gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 07:10:29 -08:00
Code Issues Packages Projects Releases Wiki Activity
2,553 Commits 45 Branches 48 Tags
07e35780d39eea25751bf5a73c108b6e1fc39b95
Commit Graph

90 Commits

Author SHA1 Message Date
Willi Ballenthin
07e35780d3 Merge branch 'master' into fix-988 2022-05-11 13:10:45 -06:00
Willi Ballenthin
a6427364e0 tests: add test demonstrating elf OS detection 2022-05-11 13:09:12 -06:00
Mike Hunhoff
0d849142ba dotnet: emit mixed mode characteristic (#1024) 2022-05-06 14:32:06 -06:00
Mike Hunhoff
6fb9dd961a dotnet: emit unmanaged call characteristic (#1023) 2022-05-06 13:05:48 -06:00
Mike Hunhoff
a9c9b3cea8 dotnet: extract file function names (#1015) 2022-05-06 08:34:50 -06:00
Mike Hunhoff
24c4215820 dotnet: add file string parsing (#1012) 2022-05-05 13:39:29 -06:00
Mike Hunhoff
580a2d7e45 dotnet: basic detection and feature extraction (#987) 2022-04-08 14:55:00 -06:00
Willi Ballenthin
1c7b6bcf7d fixtures: use function that IDA doesn't recognize as lib func 2022-04-06 15:07:35 -06:00
Willi Ballenthin
b843cef986 tests: add tests for #320 2022-04-06 14:38:56 -06:00
Willi Ballenthin
0e95691cde tests: fixtures: enable assertions against instruction scope 2022-04-06 14:38:33 -06:00
Willi Ballenthin
ecabd557a7 *: remove /x32 and /x64 flavors from number and offset features 2022-04-05 10:35:41 -06:00
Willi Ballenthin
9da4ff10da *: rename OperandImmediate to OperandNumber 2022-03-31 10:37:06 -06:00
Willi Ballenthin
997daf537e viv: insn: extract OperandOffset and OperandImmediate 2022-03-30 13:14:08 -06:00
Baptistin Boilot
4d915020a8 extractor: add characteristic(call $+5) feature extraction for vivisect and smda 2022-02-27 18:15:25 +01:00
Baptistin Boilot
8474369575 tests: add fixtures for two's complement numbers 
Add fixtures to validate the following number features:
- number(0x0): to check feature extraction for null number
- number(0xFFFFFFFF): to check feature extraction for -1 number
- number(0xFFFFFFF0): to check feature extraction for negative number (-0x10 in this case)
 2021-12-31 20:08:56 +01:00
William Ballenthin
a1075b63ec tests: add demonstration of bb layout 2021-10-26 15:20:08 -06:00
William Ballenthin
32244b2641 fixtures: fix extraction of global features 2021-09-04 16:12:51 -06:00
William Ballenthin
122fdc69e3 fixtures: name error 2021-09-04 16:00:49 -06:00
William Ballenthin
39e4e47763 pep8 2021-09-04 15:59:38 -06:00
William Ballenthin
2ea4dc9d7e tests: fixtures: extract global features at each scope 2021-09-04 15:58:32 -06:00
William Ballenthin
2989732637 tests: fix fva of substring test function 2021-08-24 16:32:27 -06:00
William Ballenthin
db45068357 tests: fix tests for substring 2021-08-24 16:13:41 -06:00
William Ballenthin
6989e8b8cf rules: add substring feature 
closes #737
 2021-08-24 11:35:01 -06:00
William Ballenthin
8e689c39f4 features: add Arch feature at global scope 2021-08-16 17:06:56 -06:00
William Ballenthin
738fa9150e fixtures: update tests to account for Format scope 2021-08-16 16:39:40 -06:00
William Ballenthin
ab1326f858 features: move OS and Format to their own features, not characteristics 2021-08-16 16:28:26 -06:00
William Ballenthin
f013815b2a features: rename legacy term arch to bitness 
makes space for upcoming feature `arch: ` for things like i386/amd64/aarch64
 2021-08-16 12:21:25 -06:00
William Ballenthin
05f8e2445a fixtures: add tests demonstrating extraction of features from ELF files 2021-08-11 09:29:05 -06:00
William Ballenthin
753b003107 pep8 2021-08-11 09:23:41 -06:00
William Ballenthin
97092c91db tests: assert absence of the wrong os/format 2021-08-11 09:13:56 -06:00
William Ballenthin
20859d2796 extractors: pefile: extract OS and format 2021-08-11 09:11:29 -06:00
Moritz Raabe
6fc2037f45 update sig file names 2021-06-30 08:54:37 +02:00
William Ballenthin
09ad0ec184 tests: save .viv by default, hopefully improve test performance 2021-06-15 12:24:29 -06:00
Willi Ballenthin
b47b398b07 Merge pull request #636 from fireeye/fix-629 
move test sigs into testfiles
 2021-06-14 13:56:21 -06:00
William Ballenthin
c1acf702b6 fixtures: move test sigs to testfiles 2021-06-14 11:37:39 -06:00
William Ballenthin
ac59e50b5f move capa/features/__init__.py logic to common.py 
also cleanup imports across the board,
thanks to pylance.
 2021-06-09 22:20:53 -06:00
William Ballenthin
7d2e664320 move extractors/smda/__init__.py logic to extractor.py 2021-06-09 17:52:06 -06:00
William Ballenthin
6187317a4e move extractors/viv/__init__.py logic to extractor.py 2021-06-09 17:49:50 -06:00
Willi Ballenthin
ed02088c82 detect (and short circuit) file limitations at file scope (#586) 
* smda: move pe carve into helpers

* smda: simplify test parametrization/xfail

* extractors: add pefile extractor for file scope features

* pep8

* main: bail early on file limitation detected at file scope

closes #583

* changelog
 2021-05-28 08:14:44 -06:00
Willi Ballenthin
bd63ded1dd file scope API features (#568) 
* smda: minor unrelated fixes

* file features: extract API features at file scope for library functions

closes #567

* changelog

* ida: add file-scope API feature

Co-authored-by: mike-hunhoff <mike.hunhoff@gmail.com>

* fix lints from pylance

* features: use "function-name" for recognized linked functions

* pep8

* pep8

* rules: remove incorrect feature scope

* tests: xfail SMDA tests relying on function id

* tests: fixtures: order tests by sample, ideally improving memory usage

* pep8

* pep8

* smda: xfail two more tests

Co-authored-by: mike-hunhoff <mike.hunhoff@gmail.com>
 2021-05-27 12:59:00 -06:00
Moritz
424a25cb91 Fix tests on Windows - reduced memory impact and general fixes (#545) 
* Update tests.yml

* Update .github/workflows/tests.yml

* Update tests.yml

* update

* min tests

* enable all, no sigpaths

* update cache

* save workspace, log caching

* updated tests

* update tests

* update rec call test

* lower cache size

* address Ana's feedback
 2021-05-11 16:29:01 +02:00
William Ballenthin
8f0ce11ff6 tests: register common FLIRT sigs 
closes #538
 2021-05-01 08:06:56 -06:00
William Ballenthin
9ca1a7ebb6 extractors: do cast-to-int correctly 2021-04-27 13:07:27 -06:00
William Ballenthin
c79f461e39 Merge branch 'master' into function-id-flirt 2021-04-26 09:47:42 -06:00
Ana Maria Martinez Gomez
c0d6468347 py3: Remove Python 2 tests 
Tests don't need to support Python 2 any longer. Do not run tests with
Python 2.
 2021-04-07 18:20:07 +02:00
William Ballenthin
004ddb3e66 main: load gzip compressed .pat files 2021-03-04 18:04:46 -07:00
William Ballenthin
20894124e6 tests: test FLIRT matching 2021-03-04 15:50:05 -07:00
Ana Maria Martinez Gomez
bbb7878e0a Enable tests for vivisect in Python3 
Now we support vivisect as backend in Python3. We should test it.
 2021-03-03 17:36:50 +01:00
Moritz Raabe
9b5aaa40de improve bytes feature extraction 2021-02-01 17:17:22 +01:00
Moritz Raabe
08c3372635 add more xor instructions 2020-12-08 09:21:50 +01:00