Merge pull request #548 from Ana06/explorer-analyze

explorer: add analyze option

CHANGELOG.md

@@ -18,6 +18,7 @@ It includes many new rules, including all new techniques introduced in MITRE ATT
 - show-features: don't show features from library functions #569 @williballenthin
 - linter: summarize results at the end #571 @williballenthin
 - linter: check for `or` with always true child statement, e.g. `optional`, colors #348 @mr-tz
+- explorer: add argument to control whether to automatically analyze when running capa explorer #548 @Ana06
 
 ### Breaking Changes
 

capa/ida/plugin/README.md

@@ -79,6 +79,7 @@ You can install capa explorer using the following steps:
 
 1. Open IDA and analyze a supported file type (select the `Manual Load` and `Load Resources` options in IDA for best results)
 2. Open capa explorer in IDA by navigating to `Edit > Plugins > FLARE capa explorer` or using the keyboard shortcut `Alt+F5`
+   You can also use `ida_loader.load_and_run_plugin("capa_explorer", arg)`. `arg` is a bitflag for which setting the LSB enables automatic analysis. See `capa.ida.plugin.form.Options` for more details.
 3. Select the `Program Analysis` tab
 4. Click the `Analyze` button
 

capa/ida/plugin/__init__.py

@@ -54,8 +54,14 @@ class CapaExplorerPlugin(idaapi.plugin_t):
         pass
 
     def run(self, arg):
-        """called when IDA is running the plugin as a script"""
-        self.form = CapaExplorerForm(self.PLUGIN_NAME)
+        """
+        called when IDA is running the plugin as a script
+
+        args:
+          arg (int): bitflag. Setting LSB enables automatic analysis upon
+          loading. The other bits are currently undefined. See `form.Options`.
+        """
+        self.form = CapaExplorerForm(self.PLUGIN_NAME, arg)
         return True
 
 

capa/ida/plugin/form.py

@@ -44,6 +44,13 @@ CAPA_SETTINGS_RULE_PATH = "rule_path"
 CAPA_SETTINGS_RULEGEN_AUTHOR = "rulegen_author"
 CAPA_SETTINGS_RULEGEN_SCOPE = "rulegen_scope"
 
+from enum import IntFlag
+
+
+class Options(IntFlag):
+    DEFAULT = 0
+    ANALYZE = 1  # Runs the analysis when starting the explorer
+
 
 def write_file(path, data):
     """ """
@@ -230,7 +237,7 @@ class CapaSettingsInputDialog(QtWidgets.QDialog):
 class CapaExplorerForm(idaapi.PluginForm):
     """form element for plugin interface"""
 
-    def __init__(self, name):
+    def __init__(self, name, option=Options.DEFAULT):
         """initialize form elements"""
         super(CapaExplorerForm, self).__init__()
 
@@ -278,6 +285,9 @@ class CapaExplorerForm(idaapi.PluginForm):
 
         self.Show()
 
+        if (option & Options.ANALYZE) == Options.ANALYZE:
+            self.analyze_program()
+
     def OnCreate(self, form):
         """called when plugin form is created