gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-02-04 11:07:53 -08:00
Code Issues Packages Projects Releases Wiki Activity
2,553 Commits 47 Branches 48 Tags
cded1d31250d7c8bf7fc2ae8405d86594f9b75ab
Commit Graph

868 Commits

Author SHA1 Message Date
Mike Hunhoff
0d849142ba dotnet: emit mixed mode characteristic (#1024) 2022-05-06 14:32:06 -06:00
Mike Hunhoff
6fb9dd961a dotnet: emit unmanaged call characteristic (#1023) 2022-05-06 13:05:48 -06:00
Mike Hunhoff
a9c9b3cea8 dotnet: extract file function names (#1015) 2022-05-06 08:34:50 -06:00
Mike Hunhoff
24c4215820 dotnet: add file string parsing (#1012) 2022-05-05 13:39:29 -06:00
dependabot[bot]
0066b3f33a build(deps): bump dnfile from 0.10.0 to 0.11.0 (#1004) 2022-05-05 13:28:48 -06:00
Moritz
daf483309e fix: temporarily accept x32/x64 flavors but ignore (#1014) 2022-05-05 20:19:35 +02:00
Mike Hunhoff
580a2d7e45 dotnet: basic detection and feature extraction (#987) 2022-04-08 14:55:00 -06:00
Willi Ballenthin
351d70aafe smda: implement additional offset and number features 2022-04-07 12:56:24 -06:00
Willi Ballenthin
8a2276f398 smda: implement operand number/offset features 
cause its not too hard
 2022-04-07 12:48:25 -06:00
Willi Ballenthin
6b810a1f72 ida: insn: look for numbers in displ, not phrase 2022-04-06 15:41:17 -06:00
Willi Ballenthin
c36bde0f2d ida: insn: ignore numbers when SIB present 2022-04-06 15:38:04 -06:00
Willi Ballenthin
1a44dd8a2b insn: better detect offset/numbers 2022-04-06 15:12:59 -06:00
Willi Ballenthin
e2c6f5e393 ida: insn: use .ea not .va 2022-04-06 15:03:24 -06:00
Willi Ballenthin
47dfeafdc8 ida, viv: implement extra offset/number extraction 2022-04-06 14:57:51 -06:00
Willi Ballenthin
52137f310a Merge pull request #974 from mandiant/feature-vverbose-subscope 
in vverbose mode, show subscope name
 2022-04-06 13:44:15 -06:00
Willi Ballenthin
ad90145aa7 Merge pull request #973 from mandiant/feature-remove-example-vverbose 
vverbose: don't show examples in output
 2022-04-06 13:42:12 -06:00
Willi Ballenthin
fccca823c5 verbose: make rule path multiline more concise 2022-04-06 13:41:05 -06:00
Willi Ballenthin
441373ea13 vverbose: render subscope name, like "basic block:" 
closes #963
 2022-04-06 13:33:56 -06:00
Willi Ballenthin
632e778376 vverbose: don't show examples in output 
closes #970
 2022-04-06 13:24:36 -06:00
Willi Ballenthin
d47b1503b2 render: verbose: add doc 2022-04-06 13:21:11 -06:00
Willi Ballenthin
938c75737b render: meta: display rule paths on separate lines 
closes #971
 2022-04-06 13:18:06 -06:00
Willi Ballenthin
485600801c ida: readme: remove python 3.6 support 2022-04-06 12:16:06 -06:00
Willi Ballenthin
4916933139 main: bail if python 3.6 or below 
closes #964
 2022-04-06 12:14:53 -06:00
Willi Ballenthin
e788384d42 main: better handle multiple rules paths 2022-04-06 12:05:01 -06:00
Willi Ballenthin
67dc2cb0fa main: fix removal of default rules path 2022-04-05 17:17:35 -06:00
Willi Ballenthin
bad9ecf3b1 main: accept multiple paths to rules 2022-04-05 17:14:53 -06:00
Willi Ballenthin
ef835649fd vverbose: show lib rule matches 2022-04-05 16:57:36 -06:00
Willi Ballenthin
e9bb56f3cf API: better support A/W functions 2022-04-05 14:54:15 -06:00
Willi Ballenthin
58acc9c2b7 rules: fix max operand index (4) 2022-04-05 14:53:58 -06:00
Willi Ballenthin
aee61b35e4 *: remove more references to /x32 and /x64 2022-04-05 10:41:03 -06:00
Willi Ballenthin
ecabd557a7 *: remove /x32 and /x64 flavors from number and offset features 2022-04-05 10:35:41 -06:00
Willi Ballenthin
5ffb73c5f5 ida: insn: extract operand number and offset features 2022-04-04 15:13:43 -06:00
Willi Ballenthin
0af60d9a7e freeze: fix mypy 2022-04-04 12:01:13 -06:00
Willi Ballenthin
750803c3cc freeze: register operand features 2022-04-04 11:57:02 -06:00
Willi Ballenthin
b318b0a288 freeze: fix freeze_deserialize for features with multiple args 2022-04-04 11:56:47 -06:00
Willi Ballenthin
2989af0a3f features: use ABC to denote abstract classes 2022-04-04 11:49:51 -06:00
Willi Ballenthin
85b1d50945 isort 2022-03-31 10:40:48 -06:00
Willi Ballenthin
856443319c viv: insn: fix OperandNumber reference 2022-03-31 10:39:18 -06:00
Willi Ballenthin
9da4ff10da *: rename OperandImmediate to OperandNumber 2022-03-31 10:37:06 -06:00
Willi Ballenthin
997daf537e viv: insn: extract OperandOffset and OperandImmediate 2022-03-30 13:14:08 -06:00
Willi Ballenthin
6cbbd4d97f rules: parse OperandOffset and OperandImmediate features 2022-03-30 13:13:30 -06:00
Willi Ballenthin
e4c5ec278d features: insn: define OperandImmediate and OperandOffset 2022-03-30 13:13:07 -06:00
Willi Ballenthin
cce1e41519 formatting 2022-03-30 13:12:49 -06:00
Willi Ballenthin
b942050c4e features: viv: factor out operand feature extraction 2022-03-30 09:58:08 -06:00
Willi Ballenthin
d8d671e36f rules: add global scope features to file scope 2022-03-30 09:40:43 -06:00
Willi Ballenthin
49adb8de0c pep8 2022-03-29 13:00:28 -06:00
Willi Ballenthin
e0fca277f2 rules: update valid features per scope 2022-03-29 12:58:27 -06:00
Willi Ballenthin
1839746bf8 main: factor out matching at instruction scope 2022-03-29 12:29:54 -06:00
Willi Ballenthin
1a28c324f1 rules: doc 2022-03-29 12:26:39 -06:00
Willi Ballenthin
c1b28f58d0 rules: don't use global features to downselect rules 
closes #931
 2022-03-29 12:25:27 -06:00