search

mandiant / capa

The FLARE team's open-source tool to identify capabilities in executable files.
https://mandiant.github.io/capa/
Apache License 2.0
4.91k stars 564 forks source link

IDA Plugin Doesn't Support IDA 7.7 #845

Closed cdong1012 closed 2 years ago

cdong1012 commented 2 years ago

Description

The most recent release v3.0.3 is missing support for IDA 7.7 in the file C:\\Lib\site-packages\capa\capa\ida\helpers__init__.py.

Steps to Reproduce

  1. Install via pip: pip install flare-capa
  2. Copy capa_explorer.py from Github to IDA plugins folder
  3. Open an executable in IDA 7.7

Expected behavior:

Be able to launch capa explorer plugin via Edit->Plugins -> FLARE capa explorer.

Actual behavior:

Message in IDA output specifying IDA 7.7 is not a supported version:

WARNING:capa:This plugin does not support your IDA Pro version WARNING:capa:Your IDA Pro version is: 7.7. Supported versions are: 7.4, 7.5, 7.6.

Versions

Running Windows 11 x64 with Python 3.9.6 and Windows 10 x64 Python 3.9.6. Installed capa via pip (pip install flare-capa). Using IDA Pro integration (capa explorer).

capa --version

Additional Information

N/A

williballenthin commented 2 years ago

I wonder if we should just pin the version to >=7.4, <8

williballenthin commented 2 years ago

we should release a fix to this as fast as reasonably possible, as i'd expect many people to update IDA fairly soon

mike-hunhoff commented 2 years ago

thank you @cdong1012! @williballenthin I'm fine with pinning as you suggested (see #849). we will need to cut a new release to make the update available to all users.

cdong1012 commented 2 years ago

Thank you guys! Have a good holiday season!