1.0.0 release

.github/workflows/workflow.yml

@@ -8,7 +8,7 @@ jobs:
     strategy:
       matrix:
         # This workflow can be matrixed against multiple Python versions if desired. eg. [3.7, 3.8, 3.9, "3.10"]
-        python-version: [ 3.8 ]
+        python-version: [ "3.11" ]
 
     steps:
       # Get the code from the repository to be linted, packaged, and pushed

CHANGELOG.md

@@ -1,13 +1,25 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
-# [Unreleased]
+## [1.0.0] - 2024-06-06
 - Fix bug in `stos` instructions to pull address from `rdi` instead of `edi` (@ddash-ct)
+- Dropped support for Python 3.8
+- Fixed issue with finding code paths for recursive functions. (#10)
+- `Emulator.context_at()` will now raise a `ValueError` (instead of returning None) if no contexts could be made.
+- Fixed handling of function calls to import prefixed functions.
+- Added new interactive command line shell. (see [documentation](./docs/Shell.md))
+- Added ability to provide a callable or opcode to the `end` keyword in `ProcessorContext.execute()`
+- Added and updated helpers for context memory:
+  - `read_string_bytes()`  - Like `read_string()` but doesn't decode to a string.
+  - `read_int()` - Reads bytes as integer of given size.
+  - `write_string()` - Can now accept bytes or string value.
+  - `write_int()` - Writes an integer of given size.
+- Added ability to provided fixed number of arguments for registered builtin call hooks.
 
 
 ## [0.10.0] - 2023-11-29
 - Tested on Ghidra 10.4
-- Added `create_function()` utility function in `rugosa.func_utils`. This attempts to define a function containing the given address by looking for common start bounds. 
+- Added `create_function()` utility function in `rugosa.func_utils`. This attempts to define a function containing the given address by looking for common start bounds.
 
 
 ## [0.9.0] - 2023-09-06
@@ -130,7 +142,8 @@ All notable changes to this project will be documented in this file.
 - Migrated the majority of Kordesii functionality to work with Dragodis.
 
 
-[Unreleased]: https://github.com/dod-cyber-crime-center/rugosa/compare/0.10.0...HEAD
+[Unreleased]: https://github.com/dod-cyber-crime-center/rugosa/compare/1.0.0...HEAD
+[1.0.0]: https://github.com/dod-cyber-crime-center/rugosa/compare/0.10.0...1.0.0
 [0.10.0]: https://github.com/dod-cyber-crime-center/rugosa/compare/0.9.0...0.10.0
 [0.9.0]: https://github.com/dod-cyber-crime-center/rugosa/compare/0.8.0...0.9.0
 [0.8.0]: https://github.com/dod-cyber-crime-center/rugosa/compare/0.7.2...0.8.0

README.md

@@ -1,11 +1,16 @@
 # Rugosa
 
-The next generation of [kordesii](https://github.com/Defense-Cyber-Crime-Center/kordesii). 
-This is a library (not a framework) for managing emulation and provides utilities 
-for interfacing with decompiled malware samples using [dragodis](https://github.com/Defense-Cyber-Crime-Center/dragodis).
+Rugosa is a static malware analysis library and tool developed using the disassembler-agnostic 
+[dragodis](https://github.com/dod-cyber-crime-center/dragodis) API. It incorporates a binary emulation framework along with
+utilities for regex and YARA searching, string extraction, and function discovery within disassembled code.
+These features enhance capabilities for comprehensive malware analysis and metadata extraction.
 
-Rugosa is meant to be used with an automation framework such as [DC3-MWCP](https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP),
-but can also be used in one-off scripting.
+Rugosa utilizes an in-house developed emulation engine entirely written in Python to achieve full control of the execution
+context and offer high-level abstractions for emulated artifacts. 
+It adopts a targeted approach employing branch path tracing to emulate portions of code without the need to fully
+emulate preceding code or modify the binary to accommodate such control flow.
+
+Currently, x86 and ARM processors are supported.
 
 
 ## Install
@@ -27,6 +32,14 @@ The following utilities are included with Rugosa:
 - [YARA](./docs/YARA.md)
 
 
+## Interactive Shell
+
+Rugosa includes an interactive shell created with [cmd2](https://cmd2.readthedocs.io) for emulating and traversing a given binary.
+For more information on how to use the tool, please see the [documentation](./docs/Shell.md).
+
+![](docs/assets/shell.gif)
+
+
 ## Emulator Plugin
 
 Rugosa includes a IDA and Ghidra plugin which provides a GUI for using the [emulation](./docs/CPUEmulation.md) utility.