Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

binja: fix up analysis for the al-khaser_x64.exe_ file #2522

Merged
merged 2 commits into from
Dec 4, 2024
Merged

binja: fix up analysis for the al-khaser_x64.exe_ file #2522

merged 2 commits into from
Dec 4, 2024

Conversation

xusheng6
Copy link
Contributor

@xusheng6 xusheng6 commented Dec 4, 2024

This provides a better fix for #2507 by fixing up the binja analysis (i.e., manually defining the function at 0x14004b4f0)

This issue also exposes a bug when I previously introduced the optimization in b6763ac. It is not fixed in this PR as well

Checklist

  • No CHANGELOG update needed
  • No new tests needed
  • No documentation update needed

williballenthin
williballenthin approved these changes Dec 4, 2024
View reviewed changes
tests/fixtures.py Outdated
@@ -180,6 +180,11 @@ def get_binja_extractor(path: Path):
if path.name.endswith("kernel32-64.dll_"):
settings.set_bool("pdb.loadGlobalSymbols", old_pdb)

# Temporary fix for https://github.com/mandiant/capa/issues/2507. Remove this once it is fixed in binja
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# Temporary fix for https://github.com/mandiant/capa/issues/2507. Remove this once it is fixed in binja
# TODO(xusheng6): Temporary fix for https://github.com/mandiant/capa/issues/2507. Remove this once it is fixed in binja

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated accordingly!

@williballenthin williballenthin merged commit 4448d61 into mandiant:master Dec 4, 2024
24 checks passed
@mr-tz
Copy link
Collaborator

mr-tz commented Dec 4, 2024

Great, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@williballenthin williballenthin williballenthin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xusheng6 @mr-tz @williballenthin