Colton Gabertan
Colton Gabertan
### Summary Currently, to use capa's Ghidra UI integration, users must first install and configure Ghidrathon as a separate extension for Ghidra. Ghidrathon's [latest release candidate](https://github.com/mandiant/Ghidrathon/releases/tag/v4.0.0-rc1) now includes an [installation...
### Summary The Ghidra Feature Extractor uses Ghidra's [FunctionID Analyzer](https://github.com/NationalSecurityAgency/ghidra-data/blob/7d843ec229d43c2d1a8178aaa892be90e37e95a2/FunctionID/FID.md) to identify library functions. capa as a standalone tool defaults to the Vivisect backend, which uses the FLARE team's custom...
### Summary The latest [release candidate](https://github.com/mandiant/Ghidrathon/releases/tag/v4.0.0-rc1) for Ghidrathon now includes an [installation script](https://github.com/mandiant/Ghidrathon/blob/main/util/ghidrathon_configure.py). This now outdates the method used in the Ghidra backend's [CI workflow](https://github.com/mandiant/capa/blob/fde1de3250ccb7c46d0ef36f60f830d679ea79c1/.github/workflows/tests.yml#L178-L192). Please update the workflow to...
### Summary Most backends seem to be able to identify the imported/linked library functions as well as which module and module version that the binary intends to use during runtime....
### Description We've bumped the version of `pytest` in our dependencies to 7.4.0. The current implementation of the IDA test script uses `yield`, which has been deprecated since `pytest v4`....
### Description One Ghidra backend limitation found during testing is that it may identify what should be a function as a label during its analysis. ### Steps to Reproduce See...
### Description Most iterable objects returned by Ghidra API calls are iterable via classic `for` loops; however, there are some cases in which the iterable object is not compatible. ###...