Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

import-to-ida.py is not importing correctly #1584

Closed
lenz913 opened this issue Jul 6, 2023 · 2 comments · Fixed by #1585
Closed

import-to-ida.py is not importing correctly #1584

lenz913 opened this issue Jul 6, 2023 · 2 comments · Fixed by #1585
Assignees
@williballenthin
Labels
bug Something isn't working

Comments

@lenz913
Copy link

lenz913 commented Jul 6, 2023

Description

The current json output by capa seems to be different from what is expected by the script.

Steps to Reproduce

  1. Generate json using capa.exe --json a.exe > a.json
  2. Run import-to-ida.py to import a.json

Expected behavior:

Capa comments being applied on the sub functions.

Actual behavior:

Error in the python code on line 96 rule["matches"].keys() 'list' object has no attribute 'keys'

Versions

capa.exe 5.0.0 (standalone tool), Python version = 3.8.1, OS = Win10

Additional Information

Seems like currently it is expecting something like
for va in rule["matches"][0]: addr = va["value"]
@williballenthin williballenthin added the bug Something isn't working label Jul 6, 2023
@williballenthin
Copy link
Collaborator

i'm able to reproduce this

@williballenthin williballenthin self-assigned this Jul 6, 2023
williballenthin added a commit that referenced this issue Jul 6, 2023
@williballenthin
import-to-ida: update to use v5 JSON format
169b3d6 
closes #1584
@williballenthin
Copy link
Collaborator

there's a fixed version here: https://github.com/mandiant/capa/blob/19a5ef8/scripts/import-to-ida.py
give it a shot and see if it works for the json reports you have locally.

we'll merge a fix for this issue on master, which will apply to v6 onwards.

@williballenthin williballenthin mentioned this issue Jul 6, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@williballenthin williballenthin

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix import-to-ida due to changes in the result document format in v5 mandiant/capa
2 participants
@williballenthin @lenz913