The v7.4.0 capa release fixes a bug when processing VMRay analysis archives and enhances API extraction for all dynamic backends. For better terminal rendering capa now solely relies on the rich library.
The standalone capa executable can now automatically detect installations of relevant third party applications and use their backends (notably, idalib and Binary Ninja). For the extra standalone Linux build we've upgraded from Python 3.11 to 3.12.
Twelve new rules have been added. Thanks to all the contributors!
This is the last capa version supporting Python 3.8 and 3.9. If you have major concerns about this please reach out to us.
New Features
- add IDA v9.0 backend via idalib #2376 @williballenthin
- locate Binary Ninja API using XDG Desktop Entries #2376 @williballenthin
New Rules (15)
- nursery/access-unmanaged-com-objects-in-dotnet mehunhoff@google.com
- nursery/implement-ui-automation-client-in-dotnet mehunhoff@google.com
- nursery/interact-with-shortcut-via-iwshshortcut-in-dotnet mehunhoff@google.com
- nursery/interact-with-windows-scripting-host-in-dotnet mehunhoff@google.com
- nursery/use-dotnet-library-simplejson mehunhoff@google.com
- nursery/use-dotnet-library-websocket-sharp mehunhoff@google.com
- linking/runtime-linking/populate-syswhispers2-syscall-list still@teamt5.org
- host-interaction/os/hide-shutdown-actions-via-policy still@teamt5.org
- host-interaction/process/get-process-filename matthew.williams@mandiant.com
- host-interaction/driver/complete-processing-asynchronous-io-request moritz.raabe@mandiant.com
- anti-analysis/packer/nmm-protect/packed-with-nmm-protect william.ballenthin@mandiant.com
- host-interaction/firewall/modify/access-firewall-policy-via-inetfwpolicy2 jakub.jozwiak@mandiant.com
- host-interaction/firewall/modify/access-firewall-rule-properties-via-inetfwrule jakub.jozwiak@mandiant.com
- host-interaction/registry/open-recentdocs-registry-key matthew.williams@mandiant.com
Bug Fixes
- use Python 3.12 to build extra standalone build on Linux #2383 @williballenthin
- bump minimum Python version to 3.8.1 to satisfy uv #2387 @williballenthin
- vmray: collect more process information from flog.xml #2394 @mr-tz @mike-hunhoff
- replace tabulate, tqdm, and termcolor with rich #2374 @s-ff
- dynamic: emit complete features for A/W APIs #2409 @mike-hunhoff
- vmray: fix backslash handling in string call arguments #2428 @mr-tz