From a7678e779eb79799cc8fa1754b6af90dc07b3973 Mon Sep 17 00:00:00 2001 From: William Ballenthin Date: Wed, 11 Aug 2021 14:52:36 -0600 Subject: [PATCH] extractors: smda: extract format and OS characteristics at all scopes --- capa/features/extractors/{viv => }/common.py | 0 capa/features/extractors/smda/extractor.py | 11 +++++++++++ capa/features/extractors/viv/extractor.py | 6 +++--- 3 files changed, 14 insertions(+), 3 deletions(-) rename capa/features/extractors/{viv => }/common.py (100%) diff --git a/capa/features/extractors/viv/common.py b/capa/features/extractors/common.py similarity index 100% rename from capa/features/extractors/viv/common.py rename to capa/features/extractors/common.py diff --git a/capa/features/extractors/smda/extractor.py b/capa/features/extractors/smda/extractor.py index b4355d8f..2f7443aa 100644 --- a/capa/features/extractors/smda/extractor.py +++ b/capa/features/extractors/smda/extractor.py @@ -1,5 +1,6 @@ from smda.common.SmdaReport import SmdaReport +import capa.features.extractors.common import capa.features.extractors.smda.file import capa.features.extractors.smda.insn import capa.features.extractors.smda.function @@ -12,6 +13,12 @@ class SmdaFeatureExtractor(FeatureExtractor): super(SmdaFeatureExtractor, self).__init__() self.smda_report = smda_report self.path = path + with open(self.path, "rb") as f: + self.buf = f.read() + + self.global_features = [] + self.global_features.extend(capa.features.extractors.common.extract_os(self.buf)) + self.global_features.extend(capa.features.extractors.common.extract_format(self.buf)) def get_base_address(self): return self.smda_report.base_addr @@ -19,6 +26,7 @@ class SmdaFeatureExtractor(FeatureExtractor): def extract_file_features(self): for feature, va in capa.features.extractors.smda.file.extract_features(self.smda_report, self.path): yield feature, va + yield from self.global_features def get_functions(self): for function in self.smda_report.getFunctions(): @@ -27,6 +35,7 @@ class SmdaFeatureExtractor(FeatureExtractor): def extract_function_features(self, f): for feature, va in capa.features.extractors.smda.function.extract_features(f): yield feature, va + yield from self.global_features def get_basic_blocks(self, f): for bb in f.getBlocks(): @@ -35,6 +44,7 @@ class SmdaFeatureExtractor(FeatureExtractor): def extract_basic_block_features(self, f, bb): for feature, va in capa.features.extractors.smda.basicblock.extract_features(f, bb): yield feature, va + yield from self.global_features def get_instructions(self, f, bb): for smda_ins in bb.getInstructions(): @@ -43,3 +53,4 @@ class SmdaFeatureExtractor(FeatureExtractor): def extract_insn_features(self, f, bb, insn): for feature, va in capa.features.extractors.smda.insn.extract_features(f, bb, insn): yield feature, va + yield from self.global_features diff --git a/capa/features/extractors/viv/extractor.py b/capa/features/extractors/viv/extractor.py index ae8aa4fb..f6960390 100644 --- a/capa/features/extractors/viv/extractor.py +++ b/capa/features/extractors/viv/extractor.py @@ -10,9 +10,9 @@ import logging import viv_utils import viv_utils.flirt +import capa.features.extractors.common import capa.features.extractors.viv.file import capa.features.extractors.viv.insn -import capa.features.extractors.viv.common import capa.features.extractors.viv.function import capa.features.extractors.viv.basicblock from capa.features.extractors.base_extractor import FeatureExtractor @@ -42,8 +42,8 @@ class VivisectFeatureExtractor(FeatureExtractor): self.buf = f.read() self.global_features = [] - self.global_features.extend(capa.features.extractors.viv.common.extract_os(self.buf)) - self.global_features.extend(capa.features.extractors.viv.common.extract_format(self.buf)) + self.global_features.extend(capa.features.extractors.common.extract_os(self.buf)) + self.global_features.extend(capa.features.extractors.common.extract_format(self.buf)) def get_base_address(self): # assume there is only one file loaded into the vw