def get_extractor(path: str,
format: str,
backend: str,
sigpaths: List[str],
should_save_workspace=False,
disable_progress=False) -> FeatureExtractor:
"""
raises:
UnsupportedFormatError:
"""
if backend == "smda":
from smda.SmdaConfig import SmdaConfig
from smda.Disassembler import Disassembler
import capa.features.extractors.smda.extractor
smda_report = None
with halo.Halo(text="analyzing program",
spinner="simpleDots",
stream=sys.stderr,
enabled=not disable_progress):
config = SmdaConfig()
config.STORE_BUFFER = True
smda_disasm = Disassembler(config)
smda_report = smda_disasm.disassembleFile(path)
return capa.features.extractors.smda.extractor.SmdaFeatureExtractor(
smda_report, path)
else:
import capa.features.extractors.viv.extractor
with halo.Halo(text="analyzing program",
spinner="simpleDots",
stream=sys.stderr,
enabled=not disable_progress):
if format == "auto" and path.endswith(EXTENSIONS_SHELLCODE_32):
format = "sc32"
elif format == "auto" and path.endswith(EXTENSIONS_SHELLCODE_64):
format = "sc64"
vw = get_workspace(path, format, sigpaths)
if should_save_workspace:
logger.debug("saving workspace")
try:
vw.saveWorkspace()
except IOError:
# see #168 for discussion around how to handle non-writable directories
logger.info(
"source directory is not writable, won't save intermediate workspace"
)
else:
logger.debug("CAPA_SAVE_WORKSPACE unset, not saving workspace")
return capa.features.extractors.viv.extractor.VivisectFeatureExtractor(
vw, path)
def get_extractor(
path: str, format_: str, backend: str, sigpaths: List[str], should_save_workspace=False, disable_progress=False
) -> FeatureExtractor:
"""
raises:
UnsupportedFormatError
UnsupportedArchError
UnsupportedOSError
"""
if format_ not in (FORMAT_SC32, FORMAT_SC64):
if not is_supported_format(path):
raise UnsupportedFormatError()
if not is_supported_arch(path):
raise UnsupportedArchError()
if not is_supported_os(path):
raise UnsupportedOSError()
if format_ == FORMAT_DOTNET:
import capa.features.extractors.dnfile.extractor
return capa.features.extractors.dnfile.extractor.DnfileFeatureExtractor(path)
if backend == "smda":
from smda.SmdaConfig import SmdaConfig
from smda.Disassembler import Disassembler
import capa.features.extractors.smda.extractor
smda_report = None
with halo.Halo(text="analyzing program", spinner="simpleDots", stream=sys.stderr, enabled=not disable_progress):
config = SmdaConfig()
config.STORE_BUFFER = True
smda_disasm = Disassembler(config)
smda_report = smda_disasm.disassembleFile(path)
return capa.features.extractors.smda.extractor.SmdaFeatureExtractor(smda_report, path)
else:
import capa.features.extractors.viv.extractor
with halo.Halo(text="analyzing program", spinner="simpleDots", stream=sys.stderr, enabled=not disable_progress):
vw = get_workspace(path, format_, sigpaths)
if should_save_workspace:
logger.debug("saving workspace")
try:
vw.saveWorkspace()
except IOError:
# see #168 for discussion around how to handle non-writable directories
logger.info("source directory is not writable, won't save intermediate workspace")
else:
logger.debug("CAPA_SAVE_WORKSPACE unset, not saving workspace")
return capa.features.extractors.viv.extractor.VivisectFeatureExtractor(vw, path)
def get_smda_extractor(path):
from smda.SmdaConfig import SmdaConfig
from smda.Disassembler import Disassembler
import capa.features.extractors.smda
config = SmdaConfig()
config.STORE_BUFFER = True
disasm = Disassembler(config)
report = disasm.disassembleFile(path)
return capa.features.extractors.smda.SmdaFeatureExtractor(report, path)
def get_extractor_py3(path, format, disable_progress=False):
from smda.SmdaConfig import SmdaConfig
from smda.Disassembler import Disassembler
import capa.features.extractors.smda
smda_report = None
with halo.Halo(text="analyzing program",
spinner="simpleDots",
stream=sys.stderr,
enabled=not disable_progress):
config = SmdaConfig()
config.STORE_BUFFER = True
smda_disasm = Disassembler(config)
smda_report = smda_disasm.disassembleFile(path)
return capa.features.extractors.smda.SmdaFeatureExtractor(
smda_report, path)
def __init__(self, config=None, backend="intel"):
if config is None:
config = SmdaConfig()
self.config = config
self.disassembler = None
if backend == "intel":
self.disassembler = IntelDisassembler(self.config)
elif backend == "IDA":
self.disassembler = IdaExporter(self.config)
self._start_time = None
self._timeout = 0
# cache the last DisassemblyResult
self.disassembly = None
def get_extractor_py3(path, format, backend, disable_progress=False):
if backend == "smda":
from smda.SmdaConfig import SmdaConfig
from smda.Disassembler import Disassembler
import capa.features.extractors.smda
smda_report = None
with halo.Halo(text="analyzing program",
spinner="simpleDots",
stream=sys.stderr,
enabled=not disable_progress):
config = SmdaConfig()
config.STORE_BUFFER = True
smda_disasm = Disassembler(config)
smda_report = smda_disasm.disassembleFile(path)
return capa.features.extractors.smda.SmdaFeatureExtractor(
smda_report, path)
else:
import capa.features.extractors.viv
with halo.Halo(text="analyzing program",
spinner="simpleDots",
stream=sys.stderr,
enabled=not disable_progress):
vw = get_workspace(path, format, should_save=False)
try:
vw.saveWorkspace()
except IOError:
# see #168 for discussion around how to handle non-writable directories
logger.info(
"source directory is not writable, won't save intermediate workspace"
)
return capa.features.extractors.viv.VivisectFeatureExtractor(vw, path)
'--output_path',
type=str,
default='',
help='Optionally write the output to a file (JSON format).')
PARSER.add_argument('input_path',
type=str,
default='',
help='Path to file to analyze.')
ARGS = PARSER.parse_args()
if ARGS.input_path:
SMDA_REPORT = None
INPUT_FILENAME = ""
if os.path.isfile(ARGS.input_path):
# optionally create and set up a config, e.g. when using ApiScout profiles for WinAPI import usage discovery
config = SmdaConfig()
config.API_COLLECTION_FILES = {
"win_7":
os.sep.join([
config.PROJECT_ROOT, "data",
"apiscout_win7_prof-n_sp1.json"
])
}
DISASSEMBLER = Disassembler(config)
print("now analyzing {}".format(ARGS.input_path))
INPUT_FILENAME = os.path.basename(ARGS.input_path)
if ARGS.parse_header:
SMDA_REPORT = DISASSEMBLER.disassembleFile(
ARGS.input_path, pdb_path=ARGS.pdb_path)
else:
BUFFER = readFileContent(ARGS.input_path)
# -*- coding: utf-8 -*-
import sys
import os
sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
import smda
from smda.SmdaConfig import SmdaConfig
config = SmdaConfig()
config.API_COLLECTION_FILES = {"winxp": config.PROJECT_ROOT + os.sep + "data" + os.sep + "apiscout_winxp_prof_sp3.json"}