gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-02-04 11:07:53 -08:00
Code Issues Packages Projects Releases Wiki Activity

add get_sample_hashes() to elf extractor

Browse Source
This commit is contained in:
Yacine Elhamer
2023-07-21 15:50:09 +01:00
parent 344b3e9931
commit d8c28e80eb
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
capa/features/extractors/elffile.py
View File

@@ -16,7 +16,7 @@ import capa.features.extractors.common
from capa.features.file import Import, Section
from capa.features.common import OS, FORMAT_ELF, Arch, Format, Feature
from capa.features.address import NO_ADDRESS, FileOffsetAddress, AbsoluteVirtualAddress
from capa.features.extractors.base_extractor import StaticFeatureExtractor
from capa.features.extractors.base_extractor import SampleHashes, StaticFeatureExtractor
logger = logging.getLogger(__name__)
@@ -112,6 +112,7 @@ class ElfFeatureExtractor(StaticFeatureExtractor):
super().__init__()
self.path: Path = path
self.elf = ELFFile(io.BytesIO(path.read_bytes()))
self.sample_hashes = SampleHashes.from_bytes(self.path.read_bytes())
def get_base_address(self):
# virtual address of the first segment with type LOAD
@@ -119,6 +120,9 @@ class ElfFeatureExtractor(StaticFeatureExtractor):
if segment.header.p_type == "PT_LOAD":
return AbsoluteVirtualAddress(segment.header.p_vaddr)
def get_sample_hashes(self) -> SampleHashes:
return self.sample_hashes
def extract_global_features(self):
buf = self.path.read_bytes()