gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 07:10:29 -08:00
Code Issues Packages Projects Releases Wiki Activity

adding IDA extractor code to resolve nested data references for string and bytes features

Browse Source
This commit is contained in:
Michael Hunhoff
2020-08-10 15:01:16 -06:00
parent f7cd52826e
commit 79d94144c6
3 changed files with 43 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tests/test_ida_features.py
View File

@@ -100,6 +100,13 @@ def test_string_features():
assert capa.features.String("bcrypt.dll") not in features
@pytest.mark.skip(reason="IDA Pro tests must be run within IDA")
def test_string_pointer_features():
f = get_extractor().get_function(0x0044EDEF)
features = extract_function_features(f)
assert capa.features.String("INPUTEVENT") in features
@pytest.mark.skip(reason="IDA Pro tests must be run within IDA")
def test_byte_features():
f = get_extractor().get_function(0x40105D)
@@ -109,6 +116,13 @@ def test_byte_features():
assert wanted.evaluate(features) == True
@pytest.mark.skip(reason="IDA Pro tests must be run within IDA")
def test_bytes_pointer_features():
f = get_extractor().get_function(0x0044EDEF)
features = extract_function_features(f)
assert capa.features.Bytes("INPUTEVENT".encode("utf-16le")).evaluate(features) == True
@pytest.mark.skip(reason="IDA Pro tests must be run within IDA")
def test_number_features():
f = get_extractor().get_function(0x40105D)