gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-02-04 19:12:01 -08:00
Code Issues Packages Projects Releases Wiki Activity

type: capa.features.extractors.viv.basicblock

Browse Source
This commit is contained in:
William Ballenthin
2021-06-09 23:12:07 -06:00
parent 3416f7bc61
commit 469e2ff870
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
capa/features/extractors/viv/basicblock.py
View File

@@ -73,7 +73,7 @@ def extract_stackstring(f, bb):
yield Characteristic("stack string"), bb.va
def is_mov_imm_to_stack(instr):
def is_mov_imm_to_stack(instr: envi.archs.i386.disasm.i386Opcode) -> bool:
"""
Return if instruction moves immediate onto stack
"""
@@ -105,7 +105,7 @@ def is_mov_imm_to_stack(instr):
return True
def get_printable_len(oper):
def get_printable_len(oper: envi.archs.i386.disasm.i386ImmOper) -> int:
"""
Return string length if all operand bytes are ascii or utf16-le printable
"""
@@ -128,7 +128,7 @@ def get_printable_len(oper):
return 0
def is_printable_ascii(chars):
def is_printable_ascii(chars: bytes) -> bool:
try:
chars_str = chars.decode("ascii")
except UnicodeDecodeError:
@@ -137,9 +137,10 @@ def is_printable_ascii(chars):
return all(c in string.printable for c in chars_str)
def is_printable_utf16le(chars):
def is_printable_utf16le(chars: bytes) -> bool:
if all(c == b"\x00" for c in chars[1::2]):
return is_printable_ascii(chars[::2])
return False
def extract_features(f, bb):