gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity
5,152 Commits 43 Branches 48 Tags
3043fd6ac843d36f3ae28ed05380c8e9a433471d
Commit Graph

5152 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Hunhoff
3043fd6ac8 vmray: merge upstream 2024-07-29 11:37:37 -06:00
Moritz
b9c4cc681b Merge pull request #2238 from s-ff/scripts-fix-caps-by-function 
scripts/show-capabilities-by-function.py: fix incorrect function address
 2024-07-29 17:42:30 +02:00
Soufiane Fariss
8476aeee35 scripts/show-capabilities-by-function.py: fix incorrect function address 2024-07-29 14:17:40 +02:00
Mike Hunhoff
b967213302 vmray: improve comments __init__.py 2024-07-25 12:30:20 -06:00
Mike Hunhoff
05fb8f658f vmray: fix flake8 lints 2024-07-25 12:19:22 -06:00
Mike Hunhoff
7b3812ae19 vmray: improve error reporting 2024-07-25 12:12:49 -06:00
Mike Hunhoff
5b7a2be652 vmray: remove outdated comments __init__.py 2024-07-25 09:33:17 -06:00
Mike Hunhoff
b8d3d77829 vmray: document vmray support in README 2024-07-24 10:35:34 -06:00
Mike Hunhoff
9a1364c21c vmray: document vmray support in README 2024-07-24 10:32:22 -06:00
Mike Hunhoff
6e146bb126 vmray: fix lints 2024-07-24 10:12:21 -06:00
Mike Hunhoff
85373a7ddb cape: add explicit check for CAPE report format file extension 2024-07-24 10:09:22 -06:00
Mike Hunhoff
f6d12bcb41 vmray: fix lints 2024-07-24 10:03:57 -06:00
Mike Hunhoff
f471386456 vmray: merge upstream and fix conflicts 2024-07-24 10:02:07 -06:00
Yacine
cf3494d427 Add a Feature Extractor for the Drakvuf Sandbox (#2143) 
* initial commit

* update changelog

* Update CHANGELOG.md

* Update pyproject.toml

* Apply suggestions from code review: Typos

Co-authored-by: Vasco Schiavo <115561717+VascoSch92@users.noreply.github.com>

* capa/helpers.py: update if/else statement

Co-authored-by: Vasco Schiavo <115561717+VascoSch92@users.noreply.github.com>

* loader.py: replace print() statement with log.info()

* Update capa/features/extractors/drakvuf/models.py

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>

* extractors/drakvuf/call.py: yield arguments right to left

* extractors/drakvuf/file.py: add a TODO comment for extracting more file features

* extractors/drakvuf/global_.py: add arch extraction

* extractors/drakvuf/helpers.py: ignore null pids

* capa/helpers.py: mention msgspec.json explicitely

* capa/helpers.py: generalize empty sandbox reports error logging

* capa/loader.py: log jsonl garbage collection into debug

* features/extractors/drakvuf/models.py: add documentation for SystemCall class

* capa/main.py: fix erroneous imports

* drakvuf extractor: fixed faulty type annotations

* fix black formatting

* fix flake8 issues

* drakvuf file extraction: add link to tracking issue

* drakvuf reports: add the ability to read gzip-compressed report files

* capa/helpers.py: fix mypy issues

* apply review comments

* drakvuf/helpers.py: add more information about null pid

* drakvuf/file.py: remove discovered_dlls file strings extraction

* capa/helpers.py: add comments for the dynamic extensions

* capa/helpers.py: log bad lines

* capa/helpers.py: add gzip support for reading one jsonl line

* drakvuf/helpers.py: add comment for sort_calls()

* tests/fixtures.py: add TODO for unifying CAPE and Drakvuf tests

* drakvuf/models.py: add TODO comment for supporting more drakvuf plugins

* tests/fixtures.py: remove obsolete file strings tests

* Update capa/main.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* Update capa/features/extractors/drakvuf/models.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* Update capa/features/extractors/drakvuf/models.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* Update capa/features/extractors/drakvuf/call.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* Update CHANGELOG.md

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* Update capa/features/extractors/drakvuf/helpers.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* review comments

* Update capa/features/extractors/drakvuf/extractor.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* Update capa/features/extractors/drakvuf/models.py

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* styling

* drakvuf/extractor.py: black linting

* drakvuf/models.py: remove need to empty report checking

* tests: add drakvuf models test

* Update capa/features/extractors/drakvuf/global_.py

Co-authored-by: msm-cert <156842376+msm-cert@users.noreply.github.com>

* Update tests/test_cape_features.py

Co-authored-by: msm-cert <156842376+msm-cert@users.noreply.github.com>

* Update capa/features/extractors/drakvuf/models.py

Co-authored-by: msm-cert <156842376+msm-cert@users.noreply.github.com>

* Apply suggestions from code review: rename Drakvuf to DRAKVUF

Co-authored-by: msm-cert <156842376+msm-cert@users.noreply.github.com>

* drakvuf/call.py: use int(..., 0) instead of str_to_number()

* remove str_to_number

* drakvuf/call.py: yield argument memory address value as well

* Update call.py: remove verbosity in yield statement

* Update call.py: yield missing address as well

* drakvuf/call.py: yield entire argument string only

* update readme.md

* Update README.md: typo

* Update CHANGELOG.md

Co-authored-by: msm-cert <156842376+msm-cert@users.noreply.github.com>

---------

Co-authored-by: Vasco Schiavo <115561717+VascoSch92@users.noreply.github.com>
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
Co-authored-by: msm-cert <156842376+msm-cert@users.noreply.github.com>
 2024-07-24 14:22:21 +02:00
Willi Ballenthin
e2e84f7f50 ELF: better handle corrupt files (#2227) 
such as when there's a missing symbol table and invalid relocation table.
and then handle when Viv fails to load a workspace.

closes #2226
 2024-07-24 09:22:30 +02:00
Mike Hunhoff
31e53fab20 vmray: improve models.py comments 2024-07-23 09:52:36 -06:00
Mike Hunhoff
cbdc7446aa vmray: merge upstream 2024-07-23 09:49:40 -06:00
Mike Hunhoff
46b68d11b7 vmray: improve models.py comments 2024-07-23 09:48:52 -06:00
dependabot[bot]
fd686ac591 build(deps): bump types-protobuf from 5.26.0.20240422 to 5.27.0.20240626 (#2185) 
Bumps [types-protobuf](https://github.com/python/typeshed) from 5.26.0.20240422 to 5.27.0.20240626.
- [Commits](https://github.com/python/typeshed/commits)

---
updated-dependencies:
- dependency-name: types-protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-23 09:17:45 +02:00
dependabot[bot]
17aab2c4fc build(deps): bump pip from 24.0 to 24.1.2 (#2199) 
Bumps [pip](https://github.com/pypa/pip) from 24.0 to 24.1.2.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/pip/commits)

---
updated-dependencies:
- dependency-name: pip
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-23 09:16:40 +02:00
dependabot[bot]
216ac8dd96 build(deps): bump deptry from 0.16.1 to 0.17.0 (#2222) 
Bumps [deptry](https://github.com/fpgmaas/deptry) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/fpgmaas/deptry/releases)
- [Changelog](https://github.com/fpgmaas/deptry/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fpgmaas/deptry/compare/0.16.1...0.17.0)

---
updated-dependencies:
- dependency-name: deptry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-23 09:16:22 +02:00
dependabot[bot]
d68e057439 build(deps): bump pyinstaller from 6.8.0 to 6.9.0 (#2220) 
Bumps [pyinstaller](https://github.com/pyinstaller/pyinstaller) from 6.8.0 to 6.9.0.
- [Release notes](https://github.com/pyinstaller/pyinstaller/releases)
- [Changelog](https://github.com/pyinstaller/pyinstaller/blob/develop/doc/CHANGES.rst)
- [Commits](https://github.com/pyinstaller/pyinstaller/compare/v6.8.0...v6.9.0)

---
updated-dependencies:
- dependency-name: pyinstaller
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-23 09:16:05 +02:00
Mike Hunhoff
3b94961133 vmray: complete pefile model tests 2024-07-19 15:50:07 -06:00
Mike Hunhoff
6ef485f67b vmray: refactor model tests 2024-07-19 15:44:53 -06:00
Mike Hunhoff
4dfc53a58f vmray: refactor model tests 2024-07-19 15:42:04 -06:00
Mike Hunhoff
98939f8a8f vmray: improve FunctionCall model 2024-07-19 15:38:26 -06:00
Mike Hunhoff
4490097e11 vmray: add summary_v2.json model tests 2024-07-19 15:28:47 -06:00
Mike Hunhoff
2ba2a2b013 vmray: remove unneeded json.loads from __init__.py 2024-07-19 15:05:21 -06:00
Mike Hunhoff
28792ec6a6 vmray: add model tests for FunctionCall 2024-07-19 13:56:46 -06:00
Mike Hunhoff
658927c103 vmray: refactor models.py 2024-07-19 11:58:48 -06:00
Mike Hunhoff
673f7cccfc vmray: refactor models.py 2024-07-19 11:57:07 -06:00
Mike Hunhoff
6e0dc83451 vmray: refactor global_.py 2024-07-19 11:51:16 -06:00
xusheng
da6c6cfb48 Update Binary Ninja version to 4.1 and use Python 3.9 to test it (#2212) 2024-07-19 02:28:10 +02:00
Mike Hunhoff
8bf0d16fd8 vmray: add init support for ELF files 2024-07-18 17:52:33 -06:00
Mike Hunhoff
24a31a8bc3 vmray: add comments to __init__.py 2024-07-18 14:23:20 -06:00
Mike Hunhoff
6f7cc7cdb0 vmray: improve detections for unsupported input files 2024-07-18 11:33:42 -06:00
Mike Hunhoff
64a09d3146 vmray: remove broken assert for unique OS PIDs 2024-07-18 11:20:03 -06:00
Mike Hunhoff
998537ddf8 vmray: remove outdated comments 2024-07-18 09:10:50 -06:00
Mike Hunhoff
5afea29473 vmray: update CHANGELOG release notes with VMRay integration 2024-07-18 09:06:58 -06:00
Mike Hunhoff
fd7bd94b48 vmray: remove outdated comments 2024-07-18 08:50:20 -06:00
Mike Hunhoff
330c77a32a vmray: implement get_call_name 2024-07-17 15:04:00 -06:00
Mike Hunhoff
19a6f3ad49 vmray: improve supported file type validation 2024-07-17 12:37:51 -06:00
Mike Hunhoff
100df45cc0 vmray: add logging for skipped deref param types 2024-07-17 12:27:14 -06:00
Mike Hunhoff
cc87ef39d5 vmray: remove and document extract_call_features comments 2024-07-17 12:18:01 -06:00
Mike Hunhoff
ec7e43193e vmray: update comment for extract_process_features 2024-07-17 12:10:18 -06:00
Mike Hunhoff
b68a91e10b vmray: validate supported flog version 2024-07-17 12:06:23 -06:00
Mike Hunhoff
15889749c0 vmray: merge upstream 2024-07-17 11:54:58 -06:00
dependabot[bot]
9353e46615 build(deps): bump ruff from 0.5.0 to 0.5.2 (#2209) 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.5.0 to 0.5.2.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.5.0...0.5.2)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-17 02:23:19 +02:00
Mike Hunhoff
af26bef611 vmray: fix lints 2024-07-12 20:21:57 -06:00
Mike Hunhoff
42fddfbf31 vmray: improve comments 2024-07-12 20:19:06 -06:00