gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-13 08:00:44 -08:00
Code Issues Packages Projects Releases Wiki Activity
5,055 Commits 43 Branches 48 Tags
19502efff3f861bfe30ca8281b3989f814c7644d
Commit Graph

88 Commits

Author SHA1 Message Date
Mike Hunhoff
19502efff3 vmray: connect process, thread, and call 2024-06-20 13:05:32 -06:00
Mike Hunhoff
d26a806647 vmray: update scripts/show-features.py to emit process name from extractor 2024-06-18 14:59:29 -06:00
N0stalgikow
0eb4291b25 Updating copyright across all files based on when it was first introduced. (#2027) 
* updating copyright, back to the date of origin of file

* updating regex to account for linter violation
 2024-03-13 14:04:53 +01:00
Willi Ballenthin
c3301d3b3f refactor main to for ease of integration (#1948) 
* main: split main into a bunch of "main routines"

[wip] since there are a few references to BinExport2
that are in progress elsewhre. Next commit will remove them.

* main: remove references to wip BinExport2 code

* changelog

* main: rename first position argument "input_file"

closes #1946

* main: linters

* main: move rule-related routines to capa.rules

ref #1821

* main: extract routines to capa.loader module

closes #1821

* add loader module

* loader: learn to load freeze format

* freeze: use new cli arg handling

* Update capa/loader.py

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>

* main: remove duplicate documentation

* main: add doc about where some functions live

* scripts: migrate to new main wrapper helper functions

* scripts: port to main routines

* main: better handle auto-detection of backend

* scripts: migrate bulk-process to main wrappers

* scripts: migrate scripts to main wrappers

* main: rename *_from_args to *_from_cli

* changelog

* cache-ruleset: remove duplication

* main: fix tag handling

* cache-ruleset: fix cli args

* cache-ruleset: fix special rule cli handling

* scripts: fix type bytes

* main: remove old TODO message

* loader: fix references to binja extractor

---------

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2024-01-29 13:59:05 +01:00
Moritz
2cfd45022a improve and fix various dynamic parts (#1809) 
* improve and fix various dynamic parts
 2023-10-18 10:59:41 +02:00
Willi Ballenthin
bf233c1c7a integrate Ghidra backend with dynamic analysis 2023-10-17 10:56:35 +00:00
Willi Ballenthin
182a9868ca merge master 2023-10-17 10:32:25 +00:00
Mike Hunhoff
65179805a7 add a Ghidra entry script users can invoke to run capa against a loaded Ghidra database (#1767) 
* enable use of Ghidra with show-features.py

* fix bug in is_supported_file_type

* fix bug in GhidraFeatureExtractor.get_function

* refactor get_insn_in_range

* add Ghidra entry script for users to more easily run capa against a loaded Ghidra database

* update CHANGELOG

* fixing lint

* fix fixtures import issue

* fix bug in is_supported_arch_type

* add check for supported arch type

* fix extract_embedded_pe performance
 2023-08-25 18:35:59 -07:00
Willi Ballenthin
c6d400bcf3 address: remove dynamic return address concept, as its unused today 2023-08-11 11:18:54 +00:00
Yacine Elhamer
3c3205adf1 add call address to show-features.py script 2023-08-02 23:10:27 +01:00
Yacine Elhamer
ca2760fb46 Initial commit 2023-08-02 22:46:54 +01:00
Yacine Elhamer
301b10d261 fix style issues 2023-07-20 10:52:43 +01:00
Yacine Elhamer
e38e56ccf6 Merge remote-tracking branch 'parentrepo/dynamic-feature-extraction' into sync-1657 2023-07-20 09:33:48 +01:00
Willi Ballenthin
7898ac24d5 show-features: support showing pefile features 2023-07-13 10:31:28 +02:00
Willi Ballenthin
c86ab51210 fix copyright headers everywhere 2023-07-13 05:03:33 +02:00
Yacine Elhamer
42baa10bcb Merge branch 'process-thread-addresses' of https://github.com/yelhamer/capa into yelhamer-process-thread-addresses 2023-07-11 12:07:20 +01:00
Aayush Goel
1baa7a5e4b flake8 checks resolved 2023-07-11 02:30:09 +05:30
Aayush Goel
8e346cb411 Merge branch 'Aayush-Goel-04/Issue#1534' of https://github.com/Aayush-Goel-04/capa into Aayush-Goel-04/Issue#1534 2023-07-11 00:59:21 +05:30
Yacine Elhamer
63e273efd4 fix bugs and mypy issues 2023-07-10 15:52:33 +01:00
Willi Ballenthin
7f57fccefb fix lints after sync with master 2023-07-10 02:55:50 +02:00
Willi Ballenthin
72e123e319 sync master 2023-07-10 02:50:18 +02:00
Willi Ballenthin
ae10a2ea34 introduce flake8-todos linter 2023-07-09 23:35:52 +02:00
Moritz
e140fba5df enhance various dynamic-related functions (#1590) 
* enhance various dynamic-related functions

* test_cape_features(): update API(NtQueryValueKey) feature count to 7

---------

Co-authored-by: Yacine Elhamer <elhamer.yacine@gmail.com>
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-07-07 13:59:12 +02:00
Willi Ballenthin
90e607fe9a flake8 2023-07-06 18:11:48 +02:00
Aayush Goel
c0d712acea Changes os.path to pathlib.Path usage 
changed args.rules , args.signatures types in handle_common_args.
 2023-07-06 05:12:50 +05:30
Yacine Elhamer
06aea6b97c fix mypy and codestyle issues 2023-06-27 11:32:21 +01:00
Willi Ballenthin
81d35eb645 Merge branch 'dynamic-feature-extraction' into static-extractor 2023-06-27 09:42:16 +02:00
Yacine Elhamer
b172f9a354 FeatureExtractor alias: fix mypy typing issues by adding ininstance-based assert statements 2023-06-26 22:46:27 +01:00
Yacine Elhamer
c74c8871f8 scripts: add type-related assert statements 2023-06-26 21:06:35 +01:00
Yacine Elhamer
aff0c6b49b show-featurex.py: bugfix in ida_main() 2023-06-26 09:41:14 +01:00
Yacine Elhamer
417bb42ac8 show_features.py: rename show_{function,process}_features to show_{static,dynamic}_features.py 2023-06-26 09:16:59 +01:00
Yacine Elhamer
5f6aade92b get_format_from_report(): fix bugs and add a list of dynamic formats 2023-06-25 00:54:55 +01:00
Yacine Elhamer
0c62a5736e add support for determining the format of a sandbox report 2023-06-24 23:51:12 +01:00
Yacine Elhamer
f1406c1ffd scripts/show-features.py: prefix {static,dynamic}_analysis() functions' name with 'print_' 2023-06-23 13:58:34 +01:00
Yacine Elhamer
1cdc3e5232 fix codestyle 2023-06-23 13:48:49 +01:00
Yacine Elhamer
bd9870254e Apply suggestions from code review: use EXTENSIONS_CAPE, and ident 'thread' by one more space 2023-06-23 13:31:35 +01:00
Yacine Elhamer
0442b8c1e1 Apply suggestions from code review: use is_ for booleans 
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2023-06-23 13:27:20 +01:00
Yacine Elhamer
9f185ed5c0 remove incompatible bar union syntax 2023-06-22 15:59:23 +01:00
Yacine Elhamer
12d5beec6e add type cast to fix get_extractor() typing issues 2023-06-22 15:51:56 +01:00
Yacine Elhamer
b77e68df19 fix codestyle and typing 2023-06-22 14:17:06 +01:00
Yacine Elhamer
07c48bca68 scripts/show-features.py: add dynamic feature extraction from cape reports 2023-06-22 13:56:54 +01:00
Yacine Elhamer
45002bd51d Revert "scripts/show-features.py: add dynamic feature extraction from cape reports" 
This reverts commit 64189a4d08.
 2023-06-22 12:29:51 +01:00
Yacine Elhamer
64189a4d08 scripts/show-features.py: add dynamic feature extraction from cape reports 2023-06-22 12:16:31 +01:00
Willi Ballenthin
f1c495dc0a *: use FORMAT_AUTO instead of string literal 2023-03-21 16:54:48 +01:00
Willi Ballenthin
1f3582c9c3 mypy 2023-03-21 16:45:24 +01:00
manasghandat
1336796c0c code style : update remaining files (#1353) 
* code style: update string formatting using fstrings

---------

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-03-16 11:16:18 +01:00
Willi Ballenthin
b819033da0 lots of mypy 2022-12-14 10:37:39 +01:00
Willi Ballenthin
8527d02dc8 pylint fixes 2022-12-06 15:37:31 +00:00
Willi Ballenthin
3ef126fbd7 show-features: fix rendering addresses 2022-06-06 15:27:06 -06:00
Willi Ballenthin
f8b10a2c0a render: verbose: update to use new result document 2022-06-06 13:48:41 -06:00