search

mandiant / capa

The FLARE team's open-source tool to identify capabilities in executable files.
https://mandiant.github.io/capa/
Apache License 2.0
4.48k stars 535 forks source link

Test binja 4 0 #2017

Closed xusheng6 closed 6 months ago

xusheng6 commented 7 months ago

Close https://github.com/mandiant/capa/issues/2016

The PR contains:

  1. The binja version check update in https://github.com/mandiant/capa/commit/bf4695c6bfdd9cffbaf45b2d1912b94cc8cbab28. Which is a standard operation after we release a new stable
  2. Fix the stack string detection code after 4.0 (https://github.com/mandiant/capa/commit/58e4a30156668bbd280efbb5295ccb840aebe080), and also simplify it a bit
  3. Added support for forwarded export in the binja feature extractor, and enabled the relevant unit tests. https://github.com/mandiant/capa/commit/92cfc0caa7131e941f7f4ce110254c28e6d8630b. This is a bit funny, that I fixed a relevant bug on the binja end that blocks it, and prematurely asked Willi to close https://github.com/mandiant/capa/issues/1646. Though, at that time, I have not actually added the support for forwarded export in binja extractor (I only fixed a blocker in binja itself). This time I fixed it

Checklist

xusheng6 commented 7 months ago

changes looks good, but looks like tests didn't run fully in CI?

PRs do not have access to the action secrets, so it does not have the binja license to run the relevant tests. You will need to trigger a build as a maintainer of the project to enable a full test

mr-tz commented 7 months ago

@williballenthin how should we go about versioning capa here? Do we need a new release if we break support for older Binary Ninja versions?

xusheng6 commented 7 months ago

@williballenthin how should we go about versioning capa here? Do we need a new release if we break support for older Binary Ninja versions?

Just FYI this PR does not bump the required binja version to 4.0. It does require the builtin outlining feature, which I remember is introduced in stable 3.4. Still quite new, though

williballenthin commented 7 months ago

Do we need a new release if we break support for older Binary Ninja versions?

@mr-tz In theory, this would be a breaking change requiring a new major version of capa. That seems extreme though. Perhaps we can do a point release that includes these changes? I'm definitely open to suggestions.

mr-tz commented 7 months ago

@williballenthin how should we go about versioning capa here? Do we need a new release if we break support for older Binary Ninja versions?

Just FYI this PR does not bump the required binja version to 4.0. It does require the builtin outlining feature, which I remember is introduced in stable 3.4. Still quite new, though

Ok, should we maybe include a note which Binary Ninja version we support/require? Which makes me realize that we don't have any documentation/note on Binary Ninja support/usage anywhere?!