|
1 | 1 | # Change Log |
2 | 2 |
|
| 3 | +## v1.2.0 (2020-08-31) |
| 4 | + |
| 5 | +This release brings UI enhancements, especially for the IDA Pro plugin, |
| 6 | +investment towards py3 support, |
| 7 | +fixes some bugs identified by the community, |
| 8 | +and 46 (!) new rules. |
| 9 | +We received contributions from ten reverse engineers, including five new ones: |
| 10 | + |
| 11 | + - @agithubuserlol |
| 12 | + - @recvfrom |
| 13 | + - @D4nch3n |
| 14 | + - @edeca |
| 15 | + - @winniepe |
| 16 | + |
| 17 | +Download a standalone binary below and checkout the readme [here on GitHub](https://github.com/fireeye/capa/). |
| 18 | +Report issues on our [issue tracker](https://github.com/fireeye/capa/issues) |
| 19 | +and contribute new rules at [capa-rules](https://github.com/fireeye/capa-rules/). |
| 20 | + |
| 21 | +### New features |
| 22 | + |
| 23 | + - ida plugin: display arch flavors @mike-hunhoff |
| 24 | + - ida plugin: display block descriptions @mike-hunhoff |
| 25 | + - ida backend: extract features from nested pointers @mike-hunhoff |
| 26 | + - main: show more progress output @williballenthin |
| 27 | + - core: pin dependency versions #258 @recvfrom |
| 28 | + |
| 29 | +### New rules |
| 30 | + - bypass UAC via AppInfo ALPC @agithubuserlol |
| 31 | + - bypass UAC via token manipulation @agithubuserlol |
| 32 | + - check for sandbox and av modules @re-fox |
| 33 | + - check for sandbox username @re-fox |
| 34 | + - check if process is running under wine @re-fox |
| 35 | + - validate credit card number using luhn algorithm @re-fox |
| 36 | + - validate credit card number using luhn algorithm with no lookup table @re-fox |
| 37 | + - hash data using FNV @edeca @mr-tz |
| 38 | + - link many functions at runtime @mr-tz |
| 39 | + - reference public RSA key @mr-tz |
| 40 | + - packed with ASPack @williballenthin |
| 41 | + - delete internet cache @mike-hunhoff |
| 42 | + - enumerate internet cache @mike-hunhoff |
| 43 | + - send ICMP echo request @mike-hunhoff |
| 44 | + - check for debugger via API @mike-hunhoff |
| 45 | + - check for hardware breakpoints @mike-hunhoff |
| 46 | + - check for kernel debugger via shared user data structure @mike-hunhoff |
| 47 | + - check for protected handle exception @mike-hunhoff |
| 48 | + - check for software breakpoints @mike-hunhoff |
| 49 | + - check for trap flag exception @mike-hunhoff |
| 50 | + - check for unexpected memory writes @mike-hunhoff |
| 51 | + - check process job object @mike-hunhoff |
| 52 | + - reference anti-VM strings targeting Parallels @mike-hunhoff |
| 53 | + - reference anti-VM strings targeting Qemu @mike-hunhoff |
| 54 | + - reference anti-VM strings targeting VirtualBox @mike-hunhoff |
| 55 | + - reference anti-VM strings targeting VirtualPC @mike-hunhoff |
| 56 | + - reference anti-VM strings targeting VMWare @mike-hunhoff |
| 57 | + - reference anti-VM strings targeting Xen @mike-hunhoff |
| 58 | + - reference analysis tools strings @mike-hunhoff |
| 59 | + - reference WMI statements @mike-hunhoff |
| 60 | + - get number of processor cores @mike-hunhoff |
| 61 | + - get number of processors @mike-hunhoff |
| 62 | + - enumerate disk properties @mike-hunhoff |
| 63 | + - get disk size @mike-hunhoff |
| 64 | + - get process heap flags @mike-hunhoff |
| 65 | + - get process heap force flags @mike-hunhoff |
| 66 | + - get Explorer PID @mike-hunhoff |
| 67 | + - delay execution @mike-hunhoff |
| 68 | + - check for process debug object @mike-hunhoff |
| 69 | + - check license value @mike-hunhoff |
| 70 | + - check ProcessDebugFlags @mike-hunhoff |
| 71 | + - check ProcessDebugPort @mike-hunhoff |
| 72 | + - check SystemKernelDebuggerInformation @mike-hunhoff |
| 73 | + - check thread yield allowed @mike-hunhoff |
| 74 | + - enumerate system firmware tables @mike-hunhoff |
| 75 | + - get system firmware table @mike-hunhoff |
| 76 | + - hide thread from debugger @mike-hunhoff |
| 77 | + |
| 78 | +### Bug fixes |
| 79 | + |
| 80 | + - ida backend: extract unmapped immediate number features @mike-hunhoff |
| 81 | + - ida backend: fix stack cookie check #257 @mike-hunhoff |
| 82 | + - viv backend: better extract gs segment access @williballenthin |
| 83 | + - core: enable counting of string features #241 @D4nch3n @williballenthin |
| 84 | + - core: enable descriptions on feature with arch flavors @mike-hunhoff |
| 85 | + - core: update git links for non-SSH access #259 @recvfrom |
| 86 | + |
| 87 | +### Changes |
| 88 | + |
| 89 | + - ida plugin: better default display showing first level nesting @winniepe |
| 90 | + - remove unused `characteristic(switch)` feature @ana06 |
| 91 | + - prepare testing infrastructure for multiple backends/py3 @williballenthin |
| 92 | + - ci: zip build artifacts @ana06 |
| 93 | + - ci: build all supported python versions @ana06 |
| 94 | + - code style and formatting @mr-tz |
| 95 | + |
| 96 | +### Raw diffs |
| 97 | + |
| 98 | + - [capa v1.1.0...v1.2.0](https://github.com/fireeye/capa/compare/v1.1.0...v1.2.0) |
| 99 | + - [capa-rules v1.1.0...v1.2.0](https://github.com/fireeye/capa-rules/compare/v1.1.0...v1.2.0) |
| 100 | + |
3 | 101 | ## v1.1.0 (2020-08-05) |
4 | 102 |
|
5 | 103 | This release brings new rule format updates, such as adding `offset/x32` and negative offsets, |
|
0 commit comments