gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 07:10:29 -08:00
Code Issues Packages Projects Releases Wiki Activity

update viv dependencies and fix (#1342)

Browse Source 
* update dependencies and fix

* pyinstaller: add hook for new viv pas

* pyinstaller: hooks: remove duplicate entries and old analysis pass

* Update setup.py

* update hidden imports

---------

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
This commit is contained in:
Moritz
2023-04-25 06:34:40 +02:00
committed by GitHub
parent f902add0ce
commit 2401dc785c
4 changed files with 44 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
.github/pyinstaller/hooks/hook-vivisect.py vendored
View File

@@ -38,39 +38,36 @@ hiddenimports = [
"vivisect", "vivisect",
"vivisect.analysis", "vivisect.analysis",
"vivisect.analysis.amd64", "vivisect.analysis.amd64",
"vivisect.analysis.amd64",
"vivisect.analysis.amd64.emulation", "vivisect.analysis.amd64.emulation",
"vivisect.analysis.amd64.golang", "vivisect.analysis.amd64.golang",
"vivisect.analysis.crypto", "vivisect.analysis.crypto",
"vivisect.analysis.crypto",
"vivisect.analysis.crypto.constants", "vivisect.analysis.crypto.constants",
"vivisect.analysis.elf", "vivisect.analysis.elf",
"vivisect.analysis.elf.elfplt", "vivisect.analysis.elf.elfplt",
"vivisect.analysis.elf.elfplt_late", "vivisect.analysis.elf.elfplt_late",
"vivisect.analysis.elf.libc_start_main", "vivisect.analysis.elf.libc_start_main",
"vivisect.analysis.generic", "vivisect.analysis.generic",
"vivisect.analysis.generic",
"vivisect.analysis.generic.codeblocks", "vivisect.analysis.generic.codeblocks",
"vivisect.analysis.generic.emucode", "vivisect.analysis.generic.emucode",
"vivisect.analysis.generic.entrypoints", "vivisect.analysis.generic.entrypoints",
"vivisect.analysis.generic.funcentries", "vivisect.analysis.generic.funcentries",
"vivisect.analysis.generic.impapi", "vivisect.analysis.generic.impapi",
"vivisect.analysis.generic.linker",
"vivisect.analysis.generic.mkpointers", "vivisect.analysis.generic.mkpointers",
"vivisect.analysis.generic.noret",
"vivisect.analysis.generic.pointers", "vivisect.analysis.generic.pointers",
"vivisect.analysis.generic.pointertables", "vivisect.analysis.generic.pointertables",
"vivisect.analysis.generic.relocations", "vivisect.analysis.generic.relocations",
"vivisect.analysis.generic.strconst", "vivisect.analysis.generic.strconst",
"vivisect.analysis.generic.switchcase", "vivisect.analysis.generic.switchcase",
"vivisect.analysis.generic.symswitchcase",
"vivisect.analysis.generic.thunks", "vivisect.analysis.generic.thunks",
"vivisect.analysis.generic.noret",
"vivisect.analysis.i386",
"vivisect.analysis.i386", "vivisect.analysis.i386",
"vivisect.analysis.i386.calling", "vivisect.analysis.i386.calling",
"vivisect.analysis.i386.golang", "vivisect.analysis.i386.golang",
"vivisect.analysis.i386.importcalls", "vivisect.analysis.i386.importcalls",
"vivisect.analysis.i386.instrhook", "vivisect.analysis.i386.instrhook",
"vivisect.analysis.i386.thunk_bx", "vivisect.analysis.i386.thunk_reg",
"vivisect.analysis.ms",
"vivisect.analysis.ms", "vivisect.analysis.ms",
"vivisect.analysis.ms.hotpatch", "vivisect.analysis.ms.hotpatch",
"vivisect.analysis.ms.localhints", "vivisect.analysis.ms.localhints",
@@ -81,8 +78,40 @@ hiddenimports = [
"vivisect.impapi.posix.amd64", "vivisect.impapi.posix.amd64",
"vivisect.impapi.posix.i386", "vivisect.impapi.posix.i386",
"vivisect.impapi.windows", "vivisect.impapi.windows",
"vivisect.impapi.windows.advapi_32",
"vivisect.impapi.windows.advapi_64",
"vivisect.impapi.windows.amd64", "vivisect.impapi.windows.amd64",
"vivisect.impapi.windows.gdi_32",
"vivisect.impapi.windows.gdi_64",
"vivisect.impapi.windows.i386", "vivisect.impapi.windows.i386",
"vivisect.impapi.windows.kernel_32",
"vivisect.impapi.windows.kernel_64",
"vivisect.impapi.windows.msvcr100_32",
"vivisect.impapi.windows.msvcr100_64",
"vivisect.impapi.windows.msvcr110_32",
"vivisect.impapi.windows.msvcr110_64",
"vivisect.impapi.windows.msvcr120_32",
"vivisect.impapi.windows.msvcr120_64",
"vivisect.impapi.windows.msvcr71_32",
"vivisect.impapi.windows.msvcr80_32",
"vivisect.impapi.windows.msvcr80_64",
"vivisect.impapi.windows.msvcr90_32",
"vivisect.impapi.windows.msvcr90_64",
"vivisect.impapi.windows.msvcrt_32",
"vivisect.impapi.windows.msvcrt_64",
"vivisect.impapi.windows.ntdll_32",
"vivisect.impapi.windows.ntdll_64",
"vivisect.impapi.windows.ole_32",
"vivisect.impapi.windows.ole_64",
"vivisect.impapi.windows.rpcrt4_32",
"vivisect.impapi.windows.rpcrt4_64",
"vivisect.impapi.windows.shell_32",
"vivisect.impapi.windows.shell_64",
"vivisect.impapi.windows.user_32",
"vivisect.impapi.windows.user_64",
"vivisect.impapi.windows.ws2plus_32",
"vivisect.impapi.windows.ws2plus_64",
"vivisect.impapi.winkern",
"vivisect.impapi.winkern.i386", "vivisect.impapi.winkern.i386",
"vivisect.impapi.winkern.amd64", "vivisect.impapi.winkern.amd64",
"vivisect.parsers.blob", "vivisect.parsers.blob",

1
CHANGELOG.md
View File

@@ -13,6 +13,7 @@
- -
### Bug Fixes ### Bug Fixes
- extractor: update vivisect Arch extraction #1334 @mr-tz
- extractor: avoid Binary Ninja exception when analyzing certain files #1441 @xusheng6 - extractor: avoid Binary Ninja exception when analyzing certain files #1441 @xusheng6
- symtab: fix struct.unpack() format for 64-bit ELF files @yelhamer - symtab: fix struct.unpack() format for 64-bit ELF files @yelhamer

8
capa/features/extractors/viv/global_.py
View File

@@ -1,9 +1,6 @@
import logging import logging
from typing import Tuple, Iterator from typing import Tuple, Iterator
import envi.archs.i386
import envi.archs.amd64
from capa.features.common import ARCH_I386, ARCH_AMD64, Arch, Feature from capa.features.common import ARCH_I386, ARCH_AMD64, Arch, Feature
from capa.features.address import NO_ADDRESS, Address from capa.features.address import NO_ADDRESS, Address
@@ -11,10 +8,11 @@ logger = logging.getLogger(__name__)
def extract_arch(vw) -> Iterator[Tuple[Feature, Address]]: def extract_arch(vw) -> Iterator[Tuple[Feature, Address]]:
if isinstance(vw.arch, envi.archs.amd64.Amd64Module): arch = vw.getMeta("Architecture")
if arch == "amd64":
yield Arch(ARCH_AMD64), NO_ADDRESS yield Arch(ARCH_AMD64), NO_ADDRESS
elif isinstance(vw.arch, envi.archs.i386.i386Module): elif arch == "i386":
yield Arch(ARCH_I386), NO_ADDRESS yield Arch(ARCH_I386), NO_ADDRESS
else: else:

6
setup.py
View File

@@ -18,12 +18,12 @@ requirements = [
"termcolor==2.2.0", "termcolor==2.2.0",
"wcwidth==0.2.6", "wcwidth==0.2.6",
"ida-settings==2.1.0", "ida-settings==2.1.0",
"viv-utils[flirt]==0.7.7", "viv-utils[flirt]==0.7.9",
"halo==0.0.31", "halo==0.0.31",
"networkx==2.5.1", # newer versions no longer support py3.7. "networkx==2.5.1", # newer versions no longer support py3.7.
"ruamel.yaml==0.17.21", "ruamel.yaml==0.17.21",
"vivisect==1.0.8", "vivisect==1.1.1",
"pefile==2022.5.30", "pefile==2023.2.7",
"pyelftools==0.29", "pyelftools==0.29",
"dnfile==0.13.0", "dnfile==0.13.0",
"dncil==1.0.2", "dncil==1.0.2",