Commit Graph

1184 Commits

Author SHA1 Message Date
Ana Maria Martinez Gomez 2859b037aa Use constants for backend option
Use constants instead of string literals for the backend option.
2021-03-03 17:36:50 +01:00
Ana Maria Martinez Gomez bbb7878e0a Enable tests for vivisect in Python3
Now we support vivisect as backend in Python3. We should test it.
2021-03-03 17:36:50 +01:00
Ana Maria Martinez Gomez fc438866ec Add option to select the backend in Py3
Now we have two working backends in Python3! Add an option to select
which one to use. With this code, vivisect is the default backend, but
this is really easy to change. We could do some analysis to see if smda
performances better than vivisect once the vivisect implementation.
2021-03-03 17:36:50 +01:00
Ana Maria Martinez Gomez 2da2f498a2 Add script to compare vivisect Python 2 vs 3
Compare the performance of vivisect Python 2 vs 3 by counting the number
of feature of each type extracted for every binary in `tests/data`.
Render the ones that perform bad (under a threshold - 98) and the total
performance. Render also the running time per binary for both Python 2 and 3.

From this result, it seems that vivisect behaves properly with Python3.
2021-03-03 17:36:50 +01:00
Ana Maria Martinez Gomez 29dffffe1b Python3 support for vivisect
Vivisect has moved to Python3. Allow to run vivisect with Python3 in
capa.

I am using the following version of vivisect (which includes fixes for
some bugs I have found and some open PRs in vivisect):
https://github.com/Ana06/vivisect/tree/py-3
2021-03-03 17:36:49 +01:00
Capa Bot 1ecaad5413 Sync capa rules submodule 2021-03-02 15:06:24 +00:00
Willi Ballenthin cd56d672c0 Merge pull request #442 from fireeye/williballenthin-patch-2
viv: ignore empty branch targets
2021-03-01 08:43:26 -07:00
Willi Ballenthin 68aed3c190 insn: better document when branch va may be none 2021-02-28 23:03:08 -07:00
Willi Ballenthin 68fcc03d5c viv: ignore empty branch targets
but what does this really mean? why would `getBranches` return `None`?

closes #441
2021-02-25 13:34:59 -07:00
Capa Bot 939b29bf60 Sync capa rules submodule 2021-02-24 23:00:34 +00:00
Capa Bot 2f6a6e4628 Sync capa rules submodule 2021-02-24 08:07:52 +00:00
Capa Bot 7938ea34d0 Sync capa rules submodule 2021-02-24 08:06:30 +00:00
Capa Bot ed94e36f7a Sync capa rules submodule 2021-02-24 00:12:19 +00:00
mike-hunhoff 1c3a8df136 Merge pull request #439 from fireeye/explorer/rulegen-support-file-scope
adding file scope support to rule generator IDA plugin
2021-02-23 11:50:54 -07:00
Michael Hunhoff 9f254b22ee adding file scope support to rule generator IDA plugin 2021-02-23 11:10:34 -07:00
Capa Bot 753f8ce84e Sync capa rules submodule 2021-02-23 17:33:38 +00:00
Capa Bot acf3b549de Sync capa rules submodule 2021-02-23 15:29:20 +00:00
Capa Bot 669f6dcf98 Sync capa rules submodule 2021-02-23 15:23:19 +00:00
Capa Bot e4f7c4aab1 Sync capa rules submodule 2021-02-23 15:22:43 +00:00
Moritz 5836d55e21 Merge pull request #438 from fireeye/explorer/show-results-by-function
explorer: adding option to show results by function
2021-02-22 18:23:44 +01:00
Michael Hunhoff e17bf1a1f4 explorer: adding option to show results by function 2021-02-22 08:16:18 -07:00
Willi Ballenthin acb253ae9c Merge pull request #437 from fireeye/scripts/show-capabilities
update to support running in IDA w/ Python 3
2021-02-19 17:02:53 -07:00
Michael Hunhoff cc0aaa301f update to support running in IDA w/ Python 3 2021-02-19 14:28:20 -07:00
mike-hunhoff 4256316045 Merge pull request #436 from fireeye/fix/ida/unmapped-data-ref
check for unmapped addresses when resolving data references
2021-02-19 12:58:16 -07:00
Capa Bot 78ab0c9400 Sync capa-testfiles submodule 2021-02-19 19:39:18 +00:00
Capa Bot 944a670af0 Sync capa rules submodule 2021-02-19 17:17:33 +00:00
Michael Hunhoff e4e517b334 checked for unmapped address when resolving data references 2021-02-19 10:07:23 -07:00
Capa Bot ccd7f1ee4b Sync capa-testfiles submodule 2021-02-19 09:54:02 +00:00
Capa Bot 9db7ed88aa Sync capa rules submodule 2021-02-18 21:36:08 +00:00
Capa Bot a5e7497f56 Sync capa-testfiles submodule 2021-02-18 21:35:02 +00:00
Capa Bot 754f302493 Sync capa rules submodule 2021-02-18 17:56:06 +00:00
Moritz 7783543153 Merge pull request #429 from fireeye/scripts/multiple-backends-show-features
mirror show-capabilities-by-function to enable multiple backends
2021-02-18 09:33:36 +01:00
Moritz b02f92b3ea Merge pull request #428 from fireeye/linter/ntoskrnl-ntdll-overlap
linter: adding ntoskrnl, ntdll overlap lint
2021-02-18 09:23:02 +01:00
Michael Hunhoff 47b3ef29be removing viv dep from show-capabilities-by-function.py 2021-02-17 14:49:52 -07:00
Michael Hunhoff 1eb615f97c mirror show-capabilities-by-function to enable multiple backends 2021-02-17 14:40:33 -07:00
mike-hunhoff cfa904a0a0 Merge pull request #426 from fireeye/explorer/rule-generator
initial commit of capa explorer rule generator plugin for IDA Pro
2021-02-17 13:44:54 -07:00
Michael Hunhoff 2d34458d10 linter: adding ntoskrnl, ntdll overlap lint 2021-02-17 13:29:36 -07:00
Capa Bot e39713c4fd Sync capa rules submodule 2021-02-17 17:10:12 +00:00
Capa Bot 320b734da8 Sync capa rules submodule 2021-02-17 17:00:43 +00:00
Capa Bot 887848625c Sync capa-testfiles submodule 2021-02-17 16:52:43 +00:00
Capa Bot 685f06582d Sync capa rules submodule 2021-02-17 15:18:16 +00:00
Capa Bot a3c21dba32 Sync capa rules submodule 2021-02-17 14:59:46 +00:00
Capa Bot 9744cde8aa Sync capa rules submodule 2021-02-17 07:27:24 +00:00
Capa Bot 0ba8c9ec00 Sync capa-testfiles submodule 2021-02-16 23:44:50 +00:00
Capa Bot 0764c603b4 Sync capa-testfiles submodule 2021-02-16 23:32:23 +00:00
mike-hunhoff 2d4f7a6946 Update README.md 2021-02-12 14:38:11 -07:00
mike-hunhoff 5346eec84d Update README.md 2021-02-12 14:35:34 -07:00
Michael Hunhoff b704dd967b updating README related to capa explorer 2021-02-12 14:32:08 -07:00
Michael Hunhoff 84ace24b35 merging upstream 2021-02-12 14:19:23 -07:00
Michael Hunhoff ea42f76cff updating README related to capa explorer 2021-02-12 14:18:30 -07:00