gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-29 14:13:36 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
beba3fb3c702165bba06c0cc2999273670733d6c
capa/doc/usage.md
William Ballenthin add3537447 import source files, forgetting about 938 prior commits
2020-06-18 09:13:19 -06:00

1.1 KiB
Raw Blame History

Usage

Command line

After you have downloaded the standalone version of capa or installed it via pip (see the installation documentation) you can run capa directly from your terminal shell.

  • $ capa -h
  • $ capa malware.exe

In this mode capa relies on vivisect which only runs under Python 2.

IDA Pro

capa runs from within IDA Pro. Run capa/main.py via File - Script file... (ALT + F7).

When running in IDA, capa uses IDA's disassembly and file analysis as its backend. These results may vary from the standalone version that uses vivisect.

In IDA, capa supports Python 2 and Python 3. If you encounter issues with your specific setup please open a new Issue.

IDA plugins

capa comes with two IDA Pro plugins located in the capa/ida directory.

capa explorer

The capa explorer allows you to interactively display and browse capabilities capa identified in a binary.

capa explorer

Rule generator

The rule generator helps you to easily write new rules based on the function you are currently analyzing in your IDA disassembly view.

Reference in New Issue View Git Blame Copy Permalink