gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-02-04 11:07:53 -08:00
Code Issues Packages Projects Releases Wiki Activity

add form icon and other cosmetic changes

Browse Source 
(cherry picked from commit 98ed862d3c)
This commit is contained in:
Moritz Raabe
2020-09-01 23:01:27 +02:00
parent ba47455a0c
commit 198fabdd2d
4 changed files with 30 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
capa/ida/plugin/__init__.py
View File

@@ -15,22 +15,22 @@ from capa.ida.helpers import is_supported_file_type, is_supported_ida_version
from capa.ida.plugin.form import CapaExplorerForm
from capa.ida.plugin.icon import ICON
logger = logging.getLogger("capa")
logger = logging.getLogger(__name__)
class CapaExplorerPlugin(idaapi.plugin_t):
# Mandatory definitions
PLUGIN_NAME = "capa explorer"
PLUGIN_NAME = "FLARE capa plugin"
PLUGIN_VERSION = "1.0.0"
PLUGIN_AUTHORS = ""
PLUGIN_AUTHORS = "michael.hunhoff@mandiant.com, william.ballenthin@mandiant.com, moritz.raabe@mandiant.com"
wanted_name = PLUGIN_NAME
comment = "IDA plugin for capa analysis framework"
wanted_hotkey = "ALT-F5"
comment = "IDA Pro plugin for the FLARE team's capa tool to identify capabilities in executable files."
website = "https://github.com/fireeye/capa"
help = "See https://github.com/fireeye/capa/blob/master/doc/usage.md"
version = ""
website = ""
help = ""
wanted_hotkey = ""
flags = 0
def __init__(self):
@@ -43,13 +43,13 @@ class CapaExplorerPlugin(idaapi.plugin_t):
"""
logging.basicConfig(level=logging.INFO)
# check IDA version and database compat
# check IDA version and database compatibility
if not is_supported_ida_version():
return idaapi.PLUGIN_SKIP
if not is_supported_file_type():
return idaapi.PLUGIN_SKIP
logger.info("plugin initialized.")
logger.debug("plugin initialized")
return idaapi.PLUGIN_KEEP
@@ -57,7 +57,7 @@ class CapaExplorerPlugin(idaapi.plugin_t):
"""
called when IDA is unloading the plugin
"""
logger.info("plugin closed.")
logger.debug("plugin terminated")
def run(self, arg):
"""

35
capa/ida/plugin/form.py
View File

@@ -25,9 +25,11 @@ from capa.ida.plugin.hooks import CapaExplorerIdaHooks
from capa.ida.plugin.model import CapaExplorerDataModel
from capa.ida.plugin.proxy import CapaExplorerSortFilterProxyModel
logger = logging.getLogger("capa")
logger = logging.getLogger(__name__)
settings = ida_settings.IDASettings("capa")
ICON_PATH = os.path.join(os.path.dirname(__file__), "img", "capa_icon.png")
class CapaExplorerForm(idaapi.PluginForm):
def __init__(self, name):
@@ -56,17 +58,18 @@ class CapaExplorerForm(idaapi.PluginForm):
def OnCreate(self, form):
""" """
self.parent = self.FormToPyQtWidget(form)
self.parent.setWindowIcon(QtGui.QIcon(ICON_PATH))
self.load_interface()
self.load_capa_results()
self.load_ida_hooks()
self.view_tree.reset()
logger.info("form created.")
logger.debug("form created")
def Show(self):
""" """
logger.info("form show.")
logger.debug("form show")
return idaapi.PluginForm.Show(
self, self.form_title, options=(idaapi.PluginForm.WOPN_TAB | idaapi.PluginForm.WCLS_CLOSE_LATER)
)
@@ -75,7 +78,7 @@ class CapaExplorerForm(idaapi.PluginForm):
""" form is closed """
self.unload_ida_hooks()
self.ida_reset()
logger.info("form closed.")
logger.debug("form closed")
def load_interface(self):
""" load user interface """
@@ -316,19 +319,19 @@ class CapaExplorerForm(idaapi.PluginForm):
self.rule_path = rule_path
settings.user["rule_path"] = rule_path
logger.info("-" * 80)
logger.info(" Using rules from %s." % self.rule_path)
logger.info(" ")
logger.info(" You can see the current default rule set here:")
logger.info(" https://github.com/fireeye/capa-rules")
logger.info("-" * 80)
logger.debug("-" * 80)
logger.debug(" Using rules from %s.", self.rule_path)
logger.debug(" ")
logger.debug(" You can see the current default rule set here:")
logger.debug(" https://github.com/fireeye/capa-rules")
logger.debug("-" * 80)
try:
rules = capa.main.get_rules(self.rule_path)
rules = capa.rules.RuleSet(rules)
except (IOError, capa.rules.InvalidRule, capa.rules.InvalidRuleSet) as e:
capa.ida.helpers.inform_user_ida_ui("Failed to load rules from %s" % self.rule_path)
logger.error("failed to load rules from %s (%s)" % (self.rule_path, e))
logger.error("failed to load rules from %s (%s)", self.rule_path, e)
self.rule_path = ""
return
@@ -360,7 +363,7 @@ class CapaExplorerForm(idaapi.PluginForm):
if capa.main.has_file_limitation(rules, capabilities, is_standalone=False):
capa.ida.helpers.inform_user_ida_ui("capa encountered warnings during analysis")
logger.info("analysis completed.")
logger.debug("analysis completed.")
self.doc = capa.render.convert_capabilities_to_result_document(meta, rules, capabilities)
@@ -370,7 +373,7 @@ class CapaExplorerForm(idaapi.PluginForm):
self.set_view_tree_default_sort_order()
logger.info("render views completed.")
logger.debug("render views completed.")
def set_view_tree_default_sort_order(self):
""" set capa tree view default sort order """
@@ -468,7 +471,7 @@ class CapaExplorerForm(idaapi.PluginForm):
self.view_summary.setRowCount(0)
self.load_capa_results()
logger.info("reload complete.")
logger.debug("%s reload completed", self.form_title)
idaapi.info("%s reload completed." % self.form_title)
def reset(self, checked):
@@ -478,8 +481,8 @@ class CapaExplorerForm(idaapi.PluginForm):
"""
self.ida_reset()
logger.info("reset completed.")
idaapi.info("%s reset completed." % self.form_title)
logger.debug("%s reset completed", self.form_title)
idaapi.info("%s reset completed" % self.form_title)
def slot_menu_bar_hovered(self, action):
"""display menu action tooltip

BIN
capa/ida/plugin/img/capa_icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

2
tests/data

Submodule tests/data updated: c3a35d4b64...afd4177aa9