diff --git a/capa/ida/ida_capa_explorer.py b/capa/ida/ida_capa_explorer.py index 20757fc3..3230668c 100644 --- a/capa/ida/ida_capa_explorer.py +++ b/capa/ida/ida_capa_explorer.py @@ -345,7 +345,7 @@ class CapaExplorerForm(idaapi.PluginForm): capabilities, counts = capa.main.find_capabilities( rules, capa.features.extractors.ida.IdaFeatureExtractor(), True ) - meta.update(counts) + meta["analysis"].update(counts) # support binary files specifically for x86/AMD64 shellcode # warn user binary file is loaded but still allow capa to process it diff --git a/capa/main.py b/capa/main.py index 23fe4b4e..c883786a 100644 --- a/capa/main.py +++ b/capa/main.py @@ -96,11 +96,11 @@ def find_capabilities(ruleset, extractor, disable_progress=None): all_function_matches = collections.defaultdict(list) all_bb_matches = collections.defaultdict(list) - meta = {"counts": {"file": 0, "functions": {},}} + meta = {"feature_counts": {"file": 0, "functions": {},}} for f in tqdm.tqdm(extractor.get_functions(), disable=disable_progress, unit=" functions"): function_matches, bb_matches, feature_count = find_function_capabilities(ruleset, extractor, f) - meta["counts"]["functions"][f.__int__()] = feature_count + meta["feature_counts"]["functions"][f.__int__()] = feature_count logger.debug("analyzed function 0x%x and extracted %d features", f.__int__(), feature_count) for rule_name, res in function_matches.items(): @@ -116,7 +116,7 @@ def find_capabilities(ruleset, extractor, disable_progress=None): } all_file_matches, feature_count = find_file_capabilities(ruleset, extractor, function_features) - meta["counts"]["file"] = feature_count + meta["feature_counts"]["file"] = feature_count matches = {} matches.update(all_bb_matches) @@ -492,7 +492,7 @@ def main(argv=None): meta = collect_metadata(argv, args.sample, format, extractor) capabilities, counts = find_capabilities(rules, extractor) - meta.update(counts) + meta["analysis"].update(counts) if has_file_limitation(rules, capabilities): # bail if capa encountered file limitation e.g. a packed binary @@ -552,7 +552,7 @@ def ida_main(): meta = capa.ida.helpers.collect_metadata() capabilities, counts = find_capabilities(rules, capa.features.extractors.ida.IdaFeatureExtractor()) - meta.update(counts) + meta["analysis"].update(counts) if has_file_limitation(rules, capabilities, is_standalone=False): capa.ida.helpers.inform_user_ida_ui("capa encountered warnings during analysis") diff --git a/capa/render/verbose.py b/capa/render/verbose.py index 65dac839..e680129b 100644 --- a/capa/render/verbose.py +++ b/capa/render/verbose.py @@ -46,8 +46,8 @@ def render_meta(ostream, doc): ("format", doc["meta"]["analysis"]["format"]), ("extractor", doc["meta"]["analysis"]["extractor"]), ("base address", hex(doc["meta"]["analysis"]["base_address"])), - ("function count", len(doc["meta"]["counts"]["functions"])), - ("total feature count", doc["meta"]["counts"]["file"] + sum(doc["meta"]["counts"]["functions"].values())), + ("function count", len(doc["meta"]["analysis"]["feature_counts"]["functions"])), + ("total feature count", doc["meta"]["analysis"]["feature_counts"]["file"] + sum(doc["meta"]["analysis"]["feature_counts"]["functions"].values())), ] ostream.writeln(tabulate.tabulate(rows, tablefmt="plain")) diff --git a/capa/render/vverbose.py b/capa/render/vverbose.py index 510c832c..fd7a6661 100644 --- a/capa/render/vverbose.py +++ b/capa/render/vverbose.py @@ -169,7 +169,7 @@ def render_functions(ostream, doc): matches_by_function[va].add(rule["meta"]["name"]) ostream.writeln("## functions") - for va, feature_count in sorted(doc["meta"]["counts"]["functions"].items()): + for va, feature_count in sorted(doc["meta"]["analysis"]["feature_counts"]["functions"].items()): va = int(va) ostream.write("function at 0x%X with %d features: " % (va, feature_count)) if not matches_by_function.get(va, {}):