gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-07 19:01:04 -08:00
Code Issues Packages Projects Releases Wiki Activity
661 Commits 41 Branches 48 Tags
1e097ef759ed08869a503d21d13d67f03a356f67
Commit Graph

661 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Willi Ballenthin
1e097ef759 setup: add pylancelot dep on py3 2020-08-15 11:13:06 -06:00
William Ballenthin
f193ceb91a merge 2020-08-14 10:26:52 -06:00
Willi Ballenthin
ac7f079af8 Merge pull request #235 from fireeye/progressbar-tweaks 
main: progress bar updates (+rules, and realize iterators)
 2020-08-14 10:23:43 -06:00
William Ballenthin
5f47280e0d main: disable spinner when in quiet mode 2020-08-14 10:19:39 -06:00
Capa Bot
b7d39cf4c9 Sync capa rules submodule 2020-08-14 16:02:13 +00:00
William Ballenthin
de2c3c9800 main: display spinner while generating viv workspace 2020-08-14 09:38:08 -06:00
William Ballenthin
6e525a93d7 viv: insn: derefs: fix exception 2020-08-14 09:37:51 -06:00
William Ballenthin
90cdef5232 main: progress bar updates (+rules, and realize iterators) 2020-08-13 17:25:07 -06:00
William Ballenthin
fb19841997 Merge branch 'master' into backend-lancelot 2020-08-13 17:24:28 -06:00
William Ballenthin
40d16c925f main: progress bar updates (+rules, and realize iterators) 2020-08-13 17:23:36 -06:00
William Ballenthin
d5f73b47a4 main: use lancelot on py3 2020-08-13 13:35:09 -06:00
William Ballenthin
caf738ee4e lancelot: implement indirect call resolution 2020-08-13 13:22:50 -06:00
William Ballenthin
c6f27200fe lancelot: pull get_operand_target into helpers 2020-08-13 13:22:29 -06:00
Capa Bot
e3e13cdb11 Sync capa rules submodule 2020-08-13 18:51:28 +00:00
William Ballenthin
5c967cd6ef lancelot: insn: calls to/from 2020-08-13 12:39:32 -06:00
Willi Ballenthin
db3369fd09 Merge pull request #232 from Ana06/remove-switch 
extractor: remove characteristic(switch)
 2020-08-13 10:07:07 -06:00
Capa Bot
35086d4a69 Sync capa rules submodule 2020-08-13 16:06:21 +00:00
Ana María Martínez Gómez
adaac03d1d extractor: remove characteristic(switch) 
Get rid of the `characteristic(switch)` feature as any of our rules use
it and its analysis is not very easy. Analysis results most likely
differ across backends, leading to inconsistency.
 2020-08-13 16:47:01 +02:00
Capa Bot
199cccaef9 Sync capa rules submodule 2020-08-12 23:27:17 +00:00
Capa Bot
e64277ed41 Sync capa-testfiles submodule 2020-08-12 23:26:45 +00:00
Willi Ballenthin
744b4915c9 Merge pull request #226 from fireeye/enhancement-223 
IDA: resolve nested data references to strings/bytes
 2020-08-12 09:05:11 -06:00
Capa Bot
5d9ccf1f76 Sync capa rules submodule 2020-08-11 21:04:09 +00:00
Capa Bot
15607d63ab Sync capa-testfiles submodule 2020-08-11 21:03:00 +00:00
Willi Ballenthin
362db6898a Merge pull request #230 from fireeye/enhancement-immediate-memory-reference-as-number 
adding support to emit number features for unmapped immediate memory references
 2020-08-11 14:59:26 -06:00
Michael Hunhoff
70b4546c33 adding test for unmapped immediate data reference 2020-08-11 14:13:43 -06:00
Michael Hunhoff
791afd7ac8 adding code to emit number feature for unmapped immediate data reference 2020-08-11 14:12:41 -06:00
Capa Bot
6f352283e6 Sync capa-testfiles submodule 2020-08-11 19:36:17 +00:00
Capa Bot
db85fbab4f Sync capa rules submodule 2020-08-11 14:54:42 +00:00
mike-hunhoff
20cc23adc5 Merge pull request #228 from fireeye/bugfix-explorer-display-arch-decorator 
explorer: adding support to display arch decorator on numbers/offsets
 2020-08-11 07:50:08 -07:00
Michael Hunhoff
828819e13f switching to iterative solution for data reference search 2020-08-11 08:45:20 -06:00
Michael Hunhoff
79d94144c6 adding IDA extractor code to resolve nested data references for string and bytes features 2020-08-11 08:44:44 -06:00
Michael Hunhoff
c46a1d2b44 black format changes 2020-08-11 08:26:48 -06:00
Capa Bot
7a18fbf9d4 Sync capa rules submodule 2020-08-11 07:19:00 +00:00
Capa Bot
7d62156a29 Sync capa-testfiles submodule 2020-08-11 07:12:56 +00:00
William Ballenthin
a59e1054fe tests: lancelot: feature counts 2020-08-10 19:04:29 -06:00
William Ballenthin
db45a06ba7 lancelot: insn: simplify operand target fetching 2020-08-10 19:04:09 -06:00
William Ballenthin
c739caee40 tests: lancelot: add tests for counts of features 2020-08-10 18:53:40 -06:00
William Ballenthin
bdf6b69be6 lancelot: insn: indirect call 2020-08-10 18:45:58 -06:00
William Ballenthin
fdd6f7434b lancelot: insn: xsection flow and recursive calls 2020-08-10 18:40:45 -06:00
Michael Hunhoff
def8130a24 adding support to display arch decorator on numbers/offsets 2020-08-10 18:27:37 -06:00
William Ballenthin
21adb2b9d1 tests: lancelot: formatting 2020-08-10 18:16:14 -06:00
William Ballenthin
5929c0652c lancelot: insn: fs/gs 2020-08-10 18:15:10 -06:00
William Ballenthin
e7bf5bfceb lancelot: insn: nzxor 2020-08-10 18:05:26 -06:00
William Ballenthin
c2f55fad12 tests: lancelot: construct assert message 2020-08-10 18:05:08 -06:00
William Ballenthin
7ac4cf47f7 lancelot: insn: pass f, bb, insn throughout 2020-08-10 18:04:37 -06:00
William Ballenthin
3f49a224f5 lancelot: off-by-one instruction enumerator 2020-08-10 18:03:40 -06:00
William Ballenthin
695f1bf55a lancelot: insn: strings 2020-08-10 17:23:19 -06:00
William Ballenthin
10f5a54e1d lancelot: insn: bytes 2020-08-10 17:08:28 -06:00
William Ballenthin
042654ee97 lancelot: insn: mnemonic 2020-08-10 13:50:46 -06:00
William Ballenthin
1da450001c lancelot: insn: offset 2020-08-10 13:47:43 -06:00