binja: fix up the analysis for the al-khaser_x64.exe_ file. Fix https://github.com/mandiant/capa/issues/2507

2025-12-05 20:40:05 -08:00 · 2024-12-04 14:57:13 +08:00
parent d7cf8d1251
commit 4448d612f1
3 changed files with 13 additions and 5 deletions
--- a/tests/fixtures.py
+++ b/tests/fixtures.py
@@ -180,6 +180,12 @@ def get_binja_extractor(path: Path):
    if path.name.endswith("kernel32-64.dll_"):
        settings.set_bool("pdb.loadGlobalSymbols", old_pdb)

+    # TODO(xusheng6): Temporary fix for https://github.com/mandiant/capa/issues/2507. Remove this once it is fixed in
+    # binja
+    if "al-khaser_x64.exe_" in path.name:
+        bv.create_user_function(0x14004B4F0)
+        bv.update_analysis_and_wait()
+
    extractor = capa.features.extractors.binja.extractor.BinjaFeatureExtractor(bv)

    # overload the extractor so that the fixture exposes `extractor.path`