Merge pull request #305 from fireeye/ida_plugin_highlight_regex

ida plugin: highlight regex matches in IDA ui
2026-02-04 19:12:01 -08:00 · 2020-09-10 17:31:55 -06:00
parent 196d394ebd 1cee930055
commit ca47a6ca51
2 changed files with 4 additions and 4 deletions
--- a/capa/ida/plugin/item.py
+++ b/capa/ida/plugin/item.py
@@ -341,12 +341,12 @@ class CapaExplorerByteViewItem(CapaExplorerFeatureItem):
 class CapaExplorerStringViewItem(CapaExplorerFeatureItem):
    """store data for string match"""

-    def __init__(self, parent, display, location):
+    def __init__(self, parent, display, location, value):
        """initialize item

        @param parent: parent node
        @param display: text to display in UI
        @param location: virtual address as seen by IDA
        """
-        super(CapaExplorerStringViewItem, self).__init__(parent, display, location=location)
+        super(CapaExplorerStringViewItem, self).__init__(parent, display, location=location, details=value)
        self.ida_highlight = idc.get_color(location, idc.CIC_ITEM)
--- a/capa/ida/plugin/model.py
+++ b/capa/ida/plugin/model.py
@@ -522,7 +522,7 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):
            )

        if feature["type"] == "regex":
-            return CapaExplorerFeatureItem(parent, display, location, details=feature["match"])
+            return CapaExplorerStringViewItem(parent, display, location, feature["match"])

        if feature["type"] == "basicblock":
            return CapaExplorerBlockItem(parent, location)
@@ -547,7 +547,7 @@ class CapaExplorerDataModel(QtCore.QAbstractItemModel):

        if feature["type"] in ("string",):
            # display string preview
-            return CapaExplorerStringViewItem(parent, display, location)
+            return CapaExplorerStringViewItem(parent, display, location, feature[feature["type"]])

        if feature["type"] in ("import", "export"):
            # display no preview