Shellcode mode as an option within IDA plugin

Summary

It would be useful if it were possible to run the IDA plugin against Shellcode within IDA. One potential place to add this option might be where we currently have file, function, basic block or somewhere else within settings.

Motivation

I noticed today whilst working on a shellcode sample that the Capa plugin within IDA threw the following error

[ERROR] Failed to extract capabilities from database (error: ('file format: %s', 'Binary file')) (form:load_capa_results)

I ran capa in -sc32 mode outside of IDA against the same sample and received a few results.

My current understanding is that this happens because shellcode is a different “mode” to Windows or ELF analysis. But if this is by the unexpected behavior when running the plugin against Windows x86 shellcode and it should actually just run then feel free to close this request.

Describe alternatives you’ve considered

Manually translating capa json output results into IDA by defining code at block locations matched as containing certain functionality.

Additional context

One sample that this applies to is the following

Warning, this sample is potentially malicious if ran