From 3cb7573edb4d93ac9e9499e3a6ec818f91b57de2 Mon Sep 17 00:00:00 2001 From: Michael Hunhoff Date: Thu, 19 Aug 2021 13:06:43 -0600 Subject: [PATCH] enable os/arch/format for capa explorer --- capa/ida/helpers.py | 15 ++++++++------- capa/ida/plugin/view.py | 6 +++++- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/capa/ida/helpers.py b/capa/ida/helpers.py index 800d1383..8cc6d894 100644 --- a/capa/ida/helpers.py +++ b/capa/ida/helpers.py @@ -30,11 +30,12 @@ SUPPORTED_IDA_VERSIONS = [ "7.6", ] -# file type names as returned by idaapi.get_file_type_name() +# file type names as returned by idainfo.file_type SUPPORTED_FILE_TYPES = [ - "Portable executable for 80386 (PE)", - "Portable executable for AMD64 (PE)", - "Binary file", # x86/AMD64 shellcode support + idaapi.f_PE, + idaapi.f_ELF, + # idaapi.f_MACHO, + idaapi.f_BIN, ] @@ -55,10 +56,10 @@ def is_supported_ida_version(): def is_supported_file_type(): - file_type = idaapi.get_file_type_name() - if file_type not in SUPPORTED_FILE_TYPES: + file_info = idaapi.get_inf_structure() + if file_info.filetype not in SUPPORTED_FILE_TYPES: logger.error("-" * 80) - logger.error(" Input file does not appear to be a PE file.") + logger.error(" Input file does not appear to be a supported file type.") logger.error(" ") logger.error( " capa currently only supports analyzing PE files (or binary files containing x86/AMD64 shellcode) with IDA." diff --git a/capa/ida/plugin/view.py b/capa/ida/plugin/view.py index 3f13b89d..3986114a 100644 --- a/capa/ida/plugin/view.py +++ b/capa/ida/plugin/view.py @@ -1007,7 +1007,11 @@ class CapaExplorerRulegenFeatures(QtWidgets.QTreeWidget): self.parent_items[feature], (format_feature(feature), format_address(ea)), feature=feature ) else: - ea = eas.pop() + if eas: + ea = eas.pop() + else: + # some features may not have an address e.g. "format" + ea = "" for (i, v) in enumerate((format_feature(feature), format_address(ea))): self.parent_items[feature].setText(i, v) self.parent_items[feature].setData(0, 0x100, feature)