gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 07:10:29 -08:00
Code Issues Packages Projects Releases Wiki Activity
1,604 Commits 45 Branches 48 Tags
ac59e50b5fa8caff429d8f50031b8dc30cb1b5e9
Commit Graph

55 Commits

Author SHA1 Message Date
William Ballenthin
ac59e50b5f move capa/features/__init__.py logic to common.py 
also cleanup imports across the board,
thanks to pylance.
 2021-06-09 22:20:53 -06:00
William Ballenthin
7d2e664320 move extractors/smda/__init__.py logic to extractor.py 2021-06-09 17:52:06 -06:00
William Ballenthin
6187317a4e move extractors/viv/__init__.py logic to extractor.py 2021-06-09 17:49:50 -06:00
Willi Ballenthin
ed02088c82 detect (and short circuit) file limitations at file scope (#586) 
* smda: move pe carve into helpers

* smda: simplify test parametrization/xfail

* extractors: add pefile extractor for file scope features

* pep8

* main: bail early on file limitation detected at file scope

closes #583

* changelog
 2021-05-28 08:14:44 -06:00
Willi Ballenthin
bd63ded1dd file scope API features (#568) 
* smda: minor unrelated fixes

* file features: extract API features at file scope for library functions

closes #567

* changelog

* ida: add file-scope API feature

Co-authored-by: mike-hunhoff <mike.hunhoff@gmail.com>

* fix lints from pylance

* features: use "function-name" for recognized linked functions

* pep8

* pep8

* rules: remove incorrect feature scope

* tests: xfail SMDA tests relying on function id

* tests: fixtures: order tests by sample, ideally improving memory usage

* pep8

* pep8

* smda: xfail two more tests

Co-authored-by: mike-hunhoff <mike.hunhoff@gmail.com>
 2021-05-27 12:59:00 -06:00
Moritz
424a25cb91 Fix tests on Windows - reduced memory impact and general fixes (#545) 
* Update tests.yml

* Update .github/workflows/tests.yml

* Update tests.yml

* update

* min tests

* enable all, no sigpaths

* update cache

* save workspace, log caching

* updated tests

* update tests

* update rec call test

* lower cache size

* address Ana's feedback
 2021-05-11 16:29:01 +02:00
William Ballenthin
8f0ce11ff6 tests: register common FLIRT sigs 
closes #538
 2021-05-01 08:06:56 -06:00
William Ballenthin
9ca1a7ebb6 extractors: do cast-to-int correctly 2021-04-27 13:07:27 -06:00
William Ballenthin
c79f461e39 Merge branch 'master' into function-id-flirt 2021-04-26 09:47:42 -06:00
Ana Maria Martinez Gomez
c0d6468347 py3: Remove Python 2 tests 
Tests don't need to support Python 2 any longer. Do not run tests with
Python 2.
 2021-04-07 18:20:07 +02:00
William Ballenthin
004ddb3e66 main: load gzip compressed .pat files 2021-03-04 18:04:46 -07:00
William Ballenthin
20894124e6 tests: test FLIRT matching 2021-03-04 15:50:05 -07:00
Ana Maria Martinez Gomez
bbb7878e0a Enable tests for vivisect in Python3 
Now we support vivisect as backend in Python3. We should test it.
 2021-03-03 17:36:50 +01:00
Moritz Raabe
9b5aaa40de improve bytes feature extraction 2021-02-01 17:17:22 +01:00
Moritz Raabe
08c3372635 add more xor instructions 2020-12-08 09:21:50 +01:00
Moritz Raabe
4ef860eb07 fix: add viv extract strings for i386ImmMemOper operands 2020-12-03 20:24:29 +01:00
Michael Hunhoff
c2266bc105 improve viv extractor unicode string detection with supporting unit test 2020-11-10 12:23:07 -07:00
pnx@pyrite
1e25604b0b replacement test for nested x64 thunks - still needs to be verified for vivisect 2020-11-05 16:31:47 +01:00
Daniel Plohmann (jupiter)
d276a07a71 comments on a test where disassembly differs among backends 2020-10-30 15:29:38 +01:00
Daniel Plohmann (jupiter)
36822926af initial commit for backend-smda 2020-10-29 11:28:22 +01:00
Moritz
0e009c7c12 Merge pull request #347 from fireeye/fix/non-ascii-char-filename 
get decoded sample path
 2020-10-23 13:15:36 +02:00
Moritz
425613ee42 Merge pull request #346 from fireeye/extract/api-jmps 
Extract/api jmps
 2020-10-23 13:15:10 +02:00
Moritz Raabe
679316946e addressing Willi's feedback 2020-10-22 20:10:47 +02:00
Moritz
8bb305038b Merge pull request #343 from fireeye/fix/file-imports-ordinal-name 
extract ordinal and name imports
 2020-10-22 20:07:42 +02:00
Moritz Raabe
fbe104d254 get decoded sample path 
closes #328
 2020-10-22 19:56:41 +02:00
Moritz Raabe
69a4b99d70 extract apis called via jmp 
closes #337
 2020-10-21 12:39:45 +02:00
Moritz Raabe
1e3b29de2e add IDA specific test 2020-10-21 12:16:50 +02:00
Moritz Raabe
9a738ba413 extract api features for thunk chains 
closes #341
 2020-10-20 14:49:09 +02:00
William Ballenthin
330c0f055e Merge branch 'master' into fix-246 2020-08-31 22:30:39 -06:00
William Ballenthin
5f7f718fe4 tests: add test for #276 2020-08-31 20:31:36 -06:00
William Ballenthin
090ec46ca4 features: extract import A/W variants and their base names 
closes #246
 2020-08-31 17:13:10 -06:00
William Ballenthin
5b349c1df8 tests: add feature tests for #246 2020-08-31 16:59:55 -06:00
William Ballenthin
322d2ad549 tests: main: add tests for #262 2020-08-31 15:51:49 -06:00
William Ballenthin
fb4ef6b993 tests: add tests for #262 2020-08-31 15:38:07 -06:00
Moritz Raabe
34e7991081 black 20.8b1 updates 2020-08-27 11:26:28 +02:00
Willi Ballenthin
385c956184 fixtures: fix doc 2020-08-17 20:53:34 -06:00
William Ballenthin
89edaf4c5c tests: xfail things that won't work on py3 2020-08-16 05:17:17 -06:00
William Ballenthin
0af6386693 tests: fixtures: add ctxmgr for catching xfail 2020-08-16 05:03:23 -06:00
William Ballenthin
1873d0b7c5 *: py3 compat 2020-08-16 05:03:08 -06:00
William Ballenthin
d7f1c23f4d tests: show found number of features when unexpected 2020-08-16 05:01:20 -06:00
William Ballenthin
eee565b596 tests: ida: tweak tests to fit IDA behavior 2020-08-14 13:10:38 -06:00
William Ballenthin
26061c25a5 tests: fixtures: add mapping from test data to md5 2020-08-14 12:58:08 -06:00
William Ballenthin
897da4237d tests: fixtures: remove lru_cache on some accessors 2020-08-14 12:48:19 -06:00
William Ballenthin
1923d479d8 tests: fixtures: fix name error 2020-08-14 12:35:30 -06:00
William Ballenthin
6b8bce4f42 tests: fixtures: factor out resolution of scope/sample 2020-08-14 12:34:00 -06:00
William Ballenthin
26c9811ba1 tests: viv: fix typo preventing some tests from running 2020-08-14 12:22:39 -06:00
William Ballenthin
b784f086b4 tests: make fixtures more consistent in prep for other backends 2020-08-14 12:04:53 -06:00
William Ballenthin
8cbe3f8546 tests: move expected features into fixtures for reuse 
closes #225
 2020-08-14 11:25:00 -06:00
Michael Hunhoff
70b4546c33 adding test for unmapped immediate data reference 2020-08-11 14:13:43 -06:00
William Ballenthin
baeea5b6ec *: update license header to reference Apache 2.0 
closes #173
 2020-07-22 15:05:24 -06:00