gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-14 13:56:49 -08:00
Code Issues Packages Projects Releases Wiki Activity
4,050 Commits 41 Branches 48 Tags
8331ed6ea0fb31c1647c63a4599bd90b2f2b0aee
Commit Graph

155 Commits

Author SHA1 Message Date
Aayush Goel
8331ed6ea0 Merge branch 'mandiant:master' into Aayush-Goel-04/Issue#322 2023-09-06 16:35:29 +05:30
Aayush Goel
90df85b332 test for com_feature 
matching a file as expected
generating the bytes/strings
if an unknown COM class/interface is provided?
 2023-08-25 20:59:58 +05:30
Colton Gabertan
19b8000c00 Ghidra: Fixes & Enhancements (#1733) 
* restore from corrupted .git

* lint repo

* temp: remove lint failing rule

* implement dereferencing, clean up extractors

* implement proper dereferencing routines as applicable

* fix nzxor implementation, remediate ghidra analysis issues

* lint repo

* Assert typing, lint repo

* avoid extracting pointers in bytes extraction

* attempt to recover submodule

* implement GhidraFeatureExtractor & ghidra_main()

* lint repo

* document examples, clean-up & testing

* lint repo

* properly map import dict

* properly map fake addresses

* fix fake addr mapping

* properly map externs

* re-align consistency with other backends

* lint repo

* fix dereferencing routine

* clean up helpers

* fix format string

* disable progress bar to exit gracefully

* enable pbar in headless runtime mode

* implement fixture test script

* implement ghidra unit test script

* refactor repo for breaking Ghidrathon change

* bump ghidrathon CI version, run unit test in CI

* change CI config

* fix wget line for ghidrathon

* fix unzip paths

* fix ghidra import issue

* disable pytest faulthandler module

* fix dereference function

* fix ghidra state variables

* implement dereferencing for string extraction

* use toAddr

* restructure for consistency

* Bump Ghidrathon version for CI, fix pytest ghidra runtime detection

* fix number & offset extractors

* yield both signed & unsgned values for offset extraction

* add LEA insn handling to number & offset extraction

* fix indirect call extraction

* implement thunk function checking for dereferences

* revise ghidra feature count tests, pass unit testing

* fix feature test format

* implement additional support for dereferencing thunked functions

* integrate external locations into find_file_imports

* change api yield string for .elf samples to match other extractors

* fix potential NoneType errors during dereferencing

* user helper in global_

* fix GHIDRAIO class, implement in global_

* comment on getOriginalByte

* simplify get_file_imports

* implement explicit thunk chain handling

* simplify LEA number extraction

* simplify thunk handling

* temp: demonstrate CI failure & output

* fix log path

* run new test against mimikatz
 2023-08-23 14:35:18 -06:00
Colton Gabertan
058c1fefd2 ghidra: unit tests (#1727) 
* restore from corrupted .git

* lint repo

* temp: remove lint failing rule

* implement dereferencing, clean up extractors

* implement proper dereferencing routines as applicable

* fix nzxor implementation, remediate ghidra analysis issues

* lint repo

* Assert typing, lint repo

* avoid extracting pointers in bytes extraction

* attempt to recover submodule

* implement GhidraFeatureExtractor & ghidra_main()

* lint repo

* document examples, clean-up & testing

* lint repo

* properly map import dict

* properly map fake addresses

* fix fake addr mapping

* properly map externs

* re-align consistency with other backends

* lint repo

* fix dereferencing routine

* clean up helpers

* fix format string

* disable progress bar to exit gracefully

* enable pbar in headless runtime mode

* implement fixture test script

* implement ghidra unit test script

* refactor repo for breaking Ghidrathon change

* bump ghidrathon CI version, run unit test in CI

* change CI config

* fix wget line for ghidrathon

* fix unzip paths

* fix ghidra import issue

* disable pytest faulthandler module

* fix ghidra state variables

* use toAddr

* restructure for consistency

* Bump Ghidrathon version for CI, fix pytest ghidra runtime detection
 2023-08-21 12:16:13 -06:00
Willi Ballenthin
e6d64ef561 pydantic: remove use of deprecated routines 
closes #1718
 2023-08-15 08:41:56 +00:00
Willi Ballenthin
e6cb3d3b3b os: detect Android via dependencies, too 2023-08-14 10:27:19 +00:00
Willi Ballenthin
21b2aac8b5 fixtures: add test cases for forwarded exports 2023-07-13 10:31:52 +02:00
Willi Ballenthin
c86ab51210 fix copyright headers everywhere 2023-07-13 05:03:33 +02:00
Aayush Goel
ef39bc3c3a Merged Changes from PR #1591 2023-07-11 01:14:38 +05:30
Aayush Goel
8e346cb411 Merge branch 'Aayush-Goel-04/Issue#1534' of https://github.com/Aayush-Goel-04/capa into Aayush-Goel-04/Issue#1534 2023-07-11 00:59:21 +05:30
Aayush Goel
d1a1c6875b extractors accept Path instance 2023-07-11 00:41:36 +05:30
Willi Ballenthin
ae10a2ea34 introduce flake8-todos linter 2023-07-09 23:35:52 +02:00
Aayush Goel
a949698b86 Update fixtures.py 
Dealt with encoding methods for how "ping_täst" file name is read.
 2023-07-09 17:47:09 +05:30
Aayush Goel
673af45c55 Update args.sample type to Path and str vs as_posix comparisons 2023-07-09 16:02:28 +05:30
Aayush Goel
e0ed8c6e04 Resolved the suggestions. 2023-07-08 13:51:41 +05:30
Aayush Goel
14924174c5 convert str(path) usage to path.as_posix() to get str format of Path 
Update fixtures.py
 2023-07-07 12:03:05 +05:30
Willi Ballenthin
90e607fe9a flake8 2023-07-06 18:11:48 +02:00
Willi Ballenthin
47074fd129 fix ruff issues 2023-07-06 17:49:40 +02:00
Aayush Goel
c0d712acea Changes os.path to pathlib.Path usage 
changed args.rules , args.signatures types in handle_common_args.
 2023-07-06 05:12:50 +05:30
Yacine Elhamer
5b260c00f4 fix symtab FunctionName feature scope address 2023-06-05 13:37:19 +01:00
Yacine Elhamer
41c512624b update symtab-based FunctionName feature extraction 2023-06-02 14:44:51 +01:00
Yacine Elhamer
0d42ac3912 add missing function-name feature testing 2023-06-01 02:14:25 +01:00
Yacine Elhamer
f10a43abe6 fix style issues 2023-06-01 02:02:40 +01:00
Yacine Elhamer
64ef2c8a65 add tests for vivisect's usage of debug symbols 2023-06-01 01:50:06 +01:00
Willi Ballenthin
59332c2e94 tests: fixtures: add paths for new ELF test file 2023-04-03 13:16:03 +02:00
Pratham Chauhan
1b90a28acd resolved merge conflicts 2023-03-30 11:05:32 +05:30
Pratham Chauhan
a13ce094b3 use rd/test json 2023-03-29 19:41:14 +05:30
Willi Ballenthin
4be3fe1628 Merge branch 'master' into wb-proto 2023-03-24 11:51:45 +01:00
Willi Ballenthin
ddc52fa21c Merge branch 'master' of personal.github.com:mandiant/capa 2023-03-23 16:04:54 +01:00
Willi Ballenthin
7d12942cf7 Merge branch 'binja_backend' of github.com:Vector35/capa into Vector35-binja_backend 2023-03-23 11:31:25 +01:00
Willi Ballenthin
c52b0a22e0 tests: simplify loading of result document from file 2023-03-23 11:04:53 +01:00
Willi Ballenthin
e8ddee4782 Merge branch 'master' of personal.github.com:mandiant/capa into wb-proto 2023-03-23 10:35:30 +01:00
Willi Ballenthin
02fdf41969 tests: add tests demonstrating result document round tripping 2023-03-22 10:47:45 +01:00
Willi Ballenthin
eb20724d78 Merge branch 'master' into wb-proto 2023-03-22 09:46:03 +01:00
Willi Ballenthin
f1c495dc0a *: use FORMAT_AUTO instead of string literal 2023-03-21 16:54:48 +01:00
Willi Ballenthin
1f3582c9c3 mypy 2023-03-21 16:45:24 +01:00
mr-tz
c3ed12d8d4 add helper function 2023-03-20 17:46:36 +01:00
manasghandat
1336796c0c code style : update remaining files (#1353) 
* code style: update string formatting using fstrings

---------

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-03-16 11:16:18 +01:00
Harsh Mehta
74009eb4a4 Updated Copyright (#1383) 
* Updated Copyright
 2023-03-14 17:58:43 +01:00
mr-tz
a7b7f643a5 update translator and tests 2023-03-14 10:13:49 +01:00
Xusheng
c648af2cb4 Select a different test file for the nzxor feature 2023-03-05 12:52:49 +08:00
Xusheng
4a698ffdff Add a Binary Ninja backend for capa 2023-03-05 12:52:49 +08:00
Moritz
52de09a032 Fix byte/string extraction and unit tests (#1339) 
* Fix wrong expected results on string and bytes tests. Fix https://github.com/mandiant/capa/issues/1336

* Fix IDA insn/byte extractor checks wrong address. Fix https://github.com/mandiant/capa/issues/1327

* fix vivisect string check and tests

---------

Co-authored-by: Xusheng <xusheng@vector35.com>
 2023-03-02 10:33:14 +01:00
Willi Ballenthin
c197fd5086 proto: add type stubs for generate schema 2023-02-14 10:57:43 +01:00
Moritz
fa0ddba436 add format to global features and code refactors (#1284) 
* refactor: get format handling

* add format to global features
 2023-01-19 13:31:00 +01:00
Willi Ballenthin
5513d4ca43 viv: insn: string: handle viv bug around substrings (#1273) 
* viv: insn: string: handle viv bug around substrings

closes #1271

* use minimum string length 4

* update overlapping string test and fixup vivisect elf analysis missing function

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
 2023-01-19 13:02:53 +01:00
Moritz
5fa2a87747 fix dotnet and pe format handling (#1256) 2023-01-04 17:46:51 +01:00
mr-tz
eba1989c9f Merge branch 'master' into fix-1062 2023-01-03 18:46:41 +01:00
Mike Hunhoff
b68be0c2ce dotnet: emit namespace/class features for type references (#1242) 
* dotnet: emit namespace/class features for type references

* dotnet: pre-compute .NET token caches
 2022-12-21 15:59:29 -07:00
Mike Hunhoff
50490e6a93 dotnet: emit namespace/class features for ldvirtftn/ldftn instructions (#1241) 
* dotnet: emit namespace/class features for ldvirtftn/ldftn instructions

* dotnet: add unit tests for ldftn/ldvirtftn namespace/class features
 2022-12-20 13:29:29 -07:00