Commit Graph

991 Commits

Author SHA1 Message Date
Capa Bot 239bafd285 Sync capa-testfiles submodule 2026-02-17 21:10:09 +00:00
kamran ul haq 26aba8067f loader: handle SegmentationViolation for malformed ELF files (#2799)
Catch envi.exc.SegmentationViolation raised by vivisect when processing
malformed ELF files with invalid relocations and convert it to a
CorruptFile exception with a descriptive message.

Closes #2794

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>
2026-02-05 12:24:48 -07:00
Daniel Adeboye 77440c03f5 vmray: extract number features for registry key handles (#2835)
* vmray: extract number features for whitelisted void_ptr parameters

* added changelog

* Apply suggestions from code review

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* fix lint

* fix lint

* fix test

* remove unused import

* Add hKey parameter extraction and tests

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>
2026-01-30 15:10:57 -07:00
Capa Bot 93c11d2d4e Sync capa-testfiles submodule 2026-01-28 16:22:42 +00:00
Daniel Adeboye 37f2a897ff tests: remove redundant test_ida_features.py (#2834) 2026-01-23 09:46:58 -07:00
Mike Hunhoff 5a5545aa14 ghidra: fix unit tests (#2812)
* ghidra: fix unit tests

* fix formatting
2026-01-15 12:34:43 -07:00
Willi Ballenthin 0686305f43 ida: loader: load resource sections to help discovery of embedded files 2026-01-13 16:15:31 +01:00
Willi Ballenthin 8d6b878e79 ida: fix return value from open_database 2026-01-13 16:15:31 +01:00
Willi Ballenthin 03cc901f7b tests: idalib: xfail resource test on 9.0 2026-01-13 16:15:31 +01:00
Willi Ballenthin 1d561bd038 tests: idalib: xfail two tests on 9.0 and 9.1 2026-01-13 16:15:31 +01:00
Willi Ballenthin 200c8037dd tests: fix logging message 2026-01-13 16:15:31 +01:00
mr-tz 87fb96d08b load resource for test sample 2026-01-13 16:15:31 +01:00
Willi Ballenthin 82be20be64 loader: idalib: disable lumina
see #2742 in which Lumina names overwrote names provided by debug info
2026-01-13 16:15:31 +01:00
Willi Ballenthin 132e64a991 tests: idalib: better detect missing idapro package 2026-01-13 16:15:31 +01:00
Moritz 7bdd1f11bb Merge branch 'master' into idalib-tests 2026-01-13 16:15:31 +01:00
Capa Bot bfd1b09176 Sync capa-testfiles submodule 2026-01-06 16:50:00 +00:00
Mike Hunhoff 66dc70a775 ghidra: support PyGhidra (#2788)
* ghidra: init commit switch to PyGhidra

* update CHANGELOG and PyGhidra version requirements

* Update capa/features/extractors/ghidra/helpers.py

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* fix black errors

* support Ghidra v12

* remove deprecated APIs

* refactor outdated code

* fix pyinstaller, code refactoring

* address PR feedback

* add back capa_explorer.py

* beef up capa_explorer.py script

* refactor README

* refactor README

* fix #2747

* add sha256 check for workflows

* add sha256 check for workflows

* add sha256 check for workflows

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-12-18 17:55:49 -07:00
mr-tz dc08843e2d address idalib-based test fails 2025-12-11 14:18:13 +00:00
Capa Bot c0ae1352c6 Sync capa-testfiles submodule 2025-12-03 21:00:48 +00:00
Moritz 074f7c742c Merge branch 'master' into idalib-tests 2025-11-24 19:52:40 +01:00
Mike Hunhoff 8d39765e7b ci: bump binja minor version (#2763) 2025-11-17 11:10:46 -07:00
Willi Ballenthin cf463676b2 fixtures: remove dups 2025-11-03 12:47:12 +01:00
Willi Ballenthin b5e5840a63 lints 2025-10-29 20:29:08 +01:00
Willi Ballenthin eda53ab3c1 tests: add feature tests for idalib 2025-10-29 20:20:57 +01:00
Capa Bot ca708ca52e Sync capa-testfiles submodule 2025-10-28 15:15:42 +00:00
Capa Bot add09df061 Sync capa-testfiles submodule 2025-10-20 15:18:32 +00:00
Capa Bot 3bc2d9915c Sync capa-testfiles submodule 2025-10-13 18:52:26 +00:00
Capa Bot 826330f511 Sync capa-testfiles submodule 2025-09-03 15:58:45 +00:00
Capa Bot 40e5095577 Sync capa-testfiles submodule 2025-09-03 15:55:29 +00:00
Capa Bot c7eede3c53 Sync capa-testfiles submodule 2025-09-03 15:51:51 +00:00
Capa Bot aafca2e00a Sync capa-testfiles submodule 2025-08-25 18:59:27 +00:00
Mike Hunhoff 42b6d8106a binja: update core version info check (#2709) 2025-08-20 11:56:56 -06:00
Capa Bot a80f85aab4 Sync capa-testfiles submodule 2025-08-20 15:57:15 +00:00
Capa Bot f94f554d15 Sync capa-testfiles submodule 2025-08-20 15:32:08 +00:00
Capa Bot dd2e350a1a Sync capa-testfiles submodule 2025-08-14 15:08:18 +00:00
Capa Bot af87fae036 Sync capa-testfiles submodule 2025-08-12 15:38:12 +00:00
Capa Bot c774db26f0 Sync capa-testfiles submodule 2025-08-12 15:37:46 +00:00
Capa Bot edcea18c52 Sync capa-testfiles submodule 2025-06-17 19:17:09 +00:00
Mike Hunhoff 96d1eb64c3 update binja core version (#2670)
* update binja core version

* update CHANGELOG
2025-05-30 10:52:56 -06:00
Capa Bot 4b72f8a872 Sync capa-testfiles submodule 2025-05-22 17:48:58 +00:00
Capa Bot 37a63a751c Sync capa-testfiles submodule 2025-05-19 18:12:00 +00:00
Capa Bot 390e2a6315 Sync capa-testfiles submodule 2025-05-12 16:17:27 +00:00
Capa Bot 6a43084915 Sync capa-testfiles submodule 2025-05-12 16:06:51 +00:00
Capa Bot a4285c013e Sync capa-testfiles submodule 2025-03-11 16:13:03 +00:00
Capa Bot 0df50f5d54 Sync capa-testfiles submodule 2025-03-10 19:51:07 +00:00
Capa Bot 45ea683d19 Sync capa-testfiles submodule 2025-02-26 08:56:48 +00:00
Capa Bot 14e076864c Sync capa-testfiles submodule 2025-02-22 19:13:14 +00:00
Capa Bot 06fad4a89e Sync capa-testfiles submodule 2025-02-21 12:17:50 +00:00
vibhatsu a8e8935212 Replace binascii and struct with native Python methods (#2582)
* refactor: replace binascii with bytes for hex conversions

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* refactor: replace struct unpacking with bytes conversion

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* simplify byte extraction for ELF header

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* Revert "refactor: replace struct unpacking with bytes conversion"

This reverts commit 483f8c9a85.

* update CHANGELOG

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

---------

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
2025-02-04 09:53:36 +01:00
Willi Ballenthin 6d19226ee9 rules: scopes can now have subscope blocks with same scope (#2584) 2025-02-03 19:54:05 +01:00