search

mandiant / capa

The FLARE team's open-source tool to identify capabilities in executable files.
https://mandiant.github.io/capa/
Apache License 2.0
4.89k stars 563 forks source link

idaapi python module #2456

Closed D3vil0p3r closed 1 month ago

D3vil0p3r commented 1 month ago

I am trying to build from source and I see that capa uses idaapi module. I cannot use pip because I am packaging for Arch, but I cannot see where idaapi module can be retrieved. I checked on PyPI but there is no a dedicated module. Do you know how can I get it?

williballenthin commented 1 month ago

idaapi comes from the IDA Pro bindings when running within that application as a plugin. In the common case, this import is not used.

D3vil0p3r commented 1 month ago

To have it, in Arch Linux should I install ida-pro package?

williballenthin commented 1 month ago

it's not a freely available module and it can't be used outside the IDA Pro scripting environment. if possible, you should ignore this import (which only happens when capa recognizes it's running within IDA).

D3vil0p3r commented 1 month ago

I see that ida_netnode lib depends on idaapi... so netnode is only used in that case too?

williballenthin commented 1 month ago

correct, netnode is an IDA Pro abstraction and also only relevant when running as a plugin.

D3vil0p3r commented 1 month ago

Ida Free is impacted by these mentioned IDA modules if I run it and capa?

williballenthin commented 1 month ago

IDA Free doesn't have Python scripting

https://hex-rays.com/pricing?section=individuals