Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Binja database support #2501

Merged
merged 2 commits into from
Dec 2, 2024
Merged

Conversation

xusheng6
Copy link
Contributor

@xusheng6 xusheng6 commented Nov 21, 2024

This PR adds support for loading and analyzing a binja database: #2496

There are two things I wish to mention:

  1. This PR is rebased on Various binja backend fixes #2500, rather then the latest master. I now realize this is not the best thing to do, but I cannot simply drop the commits from Various binja backend fixes #2500 because there are conflicts. So maybe first have a look at that PR, and if it gets approved, I can rebase this again (if needed)
  2. I did not add a unit test for this. I know I can save one of the file we use for unit tests to a binja database and then load it. Do you have a representative binary to use for it among those files? Also, should I add a new test or should I just add it to test_binja_features.py?

Checklist

  • No CHANGELOG update needed
  • No new tests needed
  • No documentation update needed

@williballenthin
Copy link
Collaborator

Do you have a representative binary to use for it among those files? Also, should I add a new test or should I just add it to test_binja_features.py?

I think you should take a trivial file, like PMA 01-01.dll, and use that. The test only needs to show that the db file can be analyzed, not that all the features are extracted consistently (which we can assume will be the case, I think).

return False
return None
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch

@mr-tz
Copy link
Collaborator

mr-tz commented Nov 27, 2024

Pending tests

@xusheng6 xusheng6 force-pushed the binja_database_support branch from 61b4453 to 39810da Compare November 29, 2024 07:01
@xusheng6
Copy link
Contributor Author

Pending tests

I added a test for for it, please have a look!

@xusheng6
Copy link
Contributor Author

Oh well apparently I only added the database file and the feature list, but forgot to make it actually run during the test. I will push a fix shortly

@xusheng6 xusheng6 force-pushed the binja_database_support branch from 39810da to b9a9eb1 Compare November 29, 2024 08:51
Copy link
Collaborator

@mr-tz mr-tz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, thank you!

@xusheng6
Copy link
Contributor Author

xusheng6 commented Dec 2, 2024

Just so that you know this branch is failing the (newly added) unit test (sorry I wrote the code without running the unit test, I thought it is way to easy to bother with testing at all)

All new binja db tests are failing because it cannot properly get a binary view, I am yet to see what is happening. It does work perfectly fine when I analyze a standalone file outside of the unit test infra

@xusheng6 xusheng6 force-pushed the binja_database_support branch from b9a9eb1 to 28fcd10 Compare December 2, 2024 15:34
@xusheng6
Copy link
Contributor Author

xusheng6 commented Dec 2, 2024

@williballenthin oh well it is just a simple typo in the file path. I have fixed it and this should be ready for merge

@mr-tz mr-tz merged commit 54952fe into mandiant:master Dec 2, 2024
24 checks passed
@mr-tz
Copy link
Collaborator

mr-tz commented Dec 2, 2024

Thank you!

@xusheng6 xusheng6 deleted the binja_database_support branch December 2, 2024 16:34
@xusheng6
Copy link
Contributor Author

xusheng6 commented Dec 3, 2024

@mr-tz thx for merging this! However, since I also introduced a submodule change on the test files, now the capa repo points to this commit https://github.com/mandiant/capa-testfiles/tree/b40457c616604ee65f44e1ae8597cfeec7da0f70 which is not on top of the master branch of the capa-testfiles repo. I believe you should cherry-pick this commit on capa-testfiles

@mr-tz
Copy link
Collaborator

mr-tz commented Dec 3, 2024

Good catch, done. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants