main: compute function & bb layout

so bb can be associated with function in output. only captures BBs that have a rule match, otherwise, there might be too much data captured. closes #130.
2025-12-12 15:49:46 -08:00 · 2021-10-26 15:04:50 -06:00
parent 4e64ef8ab3
commit 328e13fbfe
7 changed files with 73 additions and 5 deletions
--- a/scripts/show-capabilities-by-function.py
+++ b/scripts/show-capabilities-by-function.py
@@ -174,6 +174,7 @@ def main(argv=None):
    meta = capa.main.collect_metadata(argv, args.sample, args.rules, extractor)
    capabilities, counts = capa.main.find_capabilities(rules, extractor)
    meta["analysis"].update(counts)
+    meta["analysis"]["layout"] = capa.main.compute_layout(rules, extractor, capabilities)

    if capa.main.has_file_limitation(rules, capabilities):
        # bail if capa encountered file limitation e.g. a packed binary