def get_extractor(path: str, format: str, backend: str, sigpaths: List[str], should_save_workspace=False, disable_progress=False) -> FeatureExtractor: """ raises: UnsupportedFormatError: """ if backend == "smda": from smda.SmdaConfig import SmdaConfig from smda.Disassembler import Disassembler import capa.features.extractors.smda.extractor smda_report = None with halo.Halo(text="analyzing program", spinner="simpleDots", stream=sys.stderr, enabled=not disable_progress): config = SmdaConfig() config.STORE_BUFFER = True smda_disasm = Disassembler(config) smda_report = smda_disasm.disassembleFile(path) return capa.features.extractors.smda.extractor.SmdaFeatureExtractor( smda_report, path) else: import capa.features.extractors.viv.extractor with halo.Halo(text="analyzing program", spinner="simpleDots", stream=sys.stderr, enabled=not disable_progress): if format == "auto" and path.endswith(EXTENSIONS_SHELLCODE_32): format = "sc32" elif format == "auto" and path.endswith(EXTENSIONS_SHELLCODE_64): format = "sc64" vw = get_workspace(path, format, sigpaths) if should_save_workspace: logger.debug("saving workspace") try: vw.saveWorkspace() except IOError: # see #168 for discussion around how to handle non-writable directories logger.info( "source directory is not writable, won't save intermediate workspace" ) else: logger.debug("CAPA_SAVE_WORKSPACE unset, not saving workspace") return capa.features.extractors.viv.extractor.VivisectFeatureExtractor( vw, path)
def get_extractor( path: str, format_: str, backend: str, sigpaths: List[str], should_save_workspace=False, disable_progress=False ) -> FeatureExtractor: """ raises: UnsupportedFormatError UnsupportedArchError UnsupportedOSError """ if format_ not in (FORMAT_SC32, FORMAT_SC64): if not is_supported_format(path): raise UnsupportedFormatError() if not is_supported_arch(path): raise UnsupportedArchError() if not is_supported_os(path): raise UnsupportedOSError() if format_ == FORMAT_DOTNET: import capa.features.extractors.dnfile.extractor return capa.features.extractors.dnfile.extractor.DnfileFeatureExtractor(path) if backend == "smda": from smda.SmdaConfig import SmdaConfig from smda.Disassembler import Disassembler import capa.features.extractors.smda.extractor smda_report = None with halo.Halo(text="analyzing program", spinner="simpleDots", stream=sys.stderr, enabled=not disable_progress): config = SmdaConfig() config.STORE_BUFFER = True smda_disasm = Disassembler(config) smda_report = smda_disasm.disassembleFile(path) return capa.features.extractors.smda.extractor.SmdaFeatureExtractor(smda_report, path) else: import capa.features.extractors.viv.extractor with halo.Halo(text="analyzing program", spinner="simpleDots", stream=sys.stderr, enabled=not disable_progress): vw = get_workspace(path, format_, sigpaths) if should_save_workspace: logger.debug("saving workspace") try: vw.saveWorkspace() except IOError: # see #168 for discussion around how to handle non-writable directories logger.info("source directory is not writable, won't save intermediate workspace") else: logger.debug("CAPA_SAVE_WORKSPACE unset, not saving workspace") return capa.features.extractors.viv.extractor.VivisectFeatureExtractor(vw, path)
def get_smda_extractor(path): from smda.SmdaConfig import SmdaConfig from smda.Disassembler import Disassembler import capa.features.extractors.smda config = SmdaConfig() config.STORE_BUFFER = True disasm = Disassembler(config) report = disasm.disassembleFile(path) return capa.features.extractors.smda.SmdaFeatureExtractor(report, path)
def get_extractor_py3(path, format, disable_progress=False): from smda.SmdaConfig import SmdaConfig from smda.Disassembler import Disassembler import capa.features.extractors.smda smda_report = None with halo.Halo(text="analyzing program", spinner="simpleDots", stream=sys.stderr, enabled=not disable_progress): config = SmdaConfig() config.STORE_BUFFER = True smda_disasm = Disassembler(config) smda_report = smda_disasm.disassembleFile(path) return capa.features.extractors.smda.SmdaFeatureExtractor( smda_report, path)
def get_extractor_py3(path, format, backend, disable_progress=False): if backend == "smda": from smda.SmdaConfig import SmdaConfig from smda.Disassembler import Disassembler import capa.features.extractors.smda smda_report = None with halo.Halo(text="analyzing program", spinner="simpleDots", stream=sys.stderr, enabled=not disable_progress): config = SmdaConfig() config.STORE_BUFFER = True smda_disasm = Disassembler(config) smda_report = smda_disasm.disassembleFile(path) return capa.features.extractors.smda.SmdaFeatureExtractor( smda_report, path) else: import capa.features.extractors.viv with halo.Halo(text="analyzing program", spinner="simpleDots", stream=sys.stderr, enabled=not disable_progress): vw = get_workspace(path, format, should_save=False) try: vw.saveWorkspace() except IOError: # see #168 for discussion around how to handle non-writable directories logger.info( "source directory is not writable, won't save intermediate workspace" ) return capa.features.extractors.viv.VivisectFeatureExtractor(vw, path)
SMDA_REPORT = None INPUT_FILENAME = "" if os.path.isfile(ARGS.input_path): # optionally create and set up a config, e.g. when using ApiScout profiles for WinAPI import usage discovery config = SmdaConfig() config.API_COLLECTION_FILES = { "win_7": os.sep.join([ config.PROJECT_ROOT, "data", "apiscout_win7_prof-n_sp1.json" ]) } DISASSEMBLER = Disassembler(config) print("now analyzing {}".format(ARGS.input_path)) INPUT_FILENAME = os.path.basename(ARGS.input_path) if ARGS.parse_header: SMDA_REPORT = DISASSEMBLER.disassembleFile( ARGS.input_path, pdb_path=ARGS.pdb_path) else: BUFFER = readFileContent(ARGS.input_path) BASE_ADDR = parseBaseAddrFromArgs(ARGS) SMDA_REPORT = DISASSEMBLER.disassembleBuffer(BUFFER, BASE_ADDR) SMDA_REPORT.filename = os.path.basename(ARGS.input_path) print(SMDA_REPORT) if SMDA_REPORT and os.path.isdir(ARGS.output_path): with open(ARGS.output_path + os.sep + INPUT_FILENAME + ".smda", "w") as fout: json.dump(SMDA_REPORT.toDict(), fout, indent=1, sort_keys=True) else: PARSER.print_help()