gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-02-04 19:12:01 -08:00
Code Issues Packages Projects Releases Wiki Activity
4,134 Commits 47 Branches 48 Tags
15701c6d12e0bf0f69e8bd2144e8f5556acb52b8
Commit Graph

1412 Commits

Author SHA1 Message Date
Aayush Goel
94cf53a1e3 Update __init__.py 2023-10-18 16:33:31 +05:30
Aayush Goel
6dbd3768ce Update __init__.py 2023-10-17 21:04:21 +05:30
Aayush Goel
7cd5aa1c40 Added Enum for comType 2023-10-17 20:28:49 +05:30
Aayush Goel
884b714be2 loading com db only once 
avoid loading db multiple times by caching it.
 2023-10-17 19:48:06 +05:30
Aayush Goel
23ecb248a5 Update __init__.py 2023-10-10 18:08:07 +05:30
Aayush Goel
bc165331db Update __init__.py 2023-10-10 17:56:18 +05:30
Moritz
a9daa92c9a Merge branch 'master' into Aayush-Goel-04/Issue#322 2023-10-09 18:22:46 +02:00
Willi Ballenthin
321ef100c5 Update capa/features/extractors/binja/helpers.py 2023-09-27 08:56:42 +02:00
Willi Ballenthin
d8eebf524e Update capa/features/extractors/binja/helpers.py 2023-09-27 08:51:12 +02:00
Willi Ballenthin
3dffa8145f Update capa/features/extractors/binja/helpers.py 2023-09-27 08:47:52 +02:00
Willi Ballenthin
09b54a86f0 Merge branch 'master' into test_binja_forwarded_export 2023-09-21 12:10:13 +02:00
Xusheng
55af6f052f binja: add support for symtab names. Fix #1504 2023-09-21 17:24:42 +08:00
Xusheng
d2d32f88ef binja: add support for forwarded exports 2023-09-21 15:32:55 +08:00
Xusheng
b3dccb3841 binja: improve function call site detection 2023-09-21 09:51:01 +08:00
Xusheng
bc71c94171 binja: use binaryninja.load to open a binary 2023-09-21 09:51:01 +08:00
Aayush Goel
8331ed6ea0 Merge branch 'mandiant:master' into Aayush-Goel-04/Issue#322 2023-09-06 16:35:29 +05:30
Mike Hunhoff
d17db614b9 Update README.md 2023-08-30 10:33:38 -06:00
Aayush Goel
24dad6bcc4 Update capa/rules/__init__.py 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-08-30 21:48:48 +05:30
Aayush Goel
ab3747e448 added com prefix CLSID, IID 2023-08-30 01:00:07 +05:30
colton-gabertan
72ed4d1165 push shellcode example 2023-08-29 18:05:03 +00:00
colton-gabertan
0ec682a464 add shellcode documentation & update Headless Analyzer example 2023-08-29 18:01:11 +00:00
colton-gabertan
37917b6181 update ghidra feat extractor docs 2023-08-29 17:28:49 +00:00
Mike Hunhoff
a6e61ed6f1 Update capa/ghidra/README.md 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-08-29 09:03:26 -06:00
Mike Hunhoff
1fddf800c6 Update capa/ghidra/README.md 
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-08-29 09:02:46 -06:00
Mike Hunhoff
7cc10401d5 fix #1772 2023-08-28 15:15:47 -06:00
Mike Hunhoff
f3a2a5958d fix Ghidra detection 2023-08-28 13:24:14 -06:00
Colton Gabertan
9cea7346b2 ghidra: documentation (#1759) 
* Implement ghidra documentation
 2023-08-27 19:21:36 -07:00
colton-gabertan
d7c9ae26bc Merge branch 'master' into backend-ghidra 2023-08-26 02:08:22 +00:00
Colton Gabertan
fddec33d04 ghidra: fix api info caching (#1766) 
* cache and retrive imports, externs, and fakes in FunctionHandle objects

* reduce cache retreival calls

* cache in GhidraFeatureExtractor, point fh.ctx to cache

* move caching routine to __init__
 2023-08-25 19:03:38 -07:00
Mike Hunhoff
65179805a7 add a Ghidra entry script users can invoke to run capa against a loaded Ghidra database (#1767) 
* enable use of Ghidra with show-features.py

* fix bug in is_supported_file_type

* fix bug in GhidraFeatureExtractor.get_function

* refactor get_insn_in_range

* add Ghidra entry script for users to more easily run capa against a loaded Ghidra database

* update CHANGELOG

* fixing lint

* fix fixtures import issue

* fix bug in is_supported_arch_type

* add check for supported arch type

* fix extract_embedded_pe performance
 2023-08-25 18:35:59 -07:00
Aayush Goel
bd0d8eb403 Update __init__.py 
added parse_description for com feature
Update CHANGELOG.md
added comments, dealt with errors
 2023-08-25 16:04:25 +05:30
Aayush Goel
f1a7049ab5 Merge branch 'master' into Aayush-Goel-04/Issue#322 2023-08-25 15:39:03 +05:30
Aayush Goel
95e279a03b update com db 
moved code to rules/init.py , create db for coms
 2023-08-25 15:32:40 +05:30
Willi Ballenthin
7a70bc9b2a version: v6.1.0 2023-08-25 08:47:11 +00:00
Mike Hunhoff
448b122ef0 fix ints_to_bytes performance (#1761) 
* fix ints_to_bytes performance
 2023-08-24 16:01:41 -07:00
colton-gabertan
bd2f7bc1f4 hotfix: fix indirect address dereference handling 2023-08-24 22:09:08 +00:00
Colton Gabertan
70d36ab640 properly set bounds for find_byte_sequence (#1757) 2023-08-23 15:40:15 -06:00
Colton Gabertan
19b8000c00 Ghidra: Fixes & Enhancements (#1733) 
* restore from corrupted .git

* lint repo

* temp: remove lint failing rule

* implement dereferencing, clean up extractors

* implement proper dereferencing routines as applicable

* fix nzxor implementation, remediate ghidra analysis issues

* lint repo

* Assert typing, lint repo

* avoid extracting pointers in bytes extraction

* attempt to recover submodule

* implement GhidraFeatureExtractor & ghidra_main()

* lint repo

* document examples, clean-up & testing

* lint repo

* properly map import dict

* properly map fake addresses

* fix fake addr mapping

* properly map externs

* re-align consistency with other backends

* lint repo

* fix dereferencing routine

* clean up helpers

* fix format string

* disable progress bar to exit gracefully

* enable pbar in headless runtime mode

* implement fixture test script

* implement ghidra unit test script

* refactor repo for breaking Ghidrathon change

* bump ghidrathon CI version, run unit test in CI

* change CI config

* fix wget line for ghidrathon

* fix unzip paths

* fix ghidra import issue

* disable pytest faulthandler module

* fix dereference function

* fix ghidra state variables

* implement dereferencing for string extraction

* use toAddr

* restructure for consistency

* Bump Ghidrathon version for CI, fix pytest ghidra runtime detection

* fix number & offset extractors

* yield both signed & unsgned values for offset extraction

* add LEA insn handling to number & offset extraction

* fix indirect call extraction

* implement thunk function checking for dereferences

* revise ghidra feature count tests, pass unit testing

* fix feature test format

* implement additional support for dereferencing thunked functions

* integrate external locations into find_file_imports

* change api yield string for .elf samples to match other extractors

* fix potential NoneType errors during dereferencing

* user helper in global_

* fix GHIDRAIO class, implement in global_

* comment on getOriginalByte

* simplify get_file_imports

* implement explicit thunk chain handling

* simplify LEA number extraction

* simplify thunk handling

* temp: demonstrate CI failure & output

* fix log path

* run new test against mimikatz
 2023-08-23 14:35:18 -06:00
Colton Gabertan
058c1fefd2 ghidra: unit tests (#1727) 
* restore from corrupted .git

* lint repo

* temp: remove lint failing rule

* implement dereferencing, clean up extractors

* implement proper dereferencing routines as applicable

* fix nzxor implementation, remediate ghidra analysis issues

* lint repo

* Assert typing, lint repo

* avoid extracting pointers in bytes extraction

* attempt to recover submodule

* implement GhidraFeatureExtractor & ghidra_main()

* lint repo

* document examples, clean-up & testing

* lint repo

* properly map import dict

* properly map fake addresses

* fix fake addr mapping

* properly map externs

* re-align consistency with other backends

* lint repo

* fix dereferencing routine

* clean up helpers

* fix format string

* disable progress bar to exit gracefully

* enable pbar in headless runtime mode

* implement fixture test script

* implement ghidra unit test script

* refactor repo for breaking Ghidrathon change

* bump ghidrathon CI version, run unit test in CI

* change CI config

* fix wget line for ghidrathon

* fix unzip paths

* fix ghidra import issue

* disable pytest faulthandler module

* fix ghidra state variables

* use toAddr

* restructure for consistency

* Bump Ghidrathon version for CI, fix pytest ghidra runtime detection
 2023-08-21 12:16:13 -06:00
Aayush Goel
1027da9be0 add new feature for com 2023-08-20 00:36:37 +05:30
colton-gabertan
a2a2949675 Merge branch 'master' into backend-ghidra 2023-08-17 16:06:17 +00:00
Colton Gabertan
b3cf1129e3 Ghidra: Implement GhidraFeatureExtractor (#1681) 
* Implement GhidraFeatureExtractor & repo changes
 2023-08-16 15:58:47 -07:00
Willi Ballenthin
e6d64ef561 pydantic: remove use of deprecated routines 
closes #1718
 2023-08-15 08:41:56 +00:00
Willi Ballenthin
737fab7969 elf: use equality not bit masking 2023-08-14 16:40:45 +02:00
Willi Ballenthin
bd5c65d22c elf: fix parsing of symtab from viv 
closes #1704
 2023-08-14 11:08:19 +00:00
Willi Ballenthin
e6cb3d3b3b os: detect Android via dependencies, too 2023-08-14 10:27:19 +00:00
Willi Ballenthin
8003547414 elf: detect Android OS via note 
closes #1705
 2023-08-14 10:13:42 +00:00
colton-gabertan
2de6dc7cb8 Merge branch 'master' into backend-ghidra 2023-08-10 12:14:44 -07:00
Aayush Goel
df9828dd7f Update capa/rules/__init__.py 
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2023-08-09 15:32:12 +05:30
Willi Ballenthin
f1e737ac92 Merge branch 'master' into Aayush-Goel-04/Issue#331 2023-08-09 08:53:02 +02:00