question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Capa explorer fails to run

See original GitHub issue

Prerequisites

  • Put an X between the brackets on this line if you have done all of the following:
    • Checked that your issue isn’t already filed: search

Description

Getting Error while invoking ida_capa_explorer.py using IDApro.

Steps to Reproduce

  1. Load a file into IDA
  2. then Alt+F7
  3. Navigate to ida_capa_explorer.py and open it

Expected behavior:

It should open the capa explorer with the results.

Actual behavior:

the explorer is opening without the results.

Versions

Latest capa and python 2.7 on IDA Pro 7.0

Additional Information

I know the capa is meant to be working on 7.4 or 7.5 but looking at the error it seems capa can’t locate rules path.

This is the following error thrown by IDA Pro:

INFO:capa:--------------------------------------------------------------------------------
INFO:capa: Using default embedded rules.
INFO:capa: 
INFO:capa: You can see the current default rule set here:
INFO:capa:     https://github.com/fireeye/capa-rules
INFO:capa:--------------------------------------------------------------------------------
IDAPython: Error while calling Python callback <OnCreate>:
Traceback (most recent call last):
  File "C:/python27-x64/Lib/site-packages/capa/ida/ida_capa_explorer.py", line 104, in OnCreate
    self.load_capa_results()
  File "C:/python27-x64/Lib/site-packages/capa/ida/ida_capa_explorer.py", line 362, in load_capa_results
    rules = capa.main.get_rules(rules_path)
  File "C:\python27-x64\lib\site-packages\capa\main.py", line 304, in get_rules
    raise IOError("rule path %s does not exist or cannot be accessed" % rule_path)
IOError: rule path C:/python27-x64/Lib/site-packages/capa/ida\../..\rules does not exist or cannot be accessed
INFO:capa:form closed.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:14

github_iconTop GitHub Comments

1reaction
r0ny123commented, Jul 30, 2020

I am gonna try that import script.

1reaction
r0ny123commented, Jul 17, 2020

And I think downloading capa rules should also be documented under https://github.com/fireeye/capa/blob/master/doc/installation.md#method-2-using-capa-as-a-python-library

Oh, I see this is already in discussion, +1 from me!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Capa explorer fails to run · Issue #165 - GitHub
I know the capa is meant to be working on 7.4 or 7.5 but looking at the error it seems capa can't locate...
Read more >
capa 2.0: Better, Stronger, Faster - Mandiant
Once you've installed capa explorer using the Getting Started guide, open the plugin by navigating to Edit > Plugins > FLARE capa explorer....
Read more >
capa v4.0.1 releases: identify capabilities in executable files
capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the...
Read more >
Login Problems with LON-CAPA - Michigan State University
The third most common problem is that a user has accidentally gone to the wrong server. LON-CAPA is running at many universities, colleges,...
Read more >
explorer.exe error when run - Microsoft Community
Hello, when opening file explorer from the taskbar I get this error and when launching explorer.exe in C:/Windows/explorer.exe I get this ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found