gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-02-04 11:07:53 -08:00
Code Issues Packages Projects Releases Wiki Activity

insn: better detect offset/numbers

Browse Source
This commit is contained in:
Willi Ballenthin
2022-04-06 15:12:59 -06:00
parent 1c7b6bcf7d
commit 1a44dd8a2b
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
capa/features/extractors/ida/insn.py
View File

@@ -218,7 +218,7 @@ def extract_insn_offset_features(f, bb, insn):
yield Offset(op_off), insn.ea
yield OperandOffset(i, op_off), insn.ea
if i == 1 and op.type == idaapi.o_phrase:
if insn.itype == idaapi.NN_lea and i == 1 and op.type == idaapi.o_displ:
# for pattern like:
#
# lea eax, [ebx + 1]

2
capa/features/extractors/viv/insn.py
View File

@@ -576,7 +576,7 @@ def extract_op_offset_features(f, bb, insn, i, oper):
yield Offset(v), insn.va
yield OperandOffset(i, v), insn.va
if i == 1 and not f.vw.probeMemory(v, 1, envi.memory.MM_READ):
if insn.mnem == "lea" and i == 1 and not f.vw.probeMemory(v, 1, envi.memory.MM_READ):
# for pattern like:
#
# lea eax, [ebx + 1]