gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-09 03:41:20 -08:00
Code Issues Packages Projects Releases Wiki Activity
5,871 Commits 41 Branches 48 Tags
b9bcfd55892ca3b74851bebf53fd9ddf47acc684
Commit Graph

979 Commits

Author SHA1 Message Date
Willi Ballenthin
55f8c433f8 tests: fix logging message 2025-12-18 13:59:50 +01:00
mr-tz
2a66ef8fba load resource for test sample 2025-12-17 19:29:19 +00:00
Willi Ballenthin
28d107c0f3 loader: idalib: disable lumina 
see #2742 in which Lumina names overwrote names provided by debug info
 2025-12-16 16:58:45 +01:00
Willi Ballenthin
0d44fc5414 tests: idalib: better detect missing idapro package 2025-12-16 15:38:46 +01:00
Moritz
34488b35fc Merge branch 'master' into idalib-tests 2025-12-15 15:29:29 +00:00
mr-tz
dc08843e2d address idalib-based test fails 2025-12-11 14:18:13 +00:00
Capa Bot
c0ae1352c6 Sync capa-testfiles submodule 2025-12-03 21:00:48 +00:00
Moritz
074f7c742c Merge branch 'master' into idalib-tests 2025-11-24 19:52:40 +01:00
Mike Hunhoff
8d39765e7b ci: bump binja minor version (#2763) 2025-11-17 11:10:46 -07:00
Willi Ballenthin
cf463676b2 fixtures: remove dups 2025-11-03 12:47:12 +01:00
Willi Ballenthin
b5e5840a63 lints 2025-10-29 20:29:08 +01:00
Willi Ballenthin
eda53ab3c1 tests: add feature tests for idalib 2025-10-29 20:20:57 +01:00
Capa Bot
ca708ca52e Sync capa-testfiles submodule 2025-10-28 15:15:42 +00:00
Capa Bot
add09df061 Sync capa-testfiles submodule 2025-10-20 15:18:32 +00:00
Capa Bot
3bc2d9915c Sync capa-testfiles submodule 2025-10-13 18:52:26 +00:00
Capa Bot
826330f511 Sync capa-testfiles submodule 2025-09-03 15:58:45 +00:00
Capa Bot
40e5095577 Sync capa-testfiles submodule 2025-09-03 15:55:29 +00:00
Capa Bot
c7eede3c53 Sync capa-testfiles submodule 2025-09-03 15:51:51 +00:00
Capa Bot
aafca2e00a Sync capa-testfiles submodule 2025-08-25 18:59:27 +00:00
Mike Hunhoff
42b6d8106a binja: update core version info check (#2709) 2025-08-20 11:56:56 -06:00
Capa Bot
a80f85aab4 Sync capa-testfiles submodule 2025-08-20 15:57:15 +00:00
Capa Bot
f94f554d15 Sync capa-testfiles submodule 2025-08-20 15:32:08 +00:00
Capa Bot
dd2e350a1a Sync capa-testfiles submodule 2025-08-14 15:08:18 +00:00
Capa Bot
af87fae036 Sync capa-testfiles submodule 2025-08-12 15:38:12 +00:00
Capa Bot
c774db26f0 Sync capa-testfiles submodule 2025-08-12 15:37:46 +00:00
Capa Bot
edcea18c52 Sync capa-testfiles submodule 2025-06-17 19:17:09 +00:00
Mike Hunhoff
96d1eb64c3 update binja core version (#2670) 
* update binja core version

* update CHANGELOG
 2025-05-30 10:52:56 -06:00
Capa Bot
4b72f8a872 Sync capa-testfiles submodule 2025-05-22 17:48:58 +00:00
Capa Bot
37a63a751c Sync capa-testfiles submodule 2025-05-19 18:12:00 +00:00
Capa Bot
390e2a6315 Sync capa-testfiles submodule 2025-05-12 16:17:27 +00:00
Capa Bot
6a43084915 Sync capa-testfiles submodule 2025-05-12 16:06:51 +00:00
Capa Bot
a4285c013e Sync capa-testfiles submodule 2025-03-11 16:13:03 +00:00
Capa Bot
0df50f5d54 Sync capa-testfiles submodule 2025-03-10 19:51:07 +00:00
Capa Bot
45ea683d19 Sync capa-testfiles submodule 2025-02-26 08:56:48 +00:00
Capa Bot
14e076864c Sync capa-testfiles submodule 2025-02-22 19:13:14 +00:00
Capa Bot
06fad4a89e Sync capa-testfiles submodule 2025-02-21 12:17:50 +00:00
vibhatsu
a8e8935212 Replace binascii and struct with native Python methods (#2582) 
* refactor: replace binascii with bytes for hex conversions

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* refactor: replace struct unpacking with bytes conversion

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* simplify byte extraction for ELF header

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* Revert "refactor: replace struct unpacking with bytes conversion"

This reverts commit 483f8c9a85.

* update CHANGELOG

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

---------

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2025-02-04 09:53:36 +01:00
Willi Ballenthin
6d19226ee9 rules: scopes can now have subscope blocks with same scope (#2584) 2025-02-03 19:54:05 +01:00
Dhruva Kumar Kaushal
923e5e1130 use _yield from []_ to create empty generator when needed #2572 (#2581) 
* use _yield from []_ to create empty generator when needed #2572

* Update PR with fixes

* solved CI code style error

* Fixed formatting with black

* Fixed formatting with black

* code styles error

* code styles error

* code styles error

* code style error

* Update capa-rules submodule to master

* Similar changes to other files

---------

Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2025-02-03 16:25:59 +01:00
Willi Ballenthin
990fd20757 update submodules 2025-01-29 02:25:06 -07:00
Willi Ballenthin
cdc1cb7afd rename "sequence" scope to "span of calls" scope 
pep8

fix ref

update submodules

update testfiles submodule

duplicate variable
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
a1d46bc3c0 sequence: don't update feature locations in place 
pep8
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
f55086c212 sequence: refactor into SequenceMatcher 
contains the call ids for all the calls within the sequence, so we know
where to look for related matched.

sequence: refactor SequenceMatcher

sequence: don't use sequence addresses

sequence: remove sequence address
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
39319c57a4 sequence: documentation and tests 
sequence: add more tests
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
294ff34a30 sequence: only match first overlapping sequence 
also, for repeating behavior, match only the first instance.
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
b06fea130c dynamic: add sequence scope 
addresses discussion in
https://github.com/mandiant/capa-rules/discussions/951

pep8

sequence: add test showing multiple sequences overlapping a single event
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
8d17319128 capabilities: use dataclasses to represent complicated return types 
foo
 2025-01-29 02:25:06 -07:00
Mike Hunhoff
160ce73a35 vmray: loosen file checks to enable processing of additional file types (#2571) 
* vmray: loosen file checks to enable addtional file types

* additional refactor to loosen file checks

* update CHANGELOG

* cleanup comments and small code refactor

* fix lints

* use NO_ADDRESS for submissions that don't have a base address

* update comments

* add test for ps1 trace
 2025-01-23 12:47:36 -07:00
Capa Bot
3702baf9a9 Sync capa-testfiles submodule 2025-01-23 18:36:54 +00:00
Capa Bot
23cf2799ca Sync capa-testfiles submodule 2025-01-21 16:47:14 +00:00