gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

merging upstream

Browse Source
This commit is contained in:
Michael Hunhoff
2020-09-11 13:18:45 -06:00
parent 7846ffa818 2e8d02c0ab
commit 33ac728af8
4 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
capa/ida/plugin/__init__.py
View File

@@ -21,7 +21,7 @@ logger = logging.getLogger(__name__)
class CapaExplorerPlugin(idaapi.plugin_t):
# Mandatory definitions
PLUGIN_NAME = "FLARE capa plugin"
PLUGIN_NAME = "FLARE capa explorer"
PLUGIN_VERSION = "1.0.0"
PLUGIN_AUTHORS = "michael.hunhoff@mandiant.com, william.ballenthin@mandiant.com, moritz.raabe@mandiant.com"

0
capa/ida/plugin/capa_plugin_ida.py → capa/ida/plugin/capa_explorer.py
View File

4
capa/ida/plugin/item.py
View File

@@ -341,12 +341,12 @@ class CapaExplorerByteViewItem(CapaExplorerFeatureItem):
class CapaExplorerStringViewItem(CapaExplorerFeatureItem):
"""store data for string match"""
def __init__(self, parent, display, location):
def __init__(self, parent, display, location, value):
"""initialize item
@param parent: parent node
@param display: text to display in UI
@param location: virtual address as seen by IDA
"""
super(CapaExplorerStringViewItem, self).__init__(parent, display, location=location)
super(CapaExplorerStringViewItem, self).__init__(parent, display, location=location, details=value)
self.ida_highlight = idc.get_color(location, idc.CIC_ITEM)

4
capa/ida/plugin/model.py
View File

@@ -522,7 +522,7 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):
)
if feature["type"] == "regex":
return CapaExplorerFeatureItem(parent, display, location, details=feature["match"])
return CapaExplorerStringViewItem(parent, display, location, feature["match"])
if feature["type"] == "basicblock":
return CapaExplorerBlockItem(parent, location)
@@ -547,7 +547,7 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):
if feature["type"] in ("string",):
# display string preview
return CapaExplorerStringViewItem(parent, display, location)
return CapaExplorerStringViewItem(parent, display, location, feature[feature["type"]])
if feature["type"] in ("import", "export"):
# display no preview