gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 23:59:48 -08:00
Code Issues Packages Projects Releases Wiki Activity
4,040 Commits 43 Branches 48 Tags
b3dccb3841400ea11907c23a6cb70734bb55f4a1
Commit Graph

4040 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Xusheng
b3dccb3841 binja: improve function call site detection 2023-09-21 09:51:01 +08:00
Xusheng
bc71c94171 binja: use binaryninja.load to open a binary 2023-09-21 09:51:01 +08:00
Xusheng
59d03b3ba3 binja: bump Binary Ninja version to 3.5 2023-09-20 21:00:04 +08:00
Willi Ballenthin
3a5c8ec3b8 Merge pull request #1788 from mandiant/dependabot/pip/ruff-0.0.290 
build(deps-dev): bump ruff from 0.0.286 to 0.0.290
 2023-09-19 14:17:33 +02:00
dependabot[bot]
fd3678904a build(deps-dev): bump ruff from 0.0.286 to 0.0.290 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.0.286 to 0.0.290.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/BREAKING_CHANGES.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.0.286...v0.0.290)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-18 14:36:44 +00:00
Capa Bot
d04ae5294e Sync capa-testfiles submodule 2023-09-13 14:50:29 +00:00
Capa Bot
6bae9d757d Sync capa rules submodule 2023-09-13 14:46:47 +00:00
Mike Hunhoff
b0d55143a4 ghidra: update CI to use /Ghidra/Extensions (#1782) 2023-09-05 13:21:52 -06:00
Capa Bot
e006702245 Sync capa rules submodule 2023-09-05 13:02:13 +00:00
Willi Ballenthin
1224b7e514 Merge pull request #1776 from mandiant/dependabot/pip/pre-commit-3.4.0 
build(deps-dev): bump pre-commit from 3.3.3 to 3.4.0
 2023-09-04 21:45:08 +02:00
dependabot[bot]
46e3ed1100 build(deps-dev): bump pre-commit from 3.3.3 to 3.4.0 
Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 3.3.3 to 3.4.0.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](https://github.com/pre-commit/pre-commit/compare/v3.3.3...v3.4.0)

---
updated-dependencies:
- dependency-name: pre-commit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-04 14:45:22 +00:00
Mike Hunhoff
7b08f2d55a Merge pull request #1770 from mandiant/backend-ghidra 
ghidra: add Ghidra feature extractor and supporting code
 2023-08-30 10:41:01 -06:00
Mike Hunhoff
d17db614b9 Update README.md 2023-08-30 10:33:38 -06:00
colton-gabertan
72ed4d1165 push shellcode example 2023-08-29 18:05:03 +00:00
colton-gabertan
0ec682a464 add shellcode documentation & update Headless Analyzer example 2023-08-29 18:01:11 +00:00
colton-gabertan
37917b6181 update ghidra feat extractor docs 2023-08-29 17:28:49 +00:00
Mike Hunhoff
a6e61ed6f1 Update capa/ghidra/README.md 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-08-29 09:03:26 -06:00
Mike Hunhoff
1fddf800c6 Update capa/ghidra/README.md 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-08-29 09:02:46 -06:00
Mike Hunhoff
0ffd631606 Update .github/workflows/tests.yml 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-08-29 09:00:14 -06:00
Mike Hunhoff
7cc10401d5 fix #1772 2023-08-28 15:15:47 -06:00
Mike Hunhoff
3929164fc2 Merge branch 'backend-ghidra' of github.com:mandiant/capa into backend-ghidra 2023-08-28 13:24:23 -06:00
Mike Hunhoff
f3a2a5958d fix Ghidra detection 2023-08-28 13:24:14 -06:00
Colton Gabertan
6d3f649a0c remove backend-ghidra from CI 2023-08-28 12:21:30 -07:00
Colton Gabertan
e00608e298 ghidra hotfix: fix ghidrathon download (#1771) 
* hotfix: fix ghidrathon download
 2023-08-28 12:19:45 -07:00
Mike Hunhoff
995014afc2 merge upstream 2023-08-28 12:40:49 -06:00
Mike Hunhoff
a522ae20f1 update CHANGELOG 2023-08-28 12:40:02 -06:00
Mike Hunhoff
203fc36865 cleanup CHANGELOG merge 2023-08-28 12:33:07 -06:00
Mike Hunhoff
7bd2467074 remove backend-ghidra from workflows 2023-08-28 12:32:52 -06:00
Willi Ballenthin
f339bbf68c Merge pull request #1769 from mandiant/dependabot/pip/ruff-0.0.286 
build(deps-dev): bump ruff from 0.0.285 to 0.0.286
 2023-08-28 20:26:11 +02:00
Mike Hunhoff
8ed4062cf1 sync rules submodule with upstream 2023-08-28 12:13:10 -06:00
dependabot[bot]
807792f879 build(deps-dev): bump ruff from 0.0.285 to 0.0.286 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.0.285 to 0.0.286.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/BREAKING_CHANGES.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.0.285...v0.0.286)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-28 14:48:55 +00:00
Colton Gabertan
9cea7346b2 ghidra: documentation (#1759) 
* Implement ghidra documentation
 2023-08-27 19:21:36 -07:00
colton-gabertan
d7c9ae26bc Merge branch 'master' into backend-ghidra 2023-08-26 02:08:22 +00:00
Colton Gabertan
fddec33d04 ghidra: fix api info caching (#1766) 
* cache and retrive imports, externs, and fakes in FunctionHandle objects

* reduce cache retreival calls

* cache in GhidraFeatureExtractor, point fh.ctx to cache

* move caching routine to __init__
 2023-08-25 19:03:38 -07:00
Mike Hunhoff
65179805a7 add a Ghidra entry script users can invoke to run capa against a loaded Ghidra database (#1767) 
* enable use of Ghidra with show-features.py

* fix bug in is_supported_file_type

* fix bug in GhidraFeatureExtractor.get_function

* refactor get_insn_in_range

* add Ghidra entry script for users to more easily run capa against a loaded Ghidra database

* update CHANGELOG

* fixing lint

* fix fixtures import issue

* fix bug in is_supported_arch_type

* add check for supported arch type

* fix extract_embedded_pe performance
 2023-08-25 18:35:59 -07:00
Willi Ballenthin
9d21addc6b Merge pull request #1763 from mandiant/v6.1.0 
version: v6.1.0
v6.1.0 		2023-08-25 11:11:59 +02:00
Willi Ballenthin
9accb60eff changelog 2023-08-25 09:11:04 +00:00
Willi Ballenthin
61202913a6 changelog 2023-08-25 09:07:09 +00:00
Willi Ballenthin
2b59fef1b2 changelog 2023-08-25 09:05:57 +00:00
Willi Ballenthin
ddff8634de changelog 2023-08-25 09:04:26 +00:00
Willi Ballenthin
1905f1bfbd changelog 2023-08-25 09:02:03 +00:00
Willi Ballenthin
7a70bc9b2a version: v6.1.0 2023-08-25 08:47:11 +00:00
Mike Hunhoff
448b122ef0 fix ints_to_bytes performance (#1761) 
* fix ints_to_bytes performance
 2023-08-24 16:01:41 -07:00
colton-gabertan
bd2f7bc1f4 hotfix: fix indirect address dereference handling 2023-08-24 22:09:08 +00:00
Colton Gabertan
70d36ab640 properly set bounds for find_byte_sequence (#1757) 2023-08-23 15:40:15 -06:00
Colton Gabertan
19b8000c00 Ghidra: Fixes & Enhancements (#1733) 
* restore from corrupted .git

* lint repo

* temp: remove lint failing rule

* implement dereferencing, clean up extractors

* implement proper dereferencing routines as applicable

* fix nzxor implementation, remediate ghidra analysis issues

* lint repo

* Assert typing, lint repo

* avoid extracting pointers in bytes extraction

* attempt to recover submodule

* implement GhidraFeatureExtractor & ghidra_main()

* lint repo

* document examples, clean-up & testing

* lint repo

* properly map import dict

* properly map fake addresses

* fix fake addr mapping

* properly map externs

* re-align consistency with other backends

* lint repo

* fix dereferencing routine

* clean up helpers

* fix format string

* disable progress bar to exit gracefully

* enable pbar in headless runtime mode

* implement fixture test script

* implement ghidra unit test script

* refactor repo for breaking Ghidrathon change

* bump ghidrathon CI version, run unit test in CI

* change CI config

* fix wget line for ghidrathon

* fix unzip paths

* fix ghidra import issue

* disable pytest faulthandler module

* fix dereference function

* fix ghidra state variables

* implement dereferencing for string extraction

* use toAddr

* restructure for consistency

* Bump Ghidrathon version for CI, fix pytest ghidra runtime detection

* fix number & offset extractors

* yield both signed & unsgned values for offset extraction

* add LEA insn handling to number & offset extraction

* fix indirect call extraction

* implement thunk function checking for dereferences

* revise ghidra feature count tests, pass unit testing

* fix feature test format

* implement additional support for dereferencing thunked functions

* integrate external locations into find_file_imports

* change api yield string for .elf samples to match other extractors

* fix potential NoneType errors during dereferencing

* user helper in global_

* fix GHIDRAIO class, implement in global_

* comment on getOriginalByte

* simplify get_file_imports

* implement explicit thunk chain handling

* simplify LEA number extraction

* simplify thunk handling

* temp: demonstrate CI failure & output

* fix log path

* run new test against mimikatz
 2023-08-23 14:35:18 -06:00
colton-gabertan
06f48063d0 Merge branch 'master' into backend-ghidra 2023-08-23 18:05:58 +00:00
Willi Ballenthin
934d0f969b Merge pull request #1740 from mandiant/dependabot/pip/mypy-1.5.1 
build(deps-dev): bump mypy from 1.5.0 to 1.5.1
 2023-08-22 09:53:15 +02:00
dependabot[bot]
b7b79b565b build(deps-dev): bump mypy from 1.5.0 to 1.5.1 
Bumps [mypy](https://github.com/python/mypy) from 1.5.0 to 1.5.1.
- [Commits](https://github.com/python/mypy/compare/v1.5.0...v1.5.1)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-22 07:48:33 +00:00
Moritz
979aab3098 Merge pull request #1741 from mandiant/dependabot/pip/ruff-0.0.285 
build(deps-dev): bump ruff from 0.0.284 to 0.0.285
 2023-08-22 09:47:50 +02:00