adding support to run explorer as IDA plugin

README.md

@@ -146,7 +146,7 @@ rule:
 The [github.com/fireeye/capa-rules](https://github.com/fireeye/capa-rules) repository contains hundreds of standard library rules that are distributed with capa.
 Please learn to write rules and contribute new entries as you find interesting techniques in malware.
 
-If you use IDA Pro, then you use can use the [IDA Pro plugin for capa](./capa/ida/ida_capa_explorer.py).
+If you use IDA Pro, then you use can use the [IDA Pro plugin for capa](capa/ida/plugin/).
 This script adds new user interface elements to IDA, including an interactive tree view of rule matches and their locations within the current database.
 As you select the checkboxes, the plugin will highlight the addresses associated with the features.
 We use this plugin all the time to quickly jump to interesting parts of a program.

capa/ida/helpers/__init__.py

@@ -46,7 +46,7 @@ def is_supported_ida_version():
         logger.warning(
             "Your IDA Pro version is: %s. Supported versions are: %s." % (version, ", ".join(SUPPORTED_IDA_VERSIONS))
         )
-        capa.ida.helpers.inform_user_ida_ui(warning_msg)
+        # capa.ida.helpers.inform_user_ida_ui(warning_msg)
         return False
     return True
 
@@ -62,7 +62,7 @@ def is_supported_file_type():
         )
         logger.error(" If you don't know the input file type, you can try using the `file` utility to guess it.")
         logger.error("-" * 80)
-        inform_user_ida_ui("capa does not support the format of this file")
+        # inform_user_ida_ui("capa does not support the format of this file")
         return False
     return True
 

capa/ida/plugin/__init__.py

@@ -0,0 +1,66 @@
+# Copyright (C) 2020 FireEye, Inc. All Rights Reserved.
+# Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at: [package root]/LICENSE.txt
+# Unless required by applicable law or agreed to in writing, software distributed under the License
+#  is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and limitations under the License.
+
+import logging
+
+import idaapi
+
+from capa.ida.helpers import is_supported_file_type, is_supported_ida_version
+from capa.ida.plugin.form import CapaExplorerForm
+
+logger = logging.getLogger("capa")
+
+
+class CapaExplorerPlugin(idaapi.plugin_t):
+
+    # Mandatory definitions
+    PLUGIN_NAME = "capa explorer"
+    PLUGIN_VERSION = "0.0.1"
+    PLUGIN_AUTHORS = ""
+
+    wanted_name = PLUGIN_NAME
+    comment = "IDA plugin for capa analysis framework"
+    version = ""
+    website = ""
+    help = ""
+    wanted_hotkey = ""
+    flags = 0
+
+    def __init__(self):
+        """ """
+        self.form = None
+
+    def init(self):
+        """
+        called when IDA is loading the plugin
+        """
+        logging.basicConfig(level=logging.INFO)
+
+        # check IDA version and database compat
+        if not is_supported_ida_version():
+            return idaapi.PLUGIN_SKIP
+        if not is_supported_file_type():
+            return idaapi.PLUGIN_SKIP
+
+        logger.info("plugin initialized.")
+
+        return idaapi.PLUGIN_KEEP
+
+    def term(self):
+        """
+        called when IDA is unloading the plugin
+        """
+        logger.info("plugin closed.")
+
+    def run(self, arg):
+        """
+        called when IDA is running the plugin as a script
+        """
+        self.form = CapaExplorerForm(self.PLUGIN_NAME, logger)
+        self.form.Show()
+        return True