Merge branch 'master' of github.com:mandiant/capa

2025-12-12 15:49:46 -08:00 · 2022-06-28 15:54:19 -06:00
parent 91818a116d 82e8f8f090
commit 8dbb5a097c
8 changed files with 12 additions and 18 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -23,6 +23,7 @@ jobs:
            artifact_name: capa.exe
            asset_name: windows
          - os: macos-10.15
+            # use older macOS for assumed better portability
            artifact_name: capa
            asset_name: macos
    steps:
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -65,7 +65,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        os: [ubuntu-20.04, windows-2019, macos-10.15]
+        os: [ubuntu-20.04, windows-2019, macos-11]
        # across all operating systems
        python-version: ["3.7", "3.10"]
        include:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,7 +26,9 @@
  - extractors must use handles to identify functions/basic blocks/instructions #981 @williballenthin
  - the freeze file format schema was updated, including format version bump to v2 #986 @williballenthin

-### New Rules (7)
+Deprecation notice: as described in [#937](https://github.com/mandiant/capa/issues/937), we plan to remove the SMDA backend for v5. If you rely on this backend, please reach out so we can discuss extending the support for SMDA or transitioning your workflow to use vivisect.
+
+### New Rules (9)

 - data-manipulation/encryption/aes/manually-build-aes-constants huynh.t.nhan@gmail.com
 - nursery/get-process-image-filename michael.hunhoff@mandiant.com
@@ -35,6 +37,8 @@
 - anti-analysis/packer/huan/packed-with-huan jakub.jozwiak@mandiant.com
 - internal/limitation/file/internal-dotnet-file-limitation william.ballenthin@mandiant.com
 - nursery/get-os-information-via-kuser_shared_data @mr-tz
+- load-code/pe/resolve-function-by-parsing-PE-exports sara-rn
+- anti-analysis/packer/huan/packed-with-huan jakub.jozwiak@mandiant.com
 -

 ### Bug Fixes
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@

 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa)
 [![Last release](https://img.shields.io/github/v/release/mandiant/capa)](https://github.com/mandiant/capa/releases)
-[![Number of rules](https://img.shields.io/badge/rules-666-blue.svg)](https://github.com/mandiant/capa-rules)
+[![Number of rules](https://img.shields.io/badge/rules-677-blue.svg)](https://github.com/mandiant/capa-rules)
 [![CI status](https://github.com/mandiant/capa/workflows/CI/badge.svg)](https://github.com/mandiant/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster)
 [![Downloads](https://img.shields.io/github/downloads/mandiant/capa/total)](https://github.com/mandiant/capa/releases)
 [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt)
--- a/capa/render/verbose.py
+++ b/capa/render/verbose.py
@@ -44,15 +44,11 @@ def format_address(address: frz.Address) -> str:
        return f"file+{rutils.hex(address.value)}"
    elif address.type == frz.AddressType.DN_TOKEN:
        token = dncil.clr.token.Token(address.value)
-        name = dnfile.mdtable.ClrMetaDataTableFactory._table_number_map[token.table].name
-        rid = token.rid
-        return f"{name}[{rid}]"
+        return f"token({rutils.hex(token.value)})"
    elif address.type == frz.AddressType.DN_TOKEN_OFFSET:
        token, offset = address.value
        token = dncil.clr.token.Token(token)
-        name = dnfile.mdtable.ClrMetaDataTableFactory._table_number_map[token.table].name
-        rid = token.rid
-        return f"{name}[{rid}]+{rutils.hex(offset)}"
+        return f"token({rutils.hex(token.value)})+{rutils.hex(offset)}"
    elif address.type == frz.AddressType.NO_ADDRESS:
        return "global"
    else:
--- a/capa/rules.py
+++ b/capa/rules.py
@@ -264,13 +264,6 @@ def parse_feature(key: str):
        return capa.features.insn.Number
    elif key == "offset":
        return capa.features.insn.Offset
-    # TODO remove x32/x64 flavor keys once fixed master/rules
-    elif key.startswith("number/"):
-        logger.warning("x32/x64 flavor currently not supported and deprecated")
-        return capa.features.insn.Number
-    elif key.startswith("offset/"):
-        logger.warning("x32/x64 flavor currently not supported and deprecated")
-        return capa.features.insn.Offset
    elif key == "mnemonic":
        return capa.features.insn.Mnemonic
    elif key == "basic blocks":
--- a/2
+++ b/2
--- a/setup.py
+++ b/setup.py
@@ -87,7 +87,7 @@ setuptools.setup(
            "types-tabulate==0.8.9",
            "types-termcolor==1.1.4",
            "types-psutil==5.8.23",
-            "types_requests==2.27.30",
+            "types_requests==2.28.0",
        ],
        "build": [
            "pyinstaller==5.1",