From b4a808ac76a48713fce72705dbbeddce715067c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ana=20Mar=C3=ADa=20Mart=C3=ADnez=20G=C3=B3mez?= Date: Wed, 19 Aug 2020 23:02:34 +0200 Subject: [PATCH] extractors: Implement get_functions in miasm Implement `get_functions` in `MiasmFeatureExtractor`. It is a proof of concept, which just considers all loc_keys targets of calls a function. This is enough to test feature extraction against the functions. A final version should include other function recognition techniques and be ported to miasm. --- capa/features/extractors/miasm/__init__.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/capa/features/extractors/miasm/__init__.py b/capa/features/extractors/miasm/__init__.py index 9ac80ce1..b5f2f39e 100644 --- a/capa/features/extractors/miasm/__init__.py +++ b/capa/features/extractors/miasm/__init__.py @@ -28,8 +28,20 @@ class MiasmFeatureExtractor(FeatureExtractor): for feature, va in capa.features.extractors.miasm.file.extract_file_features(self.buf, self.pe): yield feature, va + # TODO: Improve this function (it just considers all loc_keys target of calls a function), port to miasm def get_functions(self): - raise NotImplementedError() + """ + returns all loc_keys which are the argument of any call function + """ + functions = set() + + for block in self.cfg.blocks: + for line in block.lines: + if line.is_subcall() and line.args[0].is_loc(): + loc_key = line.args[0].loc_key + if loc_key not in functions: + functions.add(loc_key) + yield loc_key def extract_function_features(self, f): raise NotImplementedError()