and enable WARP by default#6231
Assignees
emesare
Labels
Component: WARPEffort: MediumIssue should take < 1 monthImpact: HighIssue adds or blocks important functionality
Milestone
 
Future
@emesare

Description

@emesare
emesare
opened on Dec 4, 2024

Right now on 4.2 dev we have SigKit as the function matching toolkit and and experimental WARP function matching toolkit. The intention is to disable SigKit and run just the WARP integration. Before this can be done we need to iron out the matching issues.

  • Function adjacency on identical function GUID's creates a cascading set of false positives.
  • Types with only GUID's are stored in the binary view.
  • Certain functions in msvcrt are not being matched due to mismatching basic blocks at the time of GUID creation.
  • Users should be able to blacklist WARP signatures

Metadata

Metadata

Assignees

Labels

Component: WARPEffort: MediumIssue should take < 1 monthImpact: HighIssue adds or blocks important functionality

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions