Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

capa can't be used as a library on py3 #50

Closed
williballenthin opened this issue Jun 30, 2020 · 7 comments
Closed

capa can't be used as a library on py3 #50

williballenthin opened this issue Jun 30, 2020 · 7 comments
Labels
enhancement New feature or request

Comments

@williballenthin
Copy link
Collaborator

williballenthin commented Jun 30, 2020
edited
Loading

capa relies on vivisect for its standalone code analysis (when run within IDA, it uses IDA's analysis). since vivisect is py2-only, this means capa is py2-only, when used standalone or as a library. we should provide an analysis backend that can be used on py3, as this is the future.

we're aware that everyone (actually, including ourselves) has already moved on to py3. you should be aware that using vivisect was the path of least resistance to developing capa. now that we've proved that capa works and is useful, its finally appropriate to dedicate substantial time towards the upgrade.

note, the capa code base is already py3 compatible. this is strictly a limitation of the backend that we ship by default.
@williballenthin williballenthin added the enhancement New feature or request label Jun 30, 2020
@Ana06 Ana06 mentioned this issue Jul 21, 2020
Merged
@weslambert weslambert mentioned this issue Jul 27, 2020
Closed
@williballenthin williballenthin mentioned this issue Aug 18, 2020
Closed
@williballenthin
Copy link
Collaborator Author

williballenthin commented Aug 18, 2020
edited
Loading

based on offline discussions with @rakuy0, the vivisect devs are working towards py3 support. but, i'd expect this to be many months before its stable.

@williballenthin
Copy link
Collaborator Author

in #234 we have an experimental backend that runs on py3. however, its a pretty new analysis engine, so we're not ready to merge and distribute it yet.

@williballenthin
Copy link
Collaborator Author

we (including @Ana06) may attempt a miasm backend that would support py3. some things would be pretty straightforward (e.g. disassembling instructions) while other things would need a bit of research and code (e.g. finding functions). ETA for a POC is probably a few weeks to a few months. if it works, then further ETA for stabilizing this depends on performance and reliability.

we're certainly open to collaboration on this effort, if anyone is interested.

TODO: update with GH issue # if we attempt miasm backend.

@mbhatt1
Copy link

mbhatt1 commented Aug 18, 2020

How do the tests look currently for #234 ?

Are the preliminary results fairly ok for most runs?

@williballenthin
Copy link
Collaborator Author

@mbhatt1 tests look good
image

with this backend, you're more likely to run into errors during the code analysis passes, since the analyzer hasn't yet been hardened against thousands of binaries. this would look like unexpected exceptions and/or missing results. but, the interface can be used from py3 and is unlikely to change too much (though not guaranteed). so, you could get started here and sketch out your integration.

@Ana06 Ana06 mentioned this issue Aug 21, 2020
Closed
@williballenthin
Copy link
Collaborator Author

see also #355 that uses SMDA for py3

@williballenthin
Copy link
Collaborator Author

with SMDA added, capa can be used as a library on py3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@williballenthin @mbhatt1