716a73dfb4
feat: add handles and type annotations
2022-05-12 15:42:25 +02:00
78e9280a93
Merge branch 'master' into feature-981
2022-05-11 13:20:48 -06:00
0d849142ba
dotnet: emit mixed mode characteristic ( #1024 )
2022-05-06 14:32:06 -06:00
6fb9dd961a
dotnet: emit unmanaged call characteristic ( #1023 )
2022-05-06 13:05:48 -06:00
a9c9b3cea8
dotnet: extract file function names ( #1015 )
2022-05-06 08:34:50 -06:00
24c4215820
dotnet: add file string parsing ( #1012 )
2022-05-05 13:39:29 -06:00
808b7fb4dc
dnfile: fix types
2022-04-08 18:33:12 -06:00
ed1009096d
Merge branch 'master' of github.com:mandiant/capa into feature-981
2022-04-08 16:01:59 -06:00
580a2d7e45
dotnet: basic detection and feature extraction ( #987 )
2022-04-08 14:55:00 -06:00
c8a772d19a
test: update dotnet dirs and sync master ( #984 )
2022-04-08 09:34:22 -06:00
5bc44aef0f
Sync capa-testfiles submodule
2022-04-08 10:34:02 +00:00
8a2276f398
smda: implement operand number/offset features
...
cause its not too hard
2022-04-07 12:48:25 -06:00
65552575f8
Update dotnet-main ( #979 )
...
* Sync capa rules submodule
* Sync capa-testfiles submodule
* Sync capa rules submodule
* changelog
* *: remove /x32 and /x64 flavors from number and offset features
* *: remove more references to /x32 and /x64
* linter: accept instruction scope
* rules: fix max operand index (4)
* API: better support A/W functions
* vverbose: show lib rule matches
* main: accept multiple paths to rules
* main: fix removal of default rules path
* lint: fix rules path
* changelog
* capa_as_library: fix rules path is list now
* main: better handle multiple rules paths
* main: bail if python 3.6 or below
closes #964
* ida: readme: remove python 3.6 support
* capa2yara: fix rules paths
* render: meta: display rule paths on separate lines
closes #971
* render: verbose: add doc
* verbose: make rule path multiline more concise
* vverbose: don't show examples in output
closes #970
* vverbose: render subscope name, like "basic block:"
closes #963
* build(deps-dev): bump pytest from 7.0.1 to 7.1.1
Bumps [pytest](https://github.com/pytest-dev/pytest ) from 7.0.1 to 7.1.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases )
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pytest-dev/pytest/compare/7.0.1...7.1.1 )
---
updated-dependencies:
- dependency-name: pytest
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* ci: build: update pip and setuptools
* ci: build: bump pyinstall to v4.10
* Sync capa rules submodule
* Dotnet mixed mode detect (#969 )
* feat: start dotnet detection (#955 )
* feat: start dotnet detection
* Apply suggestions from code review
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
* refactor: dn instead of dotnet
* refactor: format branches, extractor reorg
* refactor: format selection and dotnet detect
* feat: get format, arch, os
* refactor: log errors and exceptions
* ci: also test and build for dotnet-main dev
* fix: import path
* fix: circular dep
* fix: remove buf argument
feat: get runtime meta data
* fix: log unsupported runtime error
* fix: type ignore
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
* fix: imports and add tests
* feat: detect mixed mode and tests
* feat: start dotnet detection (#955 )
* feat: start dotnet detection
* Apply suggestions from code review
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
* refactor: dn instead of dotnet
* refactor: format branches, extractor reorg
* refactor: format selection and dotnet detect
* feat: get format, arch, os
* refactor: log errors and exceptions
* ci: also test and build for dotnet-main dev
* fix: import path
* fix: circular dep
* fix: remove buf argument
feat: get runtime meta data
* fix: log unsupported runtime error
* fix: type ignore
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
* fix: imports and add tests
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
* test: checkout submodules recursively
Co-authored-by: Capa Bot <capa-dev@mandiant.com >
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-07 17:45:29 +02:00
1c7b6bcf7d
fixtures: use function that IDA doesn't recognize as lib func
2022-04-06 15:07:35 -06:00
b843cef986
tests: add tests for #320
2022-04-06 14:38:56 -06:00
0e95691cde
tests: fixtures: enable assertions against instruction scope
2022-04-06 14:38:33 -06:00
55a5d10859
Merge pull request #961 from mandiant/feature-remove-flavors
...
remove /x32 and /x64 flavors of number and offset features
2022-04-06 12:57:18 -06:00
633d8df1a4
Sync capa-testfiles submodule
2022-04-06 17:21:09 +00:00
97e76a88e3
fix: imports and add tests
2022-04-06 17:30:51 +02:00
b5be876e61
feat: start dotnet detection ( #955 )
...
* feat: start dotnet detection
* Apply suggestions from code review
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
* refactor: dn instead of dotnet
* refactor: format branches, extractor reorg
* refactor: format selection and dotnet detect
* feat: get format, arch, os
* refactor: log errors and exceptions
* ci: also test and build for dotnet-main dev
* fix: import path
* fix: circular dep
* fix: remove buf argument
feat: get runtime meta data
* fix: log unsupported runtime error
* fix: type ignore
Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com >
2022-04-06 11:33:14 +02:00
aee61b35e4
*: remove more references to /x32 and /x64
2022-04-05 10:41:03 -06:00
ecabd557a7
*: remove /x32 and /x64 flavors from number and offset features
2022-04-05 10:35:41 -06:00
ef93fcc89e
tests: smda: xfail operand number/offset features
2022-04-04 12:05:15 -06:00
9da4ff10da
*: rename OperandImmediate to OperandNumber
2022-03-31 10:37:06 -06:00
997daf537e
viv: insn: extract OperandOffset and OperandImmediate
2022-03-30 13:14:08 -06:00
c7aadca25c
tests: demonstrate OperandOffset and OperandImmediate
2022-03-30 13:13:50 -06:00
49adb8de0c
pep8
2022-03-29 13:00:28 -06:00
fb6b60bee3
tests: add tests demonstrating instruction (sub)scope matching
2022-03-29 12:58:38 -06:00
7487da89a1
Merge branch 'master' into feature-insn-scope
2022-03-29 11:51:14 -06:00
dde52f2bc8
pep8
2022-03-28 13:04:44 -06:00
46cc681eba
tests: demonstrate instruct subscope rule extraction
2022-03-28 13:04:13 -06:00
2baf05acdb
rules: parse instruction subscope with implied AND
2022-03-28 12:55:09 -06:00
9da9c3aceb
rules: add valid features for insn scope
2022-03-28 12:40:10 -06:00
ecea572192
Sync capa-testfiles submodule
2022-03-24 09:30:26 +00:00
1cd5e89f85
Sync capa-testfiles submodule
2022-03-22 07:22:11 +00:00
cbf9f321c6
Sync capa-testfiles submodule
2022-03-14 10:18:05 +00:00
4d915020a8
extractor: add characteristic(call $+5) feature extraction for vivisect and smda
2022-02-27 18:15:25 +01:00
f0fc39e1d0
Sync capa-testfiles submodule
2022-01-24 13:37:25 +00:00
81d604d85a
Sync capa-testfiles submodule
2022-01-24 11:00:44 +00:00
8474369575
tests: add fixtures for two's complement numbers
...
Add fixtures to validate the following number features:
- number(0x0): to check feature extraction for null number
- number(0xFFFFFFFF): to check feature extraction for -1 number
- number(0xFFFFFFF0): to check feature extraction for negative number (-0x10 in this case)
2021-12-31 20:08:56 +01:00
90430f52c6
Sync capa-testfiles submodule
2021-12-15 15:33:39 +00:00
cc8d57b242
Sync capa-testfiles submodule
2021-12-13 17:24:52 +00:00
6081f4573c
Sync capa-testfiles submodule
2021-12-13 17:24:32 +00:00
ea2cafa715
Sync capa-testfiles submodule
2021-12-13 17:24:02 +00:00
09fd371b9d
Sync capa-testfiles submodule
2021-12-06 10:13:41 +00:00
a598745938
Sync capa-testfiles submodule
2021-12-06 10:06:57 +00:00
7751f693c8
Sync capa-testfiles submodule
2021-12-06 10:02:45 +00:00
7ade9ca43e
Sync capa-testfiles submodule
2021-12-06 10:01:17 +00:00
c3d34abe89
Sync capa-testfiles submodule
2021-12-03 12:12:30 +00:00
baf5005998
Sync capa-testfiles submodule
2021-12-03 12:12:20 +00:00
Moritz Raabe