gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

move is_global_feature into capa.features.common

Browse Source
This commit is contained in:
William Ballenthin
2021-08-11 15:02:10 -06:00
parent 769d354792
commit c1910d47f0
2 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
capa/features/common.py
View File

@@ -278,3 +278,16 @@ class Bytes(Feature):
@classmethod
def freeze_deserialize(cls, args):
return cls(*[codecs.decode(x, "hex") for x in args])
def is_global_feature(feature):
"""
is this a feature that is extracted at every scope?
today, this are OS and file format features.
"""
if (isinstance(feature, Characteristic)
and isinstance(feature.value, str)
and (feature.value.startswith("os/")
or feature.value.startswith("format/"))):
return True
return False

15
scripts/show-features.py
View File

@@ -194,15 +194,6 @@ def ida_main():
return 0
def is_global_feature(feature):
if (isinstance(feature, capa.features.common.Characteristic)
and isinstance(feature.value, str)
and (feature.value.startswith("os/")
or feature.value.startswith("format/"))):
return True
return False
def print_features(functions, extractor):
for f in functions:
function_address = int(f)
@@ -213,21 +204,21 @@ def print_features(functions, extractor):
continue
for feature, va in extractor.extract_function_features(f):
if is_global_feature(feature):
if capa.features.common.is_global_feature(feature):
continue
print("func: 0x%08x: %s" % (va, feature))
for bb in extractor.get_basic_blocks(f):
for feature, va in extractor.extract_basic_block_features(f, bb):
if is_global_feature(feature):
if capa.features.common.is_global_feature(feature):
continue
print("bb : 0x%08x: %s" % (va, feature))
for insn in extractor.get_instructions(f, bb):
for feature, va in extractor.extract_insn_features(f, bb, insn):
if is_global_feature(feature):
if capa.features.common.is_global_feature(feature):
continue
try: