Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unexpected address type in verbose mode during dynamic analysis #1702

Closed
1 of 2 tasks
williballenthin opened this issue Aug 10, 2023 · 3 comments
Closed
1 of 2 tasks

unexpected address type in verbose mode during dynamic analysis #1702

williballenthin opened this issue Aug 10, 2023 · 3 comments
Assignees
@yelhamer
Labels
bug Something isn't working dynamic related to dynamic analysis flavor gsoc Work related to Google Summer of Code project.

Comments

@williballenthin
Copy link
Collaborator

williballenthin commented Aug 10, 2023
edited
Loading 

@williballenthin ➜ /workspaces/capa (dynamic-feature-extraction) $ python -m capa.main -r rules1 tests/data/dynamic/cape/v2.2/d46900384c78863420fb3e297d0a2f743cd2b6b3f7f82bf64059a168e07aceb7.json -v
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/local/lib/python3.10/runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "/workspaces/capa/capa/main.py", line 1655, in <module>
    sys.exit(main())
  File "/workspaces/capa/capa/main.py", line 1601, in main
    print(capa.render.verbose.render(meta, rules, capabilities))
  File "/workspaces/capa/capa/render/verbose.py", line 236, in render
    return render_verbose(rd.ResultDocument.from_capa(meta, rules, capabilities))
  File "/workspaces/capa/capa/render/verbose.py", line 229, in render_verbose
    render_rules(ostream, doc)
  File "/workspaces/capa/capa/render/verbose.py", line 214, in render_rules
    rows.append(("matches", "\n".join(map(format_address, locations))))
  File "/workspaces/capa/capa/render/verbose.py", line 77, in format_address
    raise ValueError("unexpected address type")
ValueError: unexpected address type

d46900384c78863420fb3e297d0a2f743cd2b6b3f7f82bf64059a168e07aceb7 from v2.2 archive in #1698

  • add test demonstrating rendering of the currently broken address type
  • fix the issue
@williballenthin williballenthin added bug Something isn't working gsoc Work related to Google Summer of Code project. dynamic related to dynamic analysis flavor labels Aug 10, 2023
@williballenthin williballenthin mentioned this issue Aug 10, 2023
Merged
18 tasks
@williballenthin
Copy link
Collaborator Author

same error in vverbose mode

@williballenthin
Copy link
Collaborator Author

williballenthin commented Aug 10, 2023
edited
Loading

maybe missing CallAddress here:

capa/capa/render/verbose.py

Lines 57 to 74 in 19495f6

elif address.type == frz.AddressType.DYNAMIC:
assert isinstance(address.value, tuple)
id_, return_address = address.value
assert isinstance(id_, int)
assert isinstance(return_address, int)
return f"event: {id_}, retaddr: 0x{return_address:x}"
elif address.type == frz.AddressType.PROCESS:
assert isinstance(address.value, tuple)
ppid, pid = address.value
assert isinstance(ppid, int)
assert isinstance(pid, int)
return f"process ppid: {ppid}, process pid: {pid}"
elif address.type == frz.AddressType.THREAD:
assert isinstance(address.value, int)
tid = address.value
assert isinstance(tid, int)
return f"thread id: {tid}"
elif address.type == frz.AddressType.NO_ADDRESS:

williballenthin added a commit that referenced this issue Aug 11, 2023
@williballenthin
tests: main: demonstrate CAPE analysis (and bug #1702)
6de23a9
@williballenthin williballenthin mentioned this issue Aug 11, 2023
Merged
3 tasks
williballenthin added a commit that referenced this issue Aug 11, 2023
@williballenthin
render: verbose: render call address
dafbefb 
closes #1702
@williballenthin
Copy link
Collaborator Author

closed in #1709

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yelhamer yelhamer

Labels
bug Something isn't working dynamic related to dynamic analysis flavor gsoc Work related to Google Summer of Code project.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@williballenthin @yelhamer