gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-29 14:13:36 -08:00
Code Issues Packages Projects Releases Wiki Activity
5,863 Commits 41 Branches 48 Tags
cf91c22f036d6b325ccbe5bd2c7275348fec6aa9
Commit Graph

970 Commits

Author SHA1 Message Date
Mike Hunhoff
66dc70a775 ghidra: support PyGhidra (#2788) 
* ghidra: init commit switch to PyGhidra

* update CHANGELOG and PyGhidra version requirements

* Update capa/features/extractors/ghidra/helpers.py

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

* fix black errors

* support Ghidra v12

* remove deprecated APIs

* refactor outdated code

* fix pyinstaller, code refactoring

* address PR feedback

* add back capa_explorer.py

* beef up capa_explorer.py script

* refactor README

* refactor README

* fix #2747

* add sha256 check for workflows

* add sha256 check for workflows

* add sha256 check for workflows

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2025-12-18 17:55:49 -07:00
Capa Bot
c0ae1352c6 Sync capa-testfiles submodule 2025-12-03 21:00:48 +00:00
Mike Hunhoff
8d39765e7b ci: bump binja minor version (#2763) 2025-11-17 11:10:46 -07:00
Capa Bot
ca708ca52e Sync capa-testfiles submodule 2025-10-28 15:15:42 +00:00
Capa Bot
add09df061 Sync capa-testfiles submodule 2025-10-20 15:18:32 +00:00
Capa Bot
3bc2d9915c Sync capa-testfiles submodule 2025-10-13 18:52:26 +00:00
Capa Bot
826330f511 Sync capa-testfiles submodule 2025-09-03 15:58:45 +00:00
Capa Bot
40e5095577 Sync capa-testfiles submodule 2025-09-03 15:55:29 +00:00
Capa Bot
c7eede3c53 Sync capa-testfiles submodule 2025-09-03 15:51:51 +00:00
Capa Bot
aafca2e00a Sync capa-testfiles submodule 2025-08-25 18:59:27 +00:00
Mike Hunhoff
42b6d8106a binja: update core version info check (#2709) 2025-08-20 11:56:56 -06:00
Capa Bot
a80f85aab4 Sync capa-testfiles submodule 2025-08-20 15:57:15 +00:00
Capa Bot
f94f554d15 Sync capa-testfiles submodule 2025-08-20 15:32:08 +00:00
Capa Bot
dd2e350a1a Sync capa-testfiles submodule 2025-08-14 15:08:18 +00:00
Capa Bot
af87fae036 Sync capa-testfiles submodule 2025-08-12 15:38:12 +00:00
Capa Bot
c774db26f0 Sync capa-testfiles submodule 2025-08-12 15:37:46 +00:00
Capa Bot
edcea18c52 Sync capa-testfiles submodule 2025-06-17 19:17:09 +00:00
Mike Hunhoff
96d1eb64c3 update binja core version (#2670) 
* update binja core version

* update CHANGELOG
 2025-05-30 10:52:56 -06:00
Capa Bot
4b72f8a872 Sync capa-testfiles submodule 2025-05-22 17:48:58 +00:00
Capa Bot
37a63a751c Sync capa-testfiles submodule 2025-05-19 18:12:00 +00:00
Capa Bot
390e2a6315 Sync capa-testfiles submodule 2025-05-12 16:17:27 +00:00
Capa Bot
6a43084915 Sync capa-testfiles submodule 2025-05-12 16:06:51 +00:00
Capa Bot
a4285c013e Sync capa-testfiles submodule 2025-03-11 16:13:03 +00:00
Capa Bot
0df50f5d54 Sync capa-testfiles submodule 2025-03-10 19:51:07 +00:00
Capa Bot
45ea683d19 Sync capa-testfiles submodule 2025-02-26 08:56:48 +00:00
Capa Bot
14e076864c Sync capa-testfiles submodule 2025-02-22 19:13:14 +00:00
Capa Bot
06fad4a89e Sync capa-testfiles submodule 2025-02-21 12:17:50 +00:00
vibhatsu
a8e8935212 Replace binascii and struct with native Python methods (#2582) 
* refactor: replace binascii with bytes for hex conversions

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* refactor: replace struct unpacking with bytes conversion

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* simplify byte extraction for ELF header

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

* Revert "refactor: replace struct unpacking with bytes conversion"

This reverts commit 483f8c9a85.

* update CHANGELOG

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>

---------

Signed-off-by: vibhatsu <maulikbarot2915@gmail.com>
Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2025-02-04 09:53:36 +01:00
Willi Ballenthin
6d19226ee9 rules: scopes can now have subscope blocks with same scope (#2584) 2025-02-03 19:54:05 +01:00
Dhruva Kumar Kaushal
923e5e1130 use _yield from []_ to create empty generator when needed #2572 (#2581) 
* use _yield from []_ to create empty generator when needed #2572

* Update PR with fixes

* solved CI code style error

* Fixed formatting with black

* Fixed formatting with black

* code styles error

* code styles error

* code styles error

* code style error

* Update capa-rules submodule to master

* Similar changes to other files

---------

Co-authored-by: Willi Ballenthin <wballenthin@google.com>
 2025-02-03 16:25:59 +01:00
Willi Ballenthin
990fd20757 update submodules 2025-01-29 02:25:06 -07:00
Willi Ballenthin
cdc1cb7afd rename "sequence" scope to "span of calls" scope 
pep8

fix ref

update submodules

update testfiles submodule

duplicate variable
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
a1d46bc3c0 sequence: don't update feature locations in place 
pep8
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
f55086c212 sequence: refactor into SequenceMatcher 
contains the call ids for all the calls within the sequence, so we know
where to look for related matched.

sequence: refactor SequenceMatcher

sequence: don't use sequence addresses

sequence: remove sequence address
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
39319c57a4 sequence: documentation and tests 
sequence: add more tests
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
294ff34a30 sequence: only match first overlapping sequence 
also, for repeating behavior, match only the first instance.
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
b06fea130c dynamic: add sequence scope 
addresses discussion in
https://github.com/mandiant/capa-rules/discussions/951

pep8

sequence: add test showing multiple sequences overlapping a single event
 2025-01-29 02:25:06 -07:00
Willi Ballenthin
8d17319128 capabilities: use dataclasses to represent complicated return types 
foo
 2025-01-29 02:25:06 -07:00
Mike Hunhoff
160ce73a35 vmray: loosen file checks to enable processing of additional file types (#2571) 
* vmray: loosen file checks to enable addtional file types

* additional refactor to loosen file checks

* update CHANGELOG

* cleanup comments and small code refactor

* fix lints

* use NO_ADDRESS for submissions that don't have a base address

* update comments

* add test for ps1 trace
 2025-01-23 12:47:36 -07:00
Capa Bot
3702baf9a9 Sync capa-testfiles submodule 2025-01-23 18:36:54 +00:00
Capa Bot
23cf2799ca Sync capa-testfiles submodule 2025-01-21 16:47:14 +00:00
Capa Bot
726c89794f Sync capa-testfiles submodule 2025-01-17 12:59:22 +00:00
Willi Ballenthin
72fe291742 strings: fix type hints and uncovered bugs (#2555) 
* strings: fix type hints and uncovered bugs

changelog

add strings tests

strings: fix buf_filled_with

fix strings tests

refactor: optimize and document buf_filled_with function in strings.py

docs: add docstring to buf_filled_with function

doc

strings: add typing

* strings: more validation and testing

thanks @fariss

* copyright
 2025-01-16 01:59:16 -07:00
Ana Maria Martinez Gomez
3cd97ae9f2 [copyright + license] Fix headers 
Replace the header from source code files using the following script:
```Python
for dir_path, dir_names, file_names in os.walk("capa"):
    for file_name in file_names:
        # header are only in `.py` and `.toml` files
        if file_name[-3:] not in (".py", "oml"):
            continue
        file_path = f"{dir_path}/{file_name}"
        f = open(file_path, "rb+")
        content = f.read()
        m = re.search(OLD_HEADER, content)
        if not m:
            continue
        print(f"{file_path}: {m.group('year')}")
        content = content.replace(m.group(0), NEW_HEADER % m.group("year"))
        f.seek(0)
        f.write(content)
```

Some files had the copyright headers inside a `"""` comment and needed
manual changes before applying the script. `hook-vivisect.py` and
`pyinstaller.spec` didn't include the license in the header and also
needed manual changes.

The old header had the confusing sentence `All rights reserved`, which
does not make sense for an open source license. Replace the header by
the default Google header that corrects this issue and keep capa
consistent with other Google projects.

Adapt the linter to work with the new header.

Replace also the copyright text in the `web/public/index.html` file for
consistency.
 2025-01-15 08:52:42 -07:00
Xusheng
4448d612f1 binja: fix up the analysis for the al-khaser_x64.exe_ file. Fix https://github.com/mandiant/capa/issues/2507 2024-12-04 09:36:08 +01:00
Xusheng
d7cf8d1251 Revert "skip test where BN misses the function" 
This reverts commit 9ad3f06e1d.
 2024-12-04 09:36:08 +01:00
Moritz
e1c786466a Merge pull request #2518 from mandiant/bn/skip-test 
skip test where BN misses the function
 2024-12-03 14:05:24 +01:00
mr-tz
9ad3f06e1d skip test where BN misses the function 2024-12-03 11:09:38 +00:00
Capa Bot
201ec07b58 Sync capa-testfiles submodule 2024-12-03 08:34:05 +00:00
Capa Bot
c85be8dc72 Sync capa-testfiles submodule 2024-12-03 08:26:34 +00:00