gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-06-12 11:01:31 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix: break thunk chain loop after resolving import to avoid duplicate API features

Browse Source
This commit is contained in:
Willi Ballenthin
2026-04-22 20:07:15 +03:00
committed by Willi Ballenthin
parent 27d7741991
commit 14a1d9981f
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+3
View File
@@ -48,6 +48,9 @@
- fix: remove unreachable backports.functools_lru_cache fallback and dead dependency @williballenthin
- fix: Scopes.from_dict uses cls instead of self so subclasses return the correct type @williballenthin
- fix: correct wrong dict key in VMRay _compute_monitor_threads assertion (used thread_id instead of process_id) @williballenthin
fix: replace assert with isinstance guard in get_callee for invalid MethodSpec tokens @williballenthin
- fix: replace assert with isinstance guard in get_callee for invalid MethodSpec tokens @williballenthin
- fix: break thunk chain loop after resolving import to avoid duplicate API features @williballenthin (SURF-57)
- fix: pass insn instead of oper to getOperValue/getOperAddr in viv insn extractor @williballenthin (SURF-56)
- fix: implement extract_function_loop in dnfile extractor to detect backward branches as loops @williballenthin (SURF-55)
- fix: remove dead find_process function and helpers.py from cape extractor @williballenthin (SURF-54)
capa/features/extractors/viv/insn.py
+1
View File
@@ -139,6 +139,7 @@ def extract_insn_api_features(fh: FunctionHandle, bb, ih: InsnHandle) -> Iterato
dll, symbol = imports[target]
for name in capa.features.extractors.helpers.generate_symbols(dll, symbol):
yield API(name), ih.address
break
# if jump leads to an ENDBRANCH instruction, skip it
_offset, _buf = f.vw.getByteDef(target)