gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-23 15:37:37 -08:00
Code Issues Packages Projects Releases Wiki Activity
2,717 Commits 45 Branches 48 Tags
a7c4761fef932606d11b3bbe0fe7f7cdaf04615c
Commit Graph

2717 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Willi Ballenthin
a3d1b1403c address: fix min value for unsigned addresses 2022-04-08 12:38:21 -06:00
Willi Ballenthin
31977e6523 changelog 2022-04-08 12:19:50 -06:00
Willi Ballenthin
9164713dd9 Merge branch 'dotnet-main' of github.com:mandiant/capa into feature-981 2022-04-08 12:17:16 -06:00
Willi Ballenthin
bfb01e3729 extractor: viv: use handles throughout 2022-04-08 11:54:27 -06:00
Willi Ballenthin
fc1709ba6c extractor: add types throughout 2022-04-08 11:53:42 -06:00
Willi Ballenthin
1b79aae836 extractor: introduce standardized handles for function, bb, insn 2022-04-08 11:46:07 -06:00
Willi Ballenthin
6355fb3f3e add Address abstraction to handle various ways of identifing things in files 2022-04-08 11:44:24 -06:00
Moritz
c8a772d19a test: update dotnet dirs and sync master (#984) 2022-04-08 09:34:22 -06:00
Capa Bot
5bc44aef0f Sync capa-testfiles submodule 2022-04-08 10:34:02 +00:00
Willi Ballenthin
b455b67da3 Merge pull request #977 from mandiant/feature-320 
extract extra offset/number features
 2022-04-07 14:20:10 -06:00
Willi Ballenthin
351d70aafe smda: implement additional offset and number features 2022-04-07 12:56:24 -06:00
Willi Ballenthin
8a2276f398 smda: implement operand number/offset features 
cause its not too hard
 2022-04-07 12:48:25 -06:00
Moritz
65552575f8 Update dotnet-main (#979) 
* Sync capa rules submodule

* Sync capa-testfiles submodule

* Sync capa rules submodule

* changelog

* *: remove /x32 and /x64 flavors from number and offset features

* *: remove more references to /x32 and /x64

* linter: accept instruction scope

* rules: fix max operand index (4)

* API: better support A/W functions

* vverbose: show lib rule matches

* main: accept multiple paths to rules

* main: fix removal of default rules path

* lint: fix rules path

* changelog

* capa_as_library: fix rules path is list now

* main: better handle multiple rules paths

* main: bail if python 3.6 or below

closes #964

* ida: readme: remove python 3.6 support

* capa2yara: fix rules paths

* render: meta: display rule paths on separate lines

closes #971

* render: verbose: add doc

* verbose: make rule path multiline more concise

* vverbose: don't show examples in output

closes #970

* vverbose: render subscope name, like "basic block:"

closes #963

* build(deps-dev): bump pytest from 7.0.1 to 7.1.1

Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.0.1 to 7.1.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.0.1...7.1.1)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* ci: build: update pip and setuptools

* ci: build: bump pyinstall to v4.10

* Sync capa rules submodule

* Dotnet mixed mode detect (#969)

* feat: start dotnet detection (#955)

* feat: start dotnet detection

* Apply suggestions from code review

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* refactor: dn instead of dotnet

* refactor: format branches, extractor reorg

* refactor: format selection and dotnet detect

* feat: get format, arch, os

* refactor: log errors and exceptions

* ci: also test and build for dotnet-main dev

* fix: import path

* fix: circular dep

* fix: remove buf argument
feat: get runtime meta data

* fix: log unsupported runtime error

* fix: type ignore

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* fix: imports and add tests

* feat: detect mixed mode and tests

* feat: start dotnet detection (#955)

* feat: start dotnet detection

* Apply suggestions from code review

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* refactor: dn instead of dotnet

* refactor: format branches, extractor reorg

* refactor: format selection and dotnet detect

* feat: get format, arch, os

* refactor: log errors and exceptions

* ci: also test and build for dotnet-main dev

* fix: import path

* fix: circular dep

* fix: remove buf argument
feat: get runtime meta data

* fix: log unsupported runtime error

* fix: type ignore

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* fix: imports and add tests

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* test: checkout submodules recursively

Co-authored-by: Capa Bot <capa-dev@mandiant.com>
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-07 17:45:29 +02:00
Capa Bot
4c84a77053 Sync capa rules submodule 2022-04-07 07:50:51 +00:00
Willi Ballenthin
6b810a1f72 ida: insn: look for numbers in displ, not phrase 2022-04-06 15:41:17 -06:00
Willi Ballenthin
c36bde0f2d ida: insn: ignore numbers when SIB present 2022-04-06 15:38:04 -06:00
Willi Ballenthin
1a44dd8a2b insn: better detect offset/numbers 2022-04-06 15:12:59 -06:00
Willi Ballenthin
1c7b6bcf7d fixtures: use function that IDA doesn't recognize as lib func 2022-04-06 15:07:35 -06:00
Willi Ballenthin
e2c6f5e393 ida: insn: use .ea not .va 2022-04-06 15:03:24 -06:00
Willi Ballenthin
85d5043992 changelog 2022-04-06 14:59:24 -06:00
Willi Ballenthin
47dfeafdc8 ida, viv: implement extra offset/number extraction 2022-04-06 14:57:51 -06:00
Willi Ballenthin
b843cef986 tests: add tests for #320 2022-04-06 14:38:56 -06:00
Willi Ballenthin
0e95691cde tests: fixtures: enable assertions against instruction scope 2022-04-06 14:38:33 -06:00
Willi Ballenthin
54aa14c4f5 Merge pull request #975 from mandiant/fix-936 
ci: build: bump pyinstall to v4.10
 2022-04-06 14:20:21 -06:00
Willi Ballenthin
dfcb3cc2ea ci: build: bump pyinstall to v4.10 2022-04-06 14:17:59 -06:00
Willi Ballenthin
587202ce43 ci: build: update pip and setuptools 2022-04-06 14:03:44 -06:00
Willi Ballenthin
6b2529bc80 Merge pull request #916 from mandiant/dependabot/pip/pytest-7.1.1 
build(deps-dev): bump pytest from 7.0.1 to 7.1.1
 2022-04-06 13:44:40 -06:00
Willi Ballenthin
52137f310a Merge pull request #974 from mandiant/feature-vverbose-subscope 
in vverbose mode, show subscope name
 2022-04-06 13:44:15 -06:00
Willi Ballenthin
ad90145aa7 Merge pull request #973 from mandiant/feature-remove-example-vverbose 
vverbose: don't show examples in output
 2022-04-06 13:42:12 -06:00
Willi Ballenthin
05f7ac0802 Merge pull request #972 from mandiant/feature-many-rule-paths-meta 
render: meta: display rule paths on separate lines
 2022-04-06 13:41:48 -06:00
Willi Ballenthin
fccca823c5 verbose: make rule path multiline more concise 2022-04-06 13:41:05 -06:00
Willi Ballenthin
441373ea13 vverbose: render subscope name, like "basic block:" 
closes #963
 2022-04-06 13:33:56 -06:00
Capa Bot
57d2df4922 Sync capa rules submodule 2022-04-06 19:28:26 +00:00
Willi Ballenthin
632e778376 vverbose: don't show examples in output 
closes #970
 2022-04-06 13:24:36 -06:00
Willi Ballenthin
d47b1503b2 render: verbose: add doc 2022-04-06 13:21:11 -06:00
Willi Ballenthin
938c75737b render: meta: display rule paths on separate lines 
closes #971
 2022-04-06 13:18:06 -06:00
Willi Ballenthin
55a5d10859 Merge pull request #961 from mandiant/feature-remove-flavors 
remove /x32 and /x64 flavors of number and offset features
 2022-04-06 12:57:18 -06:00
Willi Ballenthin
0c354cf268 capa2yara: fix rules paths 2022-04-06 12:36:28 -06:00
Willi Ballenthin
485600801c ida: readme: remove python 3.6 support 2022-04-06 12:16:06 -06:00
Willi Ballenthin
4916933139 main: bail if python 3.6 or below 
closes #964
 2022-04-06 12:14:53 -06:00
Capa Bot
73f1eb9c30 Sync capa rules submodule 2022-04-06 18:08:02 +00:00
Willi Ballenthin
e788384d42 main: better handle multiple rules paths 2022-04-06 12:05:01 -06:00
Capa Bot
633d8df1a4 Sync capa-testfiles submodule 2022-04-06 17:21:09 +00:00
Willi Ballenthin
aff72ad983 capa_as_library: fix rules path is list now 2022-04-06 11:07:34 -06:00
Willi Ballenthin
c9763c4d70 Merge branch 'master' into feature-remove-flavors 2022-04-06 11:05:05 -06:00
Capa Bot
931a13e505 Sync capa rules submodule 2022-04-06 17:04:16 +00:00
Moritz Raabe
97e76a88e3 fix: imports and add tests 2022-04-06 17:30:51 +02:00
Moritz
b5be876e61 feat: start dotnet detection (#955) 
* feat: start dotnet detection

* Apply suggestions from code review

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>

* refactor: dn instead of dotnet

* refactor: format branches, extractor reorg

* refactor: format selection and dotnet detect

* feat: get format, arch, os

* refactor: log errors and exceptions

* ci: also test and build for dotnet-main dev

* fix: import path

* fix: circular dep

* fix: remove buf argument
feat: get runtime meta data

* fix: log unsupported runtime error

* fix: type ignore

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
 2022-04-06 11:33:14 +02:00
Willi Ballenthin
7370a8f296 changelog 2022-04-05 17:21:04 -06:00
Willi Ballenthin
11b773573e lint: fix rules path 2022-04-05 17:17:44 -06:00