diff --git a/capa/features/freeze.py b/capa/features/freeze.py index 2e6ff8ee..3d57b76e 100644 --- a/capa/features/freeze.py +++ b/capa/features/freeze.py @@ -264,6 +264,14 @@ def main(argv=None): parser.add_argument( "-f", "--format", choices=[f[0] for f in formats], default="auto", help="Select sample format, %s" % format_help ) + parser.add_argument( + "-b", + "--backend", + type=str, + help="select the backend to use in Python 3 (this option is ignored in Python 2)", + choices=(capa.main.BACKEND_VIV, capa.main.BACKEND_SMDA), + default=capa.main.BACKEND_VIV, + ) args = parser.parse_args(args=argv) if args.quiet: @@ -276,7 +284,7 @@ def main(argv=None): logging.basicConfig(level=logging.INFO) logging.getLogger().setLevel(logging.INFO) - extractor = capa.main.get_extractor(args.sample, args.format) + extractor = capa.main.get_extractor(args.sample, args.format, args.backend) with open(args.output, "wb") as f: f.write(dump(extractor)) diff --git a/capa/main.py b/capa/main.py index 9cbbceb4..f80319f1 100644 --- a/capa/main.py +++ b/capa/main.py @@ -335,7 +335,7 @@ def get_extractor_py3(path, format, backend, disable_progress=False): return capa.features.extractors.viv.VivisectFeatureExtractor(vw, path) -def get_extractor(path, format, backend=BACKEND_VIV, disable_progress=False): +def get_extractor(path, format, backend, disable_progress=False): """ raises: UnsupportedFormatError: diff --git a/scripts/bulk-process.py b/scripts/bulk-process.py index 75ebaab9..65f7c66f 100644 --- a/scripts/bulk-process.py +++ b/scripts/bulk-process.py @@ -95,7 +95,7 @@ def get_capa_results(args): rules, format, path = args logger.info("computing capa results for: %s", path) try: - extractor = capa.main.get_extractor(path, format, disable_progress=True) + extractor = capa.main.get_extractor(path, format, capa.main.BACKEND_VIV, disable_progress=True) except capa.main.UnsupportedFormatError: # i'm 100% sure if multiprocessing will reliably raise exceptions across process boundaries. # so instead, return an object with explicit success/failure status. diff --git a/scripts/capa_as_library.py b/scripts/capa_as_library.py index 9a3d9749..587e1437 100644 --- a/scripts/capa_as_library.py +++ b/scripts/capa_as_library.py @@ -191,7 +191,7 @@ def render_dictionary(doc): def capa_details(file_path, output_format="dictionary"): # extract features and find capabilities - extractor = capa.main.get_extractor(file_path, "auto", disable_progress=True) + extractor = capa.main.get_extractor(file_path, "auto", capa.main.BACKEND_VIV, disable_progress=True) capabilities, counts = capa.main.find_capabilities(rules, extractor, disable_progress=True) # collect metadata (used only to make rendering more complete) diff --git a/scripts/lint.py b/scripts/lint.py index 20aae6e0..1e177df9 100644 --- a/scripts/lint.py +++ b/scripts/lint.py @@ -201,7 +201,7 @@ class DoesntMatchExample(Lint): continue try: - extractor = capa.main.get_extractor(path, "auto", disable_progress=True) + extractor = capa.main.get_extractor(path, "auto", capa.main.BACKEND_VIV, disable_progress=True) capabilities, meta = capa.main.find_capabilities(ctx["rules"], extractor, disable_progress=True) except Exception as e: logger.error("failed to extract capabilities: %s %s %s", rule.name, path, e) diff --git a/scripts/show-capabilities-by-function.py b/scripts/show-capabilities-by-function.py index 73ab3da3..a8feb35e 100644 --- a/scripts/show-capabilities-by-function.py +++ b/scripts/show-capabilities-by-function.py @@ -199,7 +199,7 @@ def main(argv=None): else: format = args.format try: - extractor = capa.main.get_extractor(args.sample, args.format) + extractor = capa.main.get_extractor(args.sample, args.format, capa.main.BACKEND_VIV) except capa.main.UnsupportedFormatError: logger.error("-" * 80) logger.error(" Input file does not appear to be a PE file.") diff --git a/scripts/show-features.py b/scripts/show-features.py index 60668686..c8f74de9 100644 --- a/scripts/show-features.py +++ b/scripts/show-features.py @@ -125,7 +125,7 @@ def main(argv=None): extractor = capa.features.freeze.load(f.read()) else: try: - extractor = capa.main.get_extractor(args.sample, args.format) + extractor = capa.main.get_extractor(args.sample, args.format, capa.main.BACKEND_VIV) except capa.main.UnsupportedFormatError: logger.error("-" * 80) logger.error(" Input file does not appear to be a PE file.")