mirror of
https://github.com/mandiant/capa.git
synced 2025-12-22 07:10:29 -08:00
update viv dependencies and fix (#1342)
* update dependencies and fix * pyinstaller: add hook for new viv pas * pyinstaller: hooks: remove duplicate entries and old analysis pass * Update setup.py * update hidden imports --------- Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
This commit is contained in:
Moritz
43
.github/pyinstaller/hooks/hook-vivisect.py
vendored
43
.github/pyinstaller/hooks/hook-vivisect.py
vendored
@@ -38,39 +38,36 @@ hiddenimports = [
|
|||||||
"vivisect",
|
"vivisect",
|
||||||
"vivisect.analysis",
|
"vivisect.analysis",
|
||||||
"vivisect.analysis.amd64",
|
"vivisect.analysis.amd64",
|
||||||
"vivisect.analysis.amd64",
|
|
||||||
"vivisect.analysis.amd64.emulation",
|
"vivisect.analysis.amd64.emulation",
|
||||||
"vivisect.analysis.amd64.golang",
|
"vivisect.analysis.amd64.golang",
|
||||||
"vivisect.analysis.crypto",
|
"vivisect.analysis.crypto",
|
||||||
"vivisect.analysis.crypto",
|
|
||||||
"vivisect.analysis.crypto.constants",
|
"vivisect.analysis.crypto.constants",
|
||||||
"vivisect.analysis.elf",
|
"vivisect.analysis.elf",
|
||||||
"vivisect.analysis.elf.elfplt",
|
"vivisect.analysis.elf.elfplt",
|
||||||
"vivisect.analysis.elf.elfplt_late",
|
"vivisect.analysis.elf.elfplt_late",
|
||||||
"vivisect.analysis.elf.libc_start_main",
|
"vivisect.analysis.elf.libc_start_main",
|
||||||
"vivisect.analysis.generic",
|
"vivisect.analysis.generic",
|
||||||
"vivisect.analysis.generic",
|
|
||||||
"vivisect.analysis.generic.codeblocks",
|
"vivisect.analysis.generic.codeblocks",
|
||||||
"vivisect.analysis.generic.emucode",
|
"vivisect.analysis.generic.emucode",
|
||||||
"vivisect.analysis.generic.entrypoints",
|
"vivisect.analysis.generic.entrypoints",
|
||||||
"vivisect.analysis.generic.funcentries",
|
"vivisect.analysis.generic.funcentries",
|
||||||
"vivisect.analysis.generic.impapi",
|
"vivisect.analysis.generic.impapi",
|
||||||
|
"vivisect.analysis.generic.linker",
|
||||||
"vivisect.analysis.generic.mkpointers",
|
"vivisect.analysis.generic.mkpointers",
|
||||||
|
"vivisect.analysis.generic.noret",
|
||||||
"vivisect.analysis.generic.pointers",
|
"vivisect.analysis.generic.pointers",
|
||||||
"vivisect.analysis.generic.pointertables",
|
"vivisect.analysis.generic.pointertables",
|
||||||
"vivisect.analysis.generic.relocations",
|
"vivisect.analysis.generic.relocations",
|
||||||
"vivisect.analysis.generic.strconst",
|
"vivisect.analysis.generic.strconst",
|
||||||
"vivisect.analysis.generic.switchcase",
|
"vivisect.analysis.generic.switchcase",
|
||||||
|
"vivisect.analysis.generic.symswitchcase",
|
||||||
"vivisect.analysis.generic.thunks",
|
"vivisect.analysis.generic.thunks",
|
||||||
"vivisect.analysis.generic.noret",
|
|
||||||
"vivisect.analysis.i386",
|
|
||||||
"vivisect.analysis.i386",
|
"vivisect.analysis.i386",
|
||||||
"vivisect.analysis.i386.calling",
|
"vivisect.analysis.i386.calling",
|
||||||
"vivisect.analysis.i386.golang",
|
"vivisect.analysis.i386.golang",
|
||||||
"vivisect.analysis.i386.importcalls",
|
"vivisect.analysis.i386.importcalls",
|
||||||
"vivisect.analysis.i386.instrhook",
|
"vivisect.analysis.i386.instrhook",
|
||||||
"vivisect.analysis.i386.thunk_bx",
|
"vivisect.analysis.i386.thunk_reg",
|
||||||
"vivisect.analysis.ms",
|
|
||||||
"vivisect.analysis.ms",
|
"vivisect.analysis.ms",
|
||||||
"vivisect.analysis.ms.hotpatch",
|
"vivisect.analysis.ms.hotpatch",
|
||||||
"vivisect.analysis.ms.localhints",
|
"vivisect.analysis.ms.localhints",
|
||||||
@@ -81,8 +78,40 @@ hiddenimports = [
|
|||||||
"vivisect.impapi.posix.amd64",
|
"vivisect.impapi.posix.amd64",
|
||||||
"vivisect.impapi.posix.i386",
|
"vivisect.impapi.posix.i386",
|
||||||
"vivisect.impapi.windows",
|
"vivisect.impapi.windows",
|
||||||
|
"vivisect.impapi.windows.advapi_32",
|
||||||
|
"vivisect.impapi.windows.advapi_64",
|
||||||
"vivisect.impapi.windows.amd64",
|
"vivisect.impapi.windows.amd64",
|
||||||
|
"vivisect.impapi.windows.gdi_32",
|
||||||
|
"vivisect.impapi.windows.gdi_64",
|
||||||
"vivisect.impapi.windows.i386",
|
"vivisect.impapi.windows.i386",
|
||||||
|
"vivisect.impapi.windows.kernel_32",
|
||||||
|
"vivisect.impapi.windows.kernel_64",
|
||||||
|
"vivisect.impapi.windows.msvcr100_32",
|
||||||
|
"vivisect.impapi.windows.msvcr100_64",
|
||||||
|
"vivisect.impapi.windows.msvcr110_32",
|
||||||
|
"vivisect.impapi.windows.msvcr110_64",
|
||||||
|
"vivisect.impapi.windows.msvcr120_32",
|
||||||
|
"vivisect.impapi.windows.msvcr120_64",
|
||||||
|
"vivisect.impapi.windows.msvcr71_32",
|
||||||
|
"vivisect.impapi.windows.msvcr80_32",
|
||||||
|
"vivisect.impapi.windows.msvcr80_64",
|
||||||
|
"vivisect.impapi.windows.msvcr90_32",
|
||||||
|
"vivisect.impapi.windows.msvcr90_64",
|
||||||
|
"vivisect.impapi.windows.msvcrt_32",
|
||||||
|
"vivisect.impapi.windows.msvcrt_64",
|
||||||
|
"vivisect.impapi.windows.ntdll_32",
|
||||||
|
"vivisect.impapi.windows.ntdll_64",
|
||||||
|
"vivisect.impapi.windows.ole_32",
|
||||||
|
"vivisect.impapi.windows.ole_64",
|
||||||
|
"vivisect.impapi.windows.rpcrt4_32",
|
||||||
|
"vivisect.impapi.windows.rpcrt4_64",
|
||||||
|
"vivisect.impapi.windows.shell_32",
|
||||||
|
"vivisect.impapi.windows.shell_64",
|
||||||
|
"vivisect.impapi.windows.user_32",
|
||||||
|
"vivisect.impapi.windows.user_64",
|
||||||
|
"vivisect.impapi.windows.ws2plus_32",
|
||||||
|
"vivisect.impapi.windows.ws2plus_64",
|
||||||
|
"vivisect.impapi.winkern",
|
||||||
"vivisect.impapi.winkern.i386",
|
"vivisect.impapi.winkern.i386",
|
||||||
"vivisect.impapi.winkern.amd64",
|
"vivisect.impapi.winkern.amd64",
|
||||||
"vivisect.parsers.blob",
|
"vivisect.parsers.blob",
|
||||||
|
|||||||
@@ -13,6 +13,7 @@
|
|||||||
-
|
-
|
||||||
|
|
||||||
### Bug Fixes
|
### Bug Fixes
|
||||||
|
- extractor: update vivisect Arch extraction #1334 @mr-tz
|
||||||
|
|
||||||
- extractor: avoid Binary Ninja exception when analyzing certain files #1441 @xusheng6
|
- extractor: avoid Binary Ninja exception when analyzing certain files #1441 @xusheng6
|
||||||
- symtab: fix struct.unpack() format for 64-bit ELF files @yelhamer
|
- symtab: fix struct.unpack() format for 64-bit ELF files @yelhamer
|
||||||
@@ -75,7 +76,7 @@ Thanks for all the support, especially to @xusheng6, @captainGeech42, @ggold7046
|
|||||||
- extractor: removed '.dynsym' as the library name for ELF imports #1318 @stevemk14ebr
|
- extractor: removed '.dynsym' as the library name for ELF imports #1318 @stevemk14ebr
|
||||||
- extractor: fix vivisect loop detection corner case #1310 @mr-tz
|
- extractor: fix vivisect loop detection corner case #1310 @mr-tz
|
||||||
- match: extend OS characteristic to match OS_ANY to all supported OSes #1324 @mike-hunhoff
|
- match: extend OS characteristic to match OS_ANY to all supported OSes #1324 @mike-hunhoff
|
||||||
- extractor: fix IDA and vivisect string and bytes features overlap and tests #1327 #1336 @xusheng6
|
- extractor: fix IDA and vivisect string and bytes features overlap and tests #1327 #1336 @xusheng6
|
||||||
|
|
||||||
### capa explorer IDA Pro plugin
|
### capa explorer IDA Pro plugin
|
||||||
- fix exception when plugin loaded in IDA hosted under idat #1341 @mike-hunhoff
|
- fix exception when plugin loaded in IDA hosted under idat #1341 @mike-hunhoff
|
||||||
|
|||||||
@@ -1,9 +1,6 @@
|
|||||||
import logging
|
import logging
|
||||||
from typing import Tuple, Iterator
|
from typing import Tuple, Iterator
|
||||||
|
|
||||||
import envi.archs.i386
|
|
||||||
import envi.archs.amd64
|
|
||||||
|
|
||||||
from capa.features.common import ARCH_I386, ARCH_AMD64, Arch, Feature
|
from capa.features.common import ARCH_I386, ARCH_AMD64, Arch, Feature
|
||||||
from capa.features.address import NO_ADDRESS, Address
|
from capa.features.address import NO_ADDRESS, Address
|
||||||
|
|
||||||
@@ -11,10 +8,11 @@ logger = logging.getLogger(__name__)
|
|||||||
|
|
||||||
|
|
||||||
def extract_arch(vw) -> Iterator[Tuple[Feature, Address]]:
|
def extract_arch(vw) -> Iterator[Tuple[Feature, Address]]:
|
||||||
if isinstance(vw.arch, envi.archs.amd64.Amd64Module):
|
arch = vw.getMeta("Architecture")
|
||||||
|
if arch == "amd64":
|
||||||
yield Arch(ARCH_AMD64), NO_ADDRESS
|
yield Arch(ARCH_AMD64), NO_ADDRESS
|
||||||
|
|
||||||
elif isinstance(vw.arch, envi.archs.i386.i386Module):
|
elif arch == "i386":
|
||||||
yield Arch(ARCH_I386), NO_ADDRESS
|
yield Arch(ARCH_I386), NO_ADDRESS
|
||||||
|
|
||||||
else:
|
else:
|
||||||
|
|||||||
6
setup.py
6
setup.py
@@ -18,12 +18,12 @@ requirements = [
|
|||||||
"termcolor==2.2.0",
|
"termcolor==2.2.0",
|
||||||
"wcwidth==0.2.6",
|
"wcwidth==0.2.6",
|
||||||
"ida-settings==2.1.0",
|
"ida-settings==2.1.0",
|
||||||
"viv-utils[flirt]==0.7.7",
|
"viv-utils[flirt]==0.7.9",
|
||||||
"halo==0.0.31",
|
"halo==0.0.31",
|
||||||
"networkx==2.5.1", # newer versions no longer support py3.7.
|
"networkx==2.5.1", # newer versions no longer support py3.7.
|
||||||
"ruamel.yaml==0.17.21",
|
"ruamel.yaml==0.17.21",
|
||||||
"vivisect==1.0.8",
|
"vivisect==1.1.1",
|
||||||
"pefile==2022.5.30",
|
"pefile==2023.2.7",
|
||||||
"pyelftools==0.29",
|
"pyelftools==0.29",
|
||||||
"dnfile==0.13.0",
|
"dnfile==0.13.0",
|
||||||
"dncil==1.0.2",
|
"dncil==1.0.2",
|
||||||
|
|||||||
Reference in New Issue
Block a user