Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect and use third-party analysis backends when possible #2380

Merged
merged 6 commits into from
Sep 26, 2024
Merged

detect and use third-party analysis backends when possible #2380

merged 6 commits into from
Sep 26, 2024

Conversation

williballenthin
Copy link
Collaborator

@williballenthin williballenthin commented Sep 20, 2024
edited
Loading

closes #2376

Checklist

  • No new tests needed: don't have an idalib license we can use in CI right now
  • Documentation updates

@williballenthin williballenthin added the enhancement New feature or request label Sep 20, 2024
@williballenthin williballenthin marked this pull request as draft September 20, 2024 11:16
@williballenthin williballenthin force-pushed the push-ltqsxxylmzpy branch 2 times, most recently from e70225b to d8cdd0b Compare September 20, 2024 11:20
mr-tz
mr-tz reviewed Sep 20, 2024
View reviewed changes
capa/features/extractors/binja/find_binja_api.py Outdated Show resolved Hide resolved
capa/features/extractors/ida/extractor.py Outdated Show resolved Hide resolved
capa/loader.py Show resolved Hide resolved
@williballenthin williballenthin force-pushed the push-ltqsxxylmzpy branch 4 times, most recently from a6a00be to 38afbe7 Compare September 23, 2024 09:13
@williballenthin
Copy link
Collaborator Author

confirmed working with PyInstaller:

image

@williballenthin
Copy link
Collaborator Author

williballenthin commented Sep 23, 2024
edited
Loading

Given that I don't have easy access to a Windows install of IDA v9.0 Beta 4, let's stick to just Linux support.

Edit: the algorithm works just fine, though my Windows installation of idalib isn't working very well. See that idalib is loaded ok, but analysis terminates for some reason (unrelated and reported to Hex-Rays).

image

@williballenthin williballenthin marked this pull request as ready for review September 23, 2024 09:45
@williballenthin williballenthin mentioned this pull request Sep 23, 2024
Closed
mr-tz
mr-tz approved these changes Sep 23, 2024
View reviewed changes
Copy link
Collaborator

@mr-tz mr-tz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

very cool!

@williballenthin
Copy link
Collaborator Author

williballenthin commented Sep 24, 2024
edited
Loading

need to clean up the IDA database (which idalib leaves strewn around as .nam, .til, .id0, .id1, etc.).

...but this is a pain because we don't have a place today to invoke destructors/cleanup. so we can't easily use a temporary directory. maybe if there's a way to set the .idb path before its generated?

@williballenthin williballenthin force-pushed the push-ltqsxxylmzpy branch 4 times, most recently from 7bdbac9 to d79250c Compare September 26, 2024 10:50
@williballenthin williballenthin merged commit bcd57a9 into master Sep 26, 2024
24 checks passed
@williballenthin williballenthin deleted the push-ltqsxxylmzpy branch September 26, 2024 11:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mr-tz mr-tz mr-tz approved these changes

@mike-hunhoff mike-hunhoff Awaiting requested review from mike-hunhoff

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

detect and use third-party analysis backends when possible
2 participants
@williballenthin @mr-tz