You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Capa fails to run if the file it is analyzing is located in a directory it does not have permissions to write to. In this case, it attempts to create the .viv file but fails.
Motivation
This tool may be run against files in directories that are write protected or are on remote systems that we do not have write access to.
Describe alternatives you've considered
The workaround is to just copy the file locally, but that might not always be possible/feasible.
Additional context
I found this by running capa-v1.0.0-win.exe on an Windows 10 system as a normal user against notepad.exe. Since it is located in c:\windows, an unprivileged user does not have access to write in that directory.
C:\tools\capa>capa-v1.0.0-win.exe -r capa-rules-master c:\windows\notepad.exe
WARNING:capa:skipping non-.yml file: LICENSE.txt
Unwind Info Version: 2 (bailing on .pdata)
Traceback (most recent call last):
File "capa\main.py", line 646, in <module>
File "capa\main.py", line 532, in main
File "capa\main.py", line 286, in get_extractor
File "capa\main.py", line 266, in get_extractor_py2
File "capa\main.py", line 252, in get_workspace
File "site-packages\viv_utils\__init__.py", line 86, in getWorkspace
File "site-packages\vivisect\__init__.py", line 2345, in saveWorkspace
File "site-packages\vivisect\storage\basicfile.py", line 15, in saveWorkspace
File "site-packages\vivisect\storage\basicfile.py", line 24, in vivEventsToFile
IOError: [Errno 13] Permission denied: 'c:\\windows\\notepad.exe.viv'
[2616] Failed to execute script main
The text was updated successfully, but these errors were encountered:
Summary
Capa fails to run if the file it is analyzing is located in a directory it does not have permissions to write to. In this case, it attempts to create the .viv file but fails.
Motivation
This tool may be run against files in directories that are write protected or are on remote systems that we do not have write access to.
Describe alternatives you've considered
The workaround is to just copy the file locally, but that might not always be possible/feasible.
Additional context
I found this by running capa-v1.0.0-win.exe on an Windows 10 system as a normal user against notepad.exe. Since it is located in c:\windows, an unprivileged user does not have access to write in that directory.
The text was updated successfully, but these errors were encountered: