mirror of
https://github.com/mandiant/capa.git
synced 2025-12-13 08:00:44 -08:00
c3301d3b3f
* main: split main into a bunch of "main routines" [wip] since there are a few references to BinExport2 that are in progress elsewhre. Next commit will remove them. * main: remove references to wip BinExport2 code * changelog * main: rename first position argument "input_file" closes #1946 * main: linters * main: move rule-related routines to capa.rules ref #1821 * main: extract routines to capa.loader module closes #1821 * add loader module * loader: learn to load freeze format * freeze: use new cli arg handling * Update capa/loader.py Co-authored-by: Moritz <mr-tz@users.noreply.github.com> * main: remove duplicate documentation * main: add doc about where some functions live * scripts: migrate to new main wrapper helper functions * scripts: port to main routines * main: better handle auto-detection of backend * scripts: migrate bulk-process to main wrappers * scripts: migrate scripts to main wrappers * main: rename *_from_args to *_from_cli * changelog * cache-ruleset: remove duplication * main: fix tag handling * cache-ruleset: fix cli args * cache-ruleset: fix special rule cli handling * scripts: fix type bytes * main: remove old TODO message * loader: fix references to binja extractor --------- Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
64 lines
1.9 KiB
Python
64 lines
1.9 KiB
Python
#!/usr/bin/env python2
|
|
"""
|
|
Copyright (C) 2023 Mandiant, Inc. All Rights Reserved.
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at: [package root]/LICENSE.txt
|
|
Unless required by applicable law or agreed to in writing, software distributed under the License
|
|
is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and limitations under the License.
|
|
|
|
detect-elf-os
|
|
|
|
Attempt to detect the underlying OS that the given ELF file targets.
|
|
"""
|
|
import sys
|
|
import logging
|
|
import argparse
|
|
import contextlib
|
|
from typing import BinaryIO
|
|
|
|
import capa.main
|
|
import capa.helpers
|
|
import capa.features.extractors.elf
|
|
|
|
logger = logging.getLogger("capa.detect-elf-os")
|
|
|
|
|
|
def main(argv=None):
|
|
if capa.helpers.is_runtime_ida():
|
|
from capa.ida.helpers import IDAIO
|
|
|
|
f: BinaryIO = IDAIO() # type: ignore
|
|
|
|
else:
|
|
if argv is None:
|
|
argv = sys.argv[1:]
|
|
|
|
parser = argparse.ArgumentParser(description="Detect the underlying OS for the given ELF file")
|
|
capa.main.install_common_args(parser, wanted={"input_file"})
|
|
args = parser.parse_args(args=argv)
|
|
|
|
try:
|
|
capa.main.handle_common_args(args)
|
|
capa.main.ensure_input_exists_from_cli(args)
|
|
except capa.main.ShouldExitError as e:
|
|
return e.status_code
|
|
|
|
f = args.input_file.open("rb")
|
|
|
|
with contextlib.closing(f):
|
|
try:
|
|
print(capa.features.extractors.elf.detect_elf_os(f))
|
|
return 0
|
|
except capa.features.extractors.elf.CorruptElfFile as e:
|
|
logger.error("corrupt ELF file: %s", str(e.args[0]))
|
|
return -1
|
|
|
|
|
|
if __name__ == "__main__":
|
|
if capa.helpers.is_runtime_ida():
|
|
main()
|
|
else:
|
|
sys.exit(main())
|