Merge branch 'feature-701' of github.com:fireeye/capa into feature-701

2026-02-04 11:07:53 -08:00 · 2021-08-20 14:56:53 -06:00
parent 04cc94a450 dae7be076d
commit 3eaeb533e9
3 changed files with 14 additions and 9 deletions
--- a/capa/features/extractors/elf.py
+++ b/capa/features/extractors/elf.py
@@ -11,7 +11,7 @@ def align(v, alignment):
    if remainder == 0:
        return v
    else:
-        return v + remainder
+        return v + (alignment - remainder)


 class CorruptElfFile(ValueError):
--- a/capa/ida/helpers.py
+++ b/capa/ida/helpers.py
@@ -30,11 +30,12 @@ SUPPORTED_IDA_VERSIONS = [
    "7.6",
 ]

-# file type names as returned by idaapi.get_file_type_name()
+# file type names as returned by idainfo.file_type
 SUPPORTED_FILE_TYPES = [
-    "Portable executable for 80386 (PE)",
-    "Portable executable for AMD64 (PE)",
-    "Binary file",  # x86/AMD64 shellcode support
+    idaapi.f_PE,
+    idaapi.f_ELF,
+    # idaapi.f_MACHO,
+    idaapi.f_BIN,
 ]


@@ -55,10 +56,10 @@ def is_supported_ida_version():


 def is_supported_file_type():
-    file_type = idaapi.get_file_type_name()
-    if file_type not in SUPPORTED_FILE_TYPES:
+    file_info = idaapi.get_inf_structure()
+    if file_info.filetype not in SUPPORTED_FILE_TYPES:
        logger.error("-" * 80)
-        logger.error(" Input file does not appear to be a PE file.")
+        logger.error(" Input file does not appear to be a supported file type.")
        logger.error(" ")
        logger.error(
            " capa currently only supports analyzing PE files (or binary files containing x86/AMD64 shellcode) with IDA."
--- a/capa/ida/plugin/view.py
+++ b/capa/ida/plugin/view.py
@@ -1007,7 +1007,11 @@ class CapaExplorerRulegenFeatures(QtWidgets.QTreeWidget):
                        self.parent_items[feature], (format_feature(feature), format_address(ea)), feature=feature
                    )
            else:
-                ea = eas.pop()
+                if eas:
+                    ea = eas.pop()
+                else:
+                    # some features may not have an address e.g. "format"
+                    ea = ""
                for (i, v) in enumerate((format_feature(feature), format_address(ea))):
                    self.parent_items[feature].setText(i, v)
                self.parent_items[feature].setData(0, 0x100, feature)