gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-21 14:50:33 -08:00
Code Issues Packages Projects Releases Wiki Activity

extractors: viv: match flirt signatures [wip]

Browse Source
This commit is contained in:
William Ballenthin
2021-02-25 12:21:27 -07:00
parent 1b2c8880ee
commit bfcae0e754
3 changed files with 206 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
tests/test_function_id.py Normal file
View File

@@ -0,0 +1,25 @@
import capa.features.insn
from fixtures import pma16_01_extractor, get_function, extract_function_features
def test_function_id_alloca_probe(pma16_01_extractor):
assert pma16_01_extractor.is_library_function(0x403970) == True
assert pma16_01_extractor.get_function_name(0x403970) == "__alloca_probe"
def test_function_id_spawnlp(pma16_01_extractor):
# 0x405714 is __spawnlp which requires recursive match of __spawnvp at 0x407FAB
# (and __spawnvpe at 0x409DE8)
assert pma16_01_extractor.is_library_function(0x405714) == True
assert pma16_01_extractor.get_function_name(0x405714) == "__spawnlp"
def test_function_id_api_feature(pma16_01_extractor):
f = get_function(pma16_01_extractor, 0x4011D0)
features = extract_function_features(pma16_01_extractor, f)
for feature in features.keys():
print(feature)
assert capa.features.insn.API("__alloca_probe") in features