Commit Graph

4665 Commits

Author SHA1 Message Date
Willi Ballenthin 6e3fff4bae use latest rules migration 2023-11-14 14:29:34 +00:00
Willi Ballenthin a705bf9eab Merge pull request #1825 from mandiant/fix/issue-1816
verbose: show process name and other human-level details
2023-11-14 12:33:41 +01:00
Willi Ballenthin c68c68d5cb Merge branch 'dynamic-feature-extraction' into fix/issue-1816 2023-11-14 11:36:24 +01:00
Willi Ballenthin 82013f0e24 submodule: tests: data: sync 2023-11-14 10:35:18 +00:00
Moritz dee0aa73eb Merge pull request #1844 from mandiant/mr-tz-patch-1
fix whitespace removal in format check
2023-11-11 19:53:44 +01:00
Moritz 41a397661f fix whitespace removal in format check 2023-11-10 11:40:55 +01:00
Moritz 52997e70a0 fix imports according to ruff 2023-11-08 16:58:40 +01:00
Moritz 1acc2d1959 Merge branch 'dynamic-feature-extraction' into fix/issue-1816 2023-11-08 16:56:05 +01:00
Willi Ballenthin a52af3895a verbose: remove TODOs 2023-11-06 10:37:22 +00:00
Willi Ballenthin 5d31bc462b verbose: render dynamic match locations 2023-11-06 10:34:26 +00:00
Willi Ballenthin 7678897334 tests: fix render tests 2023-11-06 10:32:44 +00:00
Willi Ballenthin 75ff58edaa vverbose: better render pid/tid/call index 2023-11-06 10:09:23 +00:00
Willi Ballenthin eb12ec43f0 mypy 2023-11-06 09:52:00 +00:00
Willi Ballenthin f7c72cd1c3 vverbose: don't repeat rendered calls when in call scope 2023-11-06 09:52:00 +00:00
Willi Ballenthin 0da614aa4f vverbose: dynamic: show rendered matching API call 2023-11-06 09:52:00 +00:00
Willi Ballenthin 9c81ccf88a vverbose: make missing names an error 2023-11-06 09:52:00 +00:00
Willi Ballenthin c141f7ec6e verbose: better render scopes 2023-11-06 09:52:00 +00:00
Willi Ballenthin 274a710bb1 report: better compute dynamic layout 2023-11-06 09:52:00 +00:00
Willi Ballenthin 4a7e488e4c Update capa/render/vverbose.py
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
2023-11-01 12:19:13 +01:00
Yacine 0097822e51 Merge pull request #1820 from yelhamer/capabilities-module
add a capabilities module
2023-10-27 13:39:49 +02:00
Yacine Elhamer e559cc27d5 capa.rules: remove redundant ceng.MatchResults import 2023-10-26 19:43:26 +02:00
Yacine Elhamer a0cec3f07d capa.rules: remove redundant is_internal_rule() and has_file_limitations() from capa source code 2023-10-26 19:41:09 +02:00
Moritz db53424548 Merge pull request #1826 from mandiant/fix-model-hexint
fix parsing base 10/16
2023-10-23 09:02:21 +02:00
Yacine Elhamer 8029fed31c Merge branch 'capabilities-module' of https://github.com/yelhamer/capa into capabilities-module 2023-10-20 20:11:28 +02:00
Yacine Elhamer 3572b512d9 test_capabilities.py: add missing test_com_feature_matching() test 2023-10-20 20:11:08 +02:00
Yacine Elhamer ab06c94d80 capa/main.py: move has_rule_with_namespace() to capa.rules.RuleSet 2023-10-20 20:10:29 +02:00
Willi Ballenthin 9e6919f33c layout: capture call names
so that they can be rendered to output
2023-10-20 14:21:13 +00:00
mr-tz 99042f232d fix parsing base 10/16 2023-10-20 15:26:11 +02:00
Willi Ballenthin 393b0e63f0 layout: capture process name 2023-10-20 12:39:28 +00:00
Willi Ballenthin ee4f02908c layout: capture process name 2023-10-20 12:38:35 +00:00
Moritz c9df78252a Ignore DLL names for API features (#1824)
* ignore DLL name for api features

* keep DLL name for import features

* fix tests
2023-10-20 13:39:15 +02:00
Willi Ballenthin 788251ba2b vverbose: render scope for humans 2023-10-20 11:37:42 +00:00
Willi Ballenthin 62d4b008c5 Merge pull request #1822 from mandiant/fix/dynamic-freeze
update freeze for dynamic
2023-10-20 13:16:48 +02:00
Yacine Elhamer aae72667a3 Merge branch 'capabilities-module' of https://github.com/yelhamer/capa into capabilities-module 2023-10-20 10:16:41 +02:00
Yacine Elhamer d6c5d98b0d move is_file_limitation_rule() to the rules module (Rule class) 2023-10-20 10:16:09 +02:00
Yacine Elhamer d5ae2ffd91 capa.capabilities: move has_file_limitations() from capa.main to the capabilities module 2023-10-20 10:15:20 +02:00
Yacine Elhamer 96fb204d9d move capa.features.capabilities to capa.capabilities, and update scripts 2023-10-20 09:54:24 +02:00
Yacine 20604c4b41 Update capa/capabilities/static.py
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
2023-10-20 09:28:13 +02:00
Yacine 423d942bd0 Update capa/capabilities/dynamic.py
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
2023-10-20 09:28:05 +02:00
Yacine f9b87417e6 Update capa/capabilities/common.py
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
2023-10-20 09:27:58 +02:00
Willi Ballenthin fc4618e234 Merge branch 'dynamic-feature-extraction' into fix/dynamic-freeze 2023-10-20 09:16:07 +02:00
Willi Ballenthin 1143f2ba56 changelog 2023-10-20 07:11:42 +00:00
Willi Ballenthin 10dc4b92b1 freeze: update freeze format v3 2023-10-20 06:59:53 +00:00
Willi Ballenthin bfecf414fb freeze: add dynamic tests 2023-10-20 06:59:34 +00:00
Willi Ballenthin 0231ceef87 null extractor: fix typings 2023-10-20 06:59:16 +00:00
Yacine 0ae8f34aff Merge branch 'dynamic-feature-extraction' into capabilities-module 2023-10-20 08:55:49 +02:00
Moritz b8b55f4e19 identify potential JSON object data start (#1819)
* identify potential JSON object data start
2023-10-19 17:17:57 +02:00
Willi Ballenthin d42829d7e7 Merge pull request #1765 from mandiant/fix/dynamic-proto
protobuf: add dynamic support
2023-10-19 13:37:45 +02:00
Willi Ballenthin c724a4b311 ci: only run BN and Ghidra tests after others complete
these are much less likely to fail because they're
changed less often, so don't run them until we know
other tests also pass.
2023-10-19 11:35:42 +00:00
Willi Ballenthin 84e22b187d doc 2023-10-19 11:29:30 +00:00