From 22368fbe6f4d79479bfff6614f10ad3cc6e16848 Mon Sep 17 00:00:00 2001
From: mr-tz <moritz.raabe@mandiant.com>
Date: Wed, 9 Oct 2024 12:13:11 +0000
Subject: [PATCH 1/5] rename bin_search function

---
 capa/features/extractors/ida/helpers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/capa/features/extractors/ida/helpers.py b/capa/features/extractors/ida/helpers.py
index a40ca3fda..fc22bc38d 100644
--- a/capa/features/extractors/ida/helpers.py
+++ b/capa/features/extractors/ida/helpers.py
@@ -41,7 +41,7 @@ def find_byte_sequence(start: int, end: int, seq: bytes) -> Iterator[int]:
             return
 
         while True:
-            ea, _ = ida_bytes.bin_search3(start, end, patterns, ida_bytes.BIN_SEARCH_FORWARD)
+            ea, _ = ida_bytes.bin_search(start, end, patterns, ida_bytes.BIN_SEARCH_FORWARD)
             if ea == idaapi.BADADDR:
                 break
             start = ea + 1

From f2c329b7683c5beba4e5dbf1585eb7aca8ec11ea Mon Sep 17 00:00:00 2001
From: mr-tz <moritz.raabe@mandiant.com>
Date: Wed, 9 Oct 2024 12:15:38 +0000
Subject: [PATCH 2/5] rename ida to idapro module for IDA 9.0

---
 CHANGELOG.md                           |  1 +
 capa/features/extractors/ida/idalib.py | 12 ++++++++----
 capa/loader.py                         |  4 ++--
 pyproject.toml                         |  2 +-
 4 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 97f0bfc20..f8368d30a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@
 ### Bug Fixes
 
 - extractor: fix exception when PE extractor encounters unknown architecture #2440 @Tamir-K
+- IDA Pro: rename ida to idapro module for plugin and idalib in IDA 9.0 #2453 @mr-tz
 
 ### capa Explorer Web
 
diff --git a/capa/features/extractors/ida/idalib.py b/capa/features/extractors/ida/idalib.py
index df1e3172e..f0627971a 100644
--- a/capa/features/extractors/ida/idalib.py
+++ b/capa/features/extractors/ida/idalib.py
@@ -18,7 +18,7 @@
 
 def is_idalib_installed() -> bool:
     try:
-        return importlib.util.find_spec("ida") is not None
+        return importlib.util.find_spec("idapro") is not None
     except ModuleNotFoundError:
         return False
 
@@ -44,6 +44,7 @@ def get_idalib_user_config_path() -> Optional[Path]:
 def find_idalib() -> Optional[Path]:
     config_path = get_idalib_user_config_path()
     if not config_path:
+        logger.error("IDA Pro user configuration does not exist, please make sure you've installed idalib properly.")
         return None
 
     config = json.loads(config_path.read_text(encoding="utf-8"))
@@ -51,6 +52,9 @@ def find_idalib() -> Optional[Path]:
     try:
         ida_install_dir = Path(config["Paths"]["ida-install-dir"])
     except KeyError:
+        logger.error(
+            "IDA Pro user configuration does not contain location of IDA Pro installation, please make sure you've installed idalib properly."
+        )
         return None
 
     if not ida_install_dir.exists():
@@ -73,7 +77,7 @@ def find_idalib() -> Optional[Path]:
     if not idalib_path.exists():
         return None
 
-    if not (idalib_path / "ida" / "__init__.py").is_file():
+    if not (idalib_path / "idapro" / "__init__.py").is_file():
         return None
 
     return idalib_path
@@ -96,7 +100,7 @@ def has_idalib() -> bool:
 
 def load_idalib() -> bool:
     try:
-        import ida
+        import idapro
 
         return True
     except ImportError:
@@ -106,7 +110,7 @@ def load_idalib() -> bool:
 
         sys.path.append(idalib_path.absolute().as_posix())
         try:
-            import ida  # noqa: F401 unused import
+            import idapro  # noqa: F401 unused import
 
             return True
         except ImportError:
diff --git a/capa/loader.py b/capa/loader.py
index c4c8c1afa..f481d7b8d 100644
--- a/capa/loader.py
+++ b/capa/loader.py
@@ -323,7 +323,7 @@ def get_extractor(
         if not idalib.load_idalib():
             raise RuntimeError("failed to load IDA idalib module.")
 
-        import ida
+        import idapro
         import ida_auto
 
         import capa.features.extractors.ida.extractor
@@ -333,7 +333,7 @@ def get_extractor(
         # so as not to screw up structured output.
         with capa.helpers.stdout_redirector(io.BytesIO()):
             with console.status("analyzing program...", spinner="dots"):
-                if ida.open_database(str(input_path), run_auto_analysis=True):
+                if idapro.open_database(str(input_path), run_auto_analysis=True):
                     raise RuntimeError("failed to analyze input file")
 
             logger.debug("idalib: waiting for analysis...")
diff --git a/pyproject.toml b/pyproject.toml
index d3a5481a3..3416c3a9b 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -177,7 +177,7 @@ known_first_party = [
     "binaryninja",
     "flirt",
     "ghidra",
-    "ida",
+    "idapro",
     "ida_ida",
     "ida_auto",
     "ida_bytes",

From 6447319cc7f6a61bc3cc928b6f980a5b7c3069c2 Mon Sep 17 00:00:00 2001
From: Fariss <rev.fariss@gmail.com>
Date: Thu, 10 Oct 2024 13:40:04 +0200
Subject: [PATCH 3/5] explorer web: wrap long function calls (#2447)

Co-authored-by: Moritz <mr-tz@users.noreply.github.com>
---
 web/explorer/src/components/RuleMatchesTable.vue  |  2 +-
 .../src/components/columns/RuleColumn.vue         | 15 ++++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/web/explorer/src/components/RuleMatchesTable.vue b/web/explorer/src/components/RuleMatchesTable.vue
index fe891901f..3340ef875 100644
--- a/web/explorer/src/components/RuleMatchesTable.vue
+++ b/web/explorer/src/components/RuleMatchesTable.vue
@@ -160,7 +160,7 @@
 
     <!-- Source code dialog -->
     <Dialog v-model:visible="sourceDialogVisible" style="width: 50vw">
-        <highlightjs autodetect :code="currentSource" />
+        <highlightjs :autodetect="false" language="yaml" :code="currentSource" />
     </Dialog>
 </template>
 
diff --git a/web/explorer/src/components/columns/RuleColumn.vue b/web/explorer/src/components/columns/RuleColumn.vue
index 2a23a2749..7afc18e3b 100644
--- a/web/explorer/src/components/columns/RuleColumn.vue
+++ b/web/explorer/src/components/columns/RuleColumn.vue
@@ -55,7 +55,12 @@
 
         <!-- example node: "exit(0) -> 0" (if the node type is call-info, we highlight node.data.name.callInfo) -->
         <template v-else-if="node.data.type === 'call-info'">
-            <highlightjs lang="c" :code="node.data.name.callInfo" class="text-xs" />
+            <highlightjs
+                :autodetect="false"
+                language="c"
+                :code="node.data.name.callInfo"
+                class="text-xs highlightjs-wrapper"
+            />
         </template>
 
         <!-- example node: " = IMAGE_NT_SIGNATURE (PE)" -->
@@ -83,3 +88,11 @@ const getTooltipContent = (data) => {
     return null;
 };
 </script>
+
+<style scoped>
+.highlightjs-wrapper {
+    width: 120ch;
+    word-wrap: break-word;
+    white-space: normal;
+}
+</style>

From 688afab087600e4204ef156a0279e7c0f5c33f98 Mon Sep 17 00:00:00 2001
From: Moritz <mr-tz@users.noreply.github.com>
Date: Fri, 11 Oct 2024 12:34:18 +0200
Subject: [PATCH 4/5] add v7.4.0 info

---
 web/public/index.html | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/web/public/index.html b/web/public/index.html
index 57bbed05e..f77ab434f 100644
--- a/web/public/index.html
+++ b/web/public/index.html
@@ -215,6 +215,12 @@ <h2 class="mt-3">Rule Updates</h2>
 
       <h2 class="mt-3">Tool Updates</h2>
 
+      <h3 class="mt-2">v7.4.0 (<em>2024-10-04</em>)</h3>
+      <p class="mt-0">
+        The <a href="https://github.com/mandiant/capa/releases/tag/v7.4.0">v7.4.0</a> capa release fixes a bug when processing VMRay analysis archives and enhances API extraction for all dynamic backends. For better terminal rendering capa now solely relies on the rich library.<br />
+        The standalone capa executable can now automatically detect installations of relevant third party applications and use their backends (notably, idalib and Binary Ninja). For the extra standalone Linux build we've upgraded from Python 3.11 to 3.12.
+      </p>
+
       <h3 class="mt-2">v7.3.0 (<em>2024-09-20</em>)</h3>
       <div class="mt-0">
         The <a href="https://github.com/mandiant/capa/releases/tag/v7.3.0">capa v7.3.0</a> release comes with the following three major enhancements:

From bc91171c654d8d3e5f886a3e67496984a438a116 Mon Sep 17 00:00:00 2001
From: mr-tz <moritz.raabe@mandiant.com>
Date: Fri, 11 Oct 2024 15:08:01 +0000
Subject: [PATCH 5/5] fix bug preventing save of capa results

---
 CHANGELOG.md            |  2 ++
 capa/ida/plugin/form.py | 11 +++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f8368d30a..ab5d9ca24 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,8 @@
 
 ### capa Explorer IDA Pro plugin
 
+- fix bug preventing saving of capa results via Save button @mr-tz
+
 ### Development
 
 ### Raw diffs
diff --git a/capa/ida/plugin/form.py b/capa/ida/plugin/form.py
index 0aee6cea2..028ce2078 100644
--- a/capa/ida/plugin/form.py
+++ b/capa/ida/plugin/form.py
@@ -1309,10 +1309,17 @@ def save_program_analysis(self):
 
         s = self.resdoc_cache.model_dump_json().encode("utf-8")
 
-        path = Path(self.ask_user_capa_json_file())
-        if not path.exists():
+        path = self.ask_user_capa_json_file()
+        if not path:
+            # dialog canceled
+            return
+
+        path = Path(path)
+        if not path.parent.exists():
+            logger.warning("Failed to save file: parent directory '%s' does not exist.", path.parent)
             return
 
+        logger.info("Saving capa results to %s.", path)
         write_file(path, s)
 
     def save_function_analysis(self):