gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 07:40:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

Binary Ninja update and fix (#2205)

Browse Source 
* Fix binja warning (use of a deprecated API method)

* Update binja plugin
> Fix json openning and parsing
> Fix base address

* Fix code_style

* lint black update
This commit is contained in:
Maxime Berthault
2024-07-12 12:25:19 +02:00
committed by GitHub
parent bb86d1485c
commit 76913af20b
2 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
capa/features/extractors/binja/extractor.py
View File

@@ -28,7 +28,7 @@ from capa.features.extractors.base_extractor import (
class BinjaFeatureExtractor(StaticFeatureExtractor): class BinjaFeatureExtractor(StaticFeatureExtractor):
def __init__(self, bv: binja.BinaryView): def __init__(self, bv: binja.BinaryView):
super().__init__(hashes=SampleHashes.from_bytes(bv.file.raw.read(0, len(bv.file.raw)))) super().__init__(hashes=SampleHashes.from_bytes(bv.file.raw.read(0, bv.file.raw.length)))
self.bv = bv self.bv = bv
self.global_features: List[Tuple[Feature, Address]] = [] self.global_features: List[Tuple[Feature, Address]] = []
self.global_features.extend(capa.features.extractors.binja.file.extract_file_format(self.bv)) self.global_features.extend(capa.features.extractors.binja.file.extract_file_format(self.bv))

26
scripts/import-to-bn.py
View File

@@ -69,7 +69,8 @@ def load_analysis(bv):
return 0 return 0
binaryninja.log_info(f"Using capa file {path}") binaryninja.log_info(f"Using capa file {path}")
doc = json.loads(path.read_bytes().decode("utf-8")) with Path(path).open("r", encoding="utf-8") as file:
doc = json.load(file)
if "meta" not in doc or "rules" not in doc: if "meta" not in doc or "rules" not in doc:
binaryninja.log_error("doesn't appear to be a capa report") binaryninja.log_error("doesn't appear to be a capa report")
@@ -83,20 +84,35 @@ def load_analysis(bv):
binaryninja.log_error("sample mismatch") binaryninja.log_error("sample mismatch")
return -2 return -2
# Retreive base address
capa_base_address = 0
if "analysis" in doc["meta"] and "base_address" in doc["meta"]["analysis"]:
if doc["meta"]["analysis"]["base_address"]["type"] == "absolute":
capa_base_address = int(doc["meta"]["analysis"]["base_address"]["value"])
rows = [] rows = []
for rule in doc["rules"].values(): for rule in doc["rules"].values():
if rule["meta"].get("lib"): if rule["meta"].get("lib"):
continue continue
if rule["meta"].get("capa/subscope"): if rule["meta"].get("capa/subscope"):
continue continue
if rule["meta"]["scope"] != "function": if rule["meta"]["scopes"].get("static") != "function":
continue continue
name = rule["meta"]["name"] name = rule["meta"]["name"]
ns = rule["meta"].get("namespace", "") ns = rule["meta"].get("namespace", "")
for va in rule["matches"].keys(): for matches in rule["matches"]:
va = int(va) for match in matches:
rows.append((ns, name, va)) if "type" not in match.keys():
continue
if "value" not in match.keys():
continue
va = match["value"]
# Substract va and CAPA base_address
va = int(va) - capa_base_address
# Add binja base address
va = va + bv.start
rows.append((ns, name, va))
# order by (namespace, name) so that like things show up together # order by (namespace, name) so that like things show up together
rows = sorted(rows) rows = sorted(rows)