capa icon indicating copy to clipboard operation
capa copied to clipboard

Published 20 hours ago verified publisher icon mandiant

ghidra: update capa_explorer.py to enable users to select if comments and bookmarks are added

Open mike-hunhoff opened this issue 1 year ago • 10 comments

capa_explorer.py adds comments and bookmarks when executed. We should enable users to choose which of these options, if any, they want to use when the script is executed. capa_ghidra.py can be referenced for understanding how the Ghidra API can be used to solicit input from users. Ghidra's askChoices API is the likely choice.

mike-hunhoff avatar Feb 07 '24 23:02 mike-hunhoff

Hi I'd like to work on this as a first time contributor, can you please assign it to me?

danieldsouza13 avatar Feb 08 '24 22:02 danieldsouza13

Done, thank you @danieldsouza13 ! Let us know if you have any questions.

mike-hunhoff avatar Feb 09 '24 01:02 mike-hunhoff

hi is this issue still open to contribute to @mike-hunhoff

Atlas-64 avatar Mar 02 '24 11:03 Atlas-64

Thanks for reaching out @Atlas-64 . This issue has already been assigned to someone else. @danieldsouza13 are you still working on this? If so, please provide a status update. If not, I’ll unassign it from you for someone else to grab. Thank you!

mike-hunhoff avatar Mar 02 '24 15:03 mike-hunhoff

oh okay then @mike-hunhoff i guess I can work on it on the side , and discussing my proposed solution here wouldn't hurt right , haha

Atlas-64 avatar Mar 04 '24 18:03 Atlas-64

Removing @danieldsouza13 due to inactivity. @Atlas-64 I've assigned this issue to you. Please ask any questions here otherwise I'll keep an eye out for your PR.

mike-hunhoff avatar Mar 04 '24 19:03 mike-hunhoff

sorry for the delay , I finally got the time to go through the code right now so basically on going through capa_ghidra.py, where it uses askChoices to get the capa output verbosity. We can just have a similar statement in capa_explorer.py which takes the user input through the pop-up and then just have an if-else statement within main to call the bookmark and comment causing functions. lemme know if I have any fallacy in my logic :) . @mike-hunhoff

Atlas-64 avatar Mar 07 '24 14:03 Atlas-64

I also had a question about what set_plate_commen() and set_pre_comment() exactly do within capa_explorer.py @mike-hunhoff

Atlas-64 avatar Mar 10 '24 19:03 Atlas-64

sorry for the delay , I finally got the time to go through the code right now so basically on going through capa_ghidra.py, where it uses askChoices to get the capa output verbosity. We can just have a similar statement in capa_explorer.py which takes the user input through the pop-up and then just have an if-else statement within main to call the bookmark and comment causing functions. lemme know if I have any fallacy in my logic :) . @mike-hunhoff

This sounds like a good place to start. Open a PR when you're ready and we'll be happy to take a look at and comment further on your code.

mike-hunhoff avatar Mar 11 '24 19:03 mike-hunhoff

I also had a question about what set_plate_commen() and set_pre_comment() exactly do within capa_explorer.py @mike-hunhoff

These helper functions set ghidra.program.model.listing.CodeUnit.PLATE_COMMENT and ghidra.program.model.listing.CodeUnit.PRE_COMMENT comments using Ghidra's flat program APIs setPlateComment and setPreComment , respectfully. Generally, in the capa + Ghidra code the comment # type: ignore [name-defined] # noqa: F821 at the end of a line identifies use of Ghidra's flat program APIs.

mike-hunhoff avatar Mar 11 '24 20:03 mike-hunhoff