forked from mandiant/capa
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
2 additions
and
2 deletions.
There are no files selected for viewing
Binary file not shown.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,7 +9,7 @@ See `capa -h` for all supported arguments and usage examples. | |
| - [IDA Pro rule generator](#rule-generator) | ||
|
|
||
| ### only run selected rules | ||
| Use the `-t` option to run rules with the given metadata value (see the rule fields `rule.meta.*`). | ||
| Use the `-t` option to run rules with the given metadata value (see the rule fields `rule.meta.*`). | ||
| For example, `capa -t [email protected]` runs rules that reference Willi's email address (probably as the author), or | ||
| `capa -t communication` runs rules with the namespace `communication`. | ||
|
|
||
|
|
@@ -29,7 +29,7 @@ The capa explorer allows you to interactively display and browse capabilities ca | |
| As you select rules or logic, capa will highlight the addresses that support its analysis conclusions. | ||
| We like to use capa to help find the most interesting parts of a program, such as where the C2 mechanism might be. | ||
|
|
||
|  | ||
|  | ||
|
|
||
| #### rule generator | ||
| The rule generator helps you to easily write new rules based on the function you are currently analyzing in your IDA disassembly view. | ||
|
|
||