MBot Posted December 9, 2024 Posted December 9, 2024 capa version 8 adds support for IDA Pro 9.0 (and idalib). The release comes with various improvements and bug fixes for the Binary Ninja backend (including to load with database files) -- thanks to @xusheng6. Additional bug fixes improve the dynamic and BinExport backends. capa version 8 now requires Python 3.10 or newer. Special thanks to @Tamir-K, @harshit-wadhwani, @jorik-utwente for their great contributions. New Features allow call as valid subscope for call scoped rules @mr-tz support loading and analyzing a Binary Ninja database #2496 @xusheng6 vmray: record process command line details @mr-tz Breaking Changes remove support for Python 3.8 and use Python 3.10 as minimum now #1966 @mr-tz New Rules (54) nursery/get-shadow-password-file-entry-on-linux jonathanlepore@google.com nursery/set-shadow-password-file-entry-on-linux jonathanlepore@google.com collection/browser/get-chrome-cookiemonster still@teamt5.org collection/browser/get-elevation-service-for-chromium-based-browsers still@teamt5.org collection/get-steam-token still@teamt5.org nursery/persist-via-application-shimming j.j.vannielen@utwente.nl nursery/persist-via-bits-job j.j.vannielen@utwente.nl nursery/persist-via-print-processors-registry-key j.j.vannielen@utwente.nl linking/static/touchsocket/linked-against-touchsocket still@teamt5.org runtime/dotnet/compiled-with-dotnet-aot still@teamt5.org nursery/persist-via-errorhandler-script j.j.vannielen@utwente.nl nursery/persist-via-get-variable-hijack j.j.vannielen@utwente.nl nursery/persist-via-iphlpapi-dll-hijack j.j.vannielen@utwente.nl nursery/persist-via-lnk-shortcut j.j.vannielen@utwente.nl nursery/persist-via-powershell-profile j.j.vannielen@utwente.nl nursery/persist-via-windows-accessibility-tools j.j.vannielen@utwente.nl nursery/persist-via-windows-terminal-profile j.j.vannielen@utwente.nl nursery/write-to-browser-extension-directory j.j.vannielen@utwente.nl nursery/persist-via-aedebug-registry-key j.j.vannielen@utwente.nl nursery/persist-via-amsi-registry-key j.j.vannielen@utwente.nl nursery/persist-via-app-paths-registry-key j.j.vannielen@utwente.nl nursery/persist-via-appcertdlls-registry-key j.j.vannielen@utwente.nl nursery/persist-via-appx-registry-key j.j.vannielen@utwente.nl nursery/persist-via-autodialdll-registry-key j.j.vannielen@utwente.nl nursery/persist-via-autoplayhandlers-registry-key j.j.vannielen@utwente.nl nursery/persist-via-bootverificationprogram-registry-key j.j.vannielen@utwente.nl nursery/persist-via-code-signing-registry-key j.j.vannielen@utwente.nl nursery/persist-via-com-hijack j.j.vannielen@utwente.nl nursery/persist-via-command-processor-registry-key j.j.vannielen@utwente.nl nursery/persist-via-contextmenuhandlers-registry-key j.j.vannielen@utwente.nl nursery/persist-via-cor_profiler_path-registry-value j.j.vannielen@utwente.nl nursery/persist-via-default-file-association-registry-key j.j.vannielen@utwente.nl nursery/persist-via-disk-cleanup-handler-registry-key j.j.vannielen@utwente.nl nursery/persist-via-dotnet-dbgmanageddebugger-registry-key j.j.vannielen@utwente.nl nursery/persist-via-dotnet_startup_hooks-registry-key j.j.vannielen@utwente.nl nursery/persist-via-explorer-tools-registry-key j.j.vannielen@utwente.nl nursery/persist-via-filter-handlers-registry-key j.j.vannielen@utwente.nl nursery/persist-via-group-policy-registry-key j.j.vannielen@utwente.nl nursery/persist-via-hhctrl-com-hijack j.j.vannielen@utwente.nl nursery/persist-via-htmlhelp-author-registry-key j.j.vannielen@utwente.nl nursery/persist-via-image-file-execution-options-registry-key j.j.vannielen@utwente.nl nursery/persist-via-lsa-registry-key j.j.vannielen@utwente.nl nursery/persist-via-natural-language-registry-key j.j.vannielen@utwente.nl nursery/persist-via-netsh-registry-key j.j.vannielen@utwente.nl nursery/persist-via-network-provider-registry-key j.j.vannielen@utwente.nl nursery/persist-via-path-registry-key j.j.vannielen@utwente.nl nursery/persist-via-print-monitors-registry-key j.j.vannielen@utwente.nl nursery/persist-via-rdp-startup-programs-registry-key j.j.vannielen@utwente.nl nursery/persist-via-silentprocessexit-registry-key j.j.vannielen@utwente.nl nursery/persist-via-telemetrycontroller-registry-key j.j.vannielen@utwente.nl nursery/persist-via-timeproviders-registry-key j.j.vannielen@utwente.nl nursery/persist-via-ts-initialprogram-registry-key j.j.vannielen@utwente.nl nursery/persist-via-userinitmprlogonscript-registry-value j.j.vannielen@utwente.nl nursery/persist-via-windows-error-reporting-registry-key j.j.vannielen@utwente.nl Bug Fixes extractor: fix exception when PE extractor encounters unknown architecture #2440 @Tamir-K IDA Pro: rename ida to idapro module for plugin and idalib in IDA 9.0 #2453 @mr-tz ghidra: fix saving of base address @mr-tz binja: support loading raw x86/x86_64 shellcode #2489 @xusheng6 binja: fix crash when the IL of certain functions are not available. #2249 @xusheng6 binja: major performance improvement on the binja extractor. #1414 @xusheng6 cape: make Process model flexible and procmemory optional to load newest reports #2466 @mr-tz binja: fix unit test failure by fixing up the analysis for file al-khaser_x64.exe_ #2507 @xusheng6 binja: move the stack string detection to function level #2516 @xusheng6 BinExport2: fix handling of incorrect thunk functions #2524 @williballenthin BinExport2: more precise pruning of expressions @williballenthin BinExport2: better handle weird expression trees from Ghidra #2528 #2530 @williballenthin capa Explorer Web capa Explorer IDA Pro plugin fix bug preventing saving of capa results via Save button @mr-tz fix saving of base address @mr-tz Development CI: use macos-13 since macos-12 is deprecated and will be removed on December 3rd, 2024 #2173 @mr-tz CI: update Binary Ninja version to 4.2 #2499 @xusheng6 Raw diffs capa v7.4.0...v8.0.0 capa-rules v7.4.0...v8.0.0 Download
Recommended Posts