explorer: add analyze option

I would like to load capa explorer with an script and that it runs the analysis without needing extra clicks. Introduce an analyze option for this. Loading capa explorer from the UI or with Alt+F5 behaves as before. The following command as well: ``` ida_loader.load_and_run_plugin("capa_explorer", 0) ``` But the following command automatically runs the analysis without extra clicks: ``` ida_loader.load_and_run_plugin("capa_explorer", 1) ``` Example of where I am using this: https://github.com/Ana06/idapython/blob/master/idapythonrc.py#L22
2026-02-04 19:12:01 -08:00 · 2021-05-04 15:53:40 +02:00
parent 7922d08fd4
commit 2158be0a2e
4 changed files with 14 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ It includes many new rules, including all new techniques introduced in MITRE ATT
 - show-features: don't show features from library functions #569 @williballenthin
 - linter: summarize results at the end #571 @williballenthin
 - linter: check for `or` with always true child statement, e.g. `optional`, colors #348 @mr-tz
+- explorer: add argument to control whether to automatically analyze when running capa explorer #548 @Ana06

 ### Breaking Changes

--- a/capa/ida/plugin/README.md
+++ b/capa/ida/plugin/README.md
@@ -79,6 +79,7 @@ You can install capa explorer using the following steps:

 1. Open IDA and analyze a supported file type (select the `Manual Load` and `Load Resources` options in IDA for best results)
 2. Open capa explorer in IDA by navigating to `Edit > Plugins > FLARE capa explorer` or using the keyboard shortcut `Alt+F5`
+   You can also use `ida_loader.load_and_run_plugin("capa_explorer", arg)`. `arg` is a bitflag for which setting the LSB enables automatic analysis. See `capa.ida.plugin.form.Options` for more details.
 3. Select the `Program Analysis` tab
 4. Click the `Analyze` button

--- a/capa/ida/plugin/init.py
+++ b/capa/ida/plugin/init.py
@@ -54,8 +54,14 @@ class CapaExplorerPlugin(idaapi.plugin_t):
        pass

    def run(self, arg):
-        """called when IDA is running the plugin as a script"""
-        self.form = CapaExplorerForm(self.PLUGIN_NAME)
+        """
+        called when IDA is running the plugin as a script
+
+        args:
+          arg (int): bitflag. Setting LSB enables automatic analysis upon
+          loading. The other bits are currently undefined. See `form.Options`.
+        """
+        self.form = CapaExplorerForm(self.PLUGIN_NAME, arg)
        return True


--- a/capa/ida/plugin/form.py
+++ b/capa/ida/plugin/form.py
@@ -230,7 +230,7 @@ class CapaSettingsInputDialog(QtWidgets.QDialog):
 class CapaExplorerForm(idaapi.PluginForm):
    """form element for plugin interface"""

-    def __init__(self, name):
+    def __init__(self, name, option=0):
        """initialize form elements"""
        super(CapaExplorerForm, self).__init__()

@@ -278,6 +278,9 @@ class CapaExplorerForm(idaapi.PluginForm):

        self.Show()

+        if option == 1:
+            self.analyze_program()
+
    def OnCreate(self, form):
        """called when plugin form is created