From d8c28e80eb159d68454f0c3ba4a166d97ac08cbd Mon Sep 17 00:00:00 2001 From: Yacine Elhamer Date: Fri, 21 Jul 2023 15:50:09 +0100 Subject: [PATCH] add get_sample_hashes() to elf extractor --- capa/features/extractors/elffile.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/capa/features/extractors/elffile.py b/capa/features/extractors/elffile.py index dbe9475b..7e2249e0 100644 --- a/capa/features/extractors/elffile.py +++ b/capa/features/extractors/elffile.py @@ -16,7 +16,7 @@ import capa.features.extractors.common from capa.features.file import Import, Section from capa.features.common import OS, FORMAT_ELF, Arch, Format, Feature from capa.features.address import NO_ADDRESS, FileOffsetAddress, AbsoluteVirtualAddress -from capa.features.extractors.base_extractor import StaticFeatureExtractor +from capa.features.extractors.base_extractor import SampleHashes, StaticFeatureExtractor logger = logging.getLogger(__name__) @@ -112,6 +112,7 @@ class ElfFeatureExtractor(StaticFeatureExtractor): super().__init__() self.path: Path = path self.elf = ELFFile(io.BytesIO(path.read_bytes())) + self.sample_hashes = SampleHashes.from_bytes(self.path.read_bytes()) def get_base_address(self): # virtual address of the first segment with type LOAD @@ -119,6 +120,9 @@ class ElfFeatureExtractor(StaticFeatureExtractor): if segment.header.p_type == "PT_LOAD": return AbsoluteVirtualAddress(segment.header.p_vaddr) + def get_sample_hashes(self) -> SampleHashes: + return self.sample_hashes + def extract_global_features(self): buf = self.path.read_bytes()