Fix byte/string extraction and unit tests (#1339)

* Fix wrong expected results on string and bytes tests. Fix https://github.com/mandiant/capa/issues/1336 * Fix IDA insn/byte extractor checks wrong address. Fix https://github.com/mandiant/capa/issues/1327 * fix vivisect string check and tests --------- Co-authored-by: Xusheng <xusheng@vector35.com>
2025-12-23 15:37:37 -08:00 · 2023-03-02 10:33:14 +01:00
parent be6bb879f3
commit 52de09a032
4 changed files with 21 additions and 7 deletions
--- a/capa/features/extractors/ida/insn.py
+++ b/capa/features/extractors/ida/insn.py
@@ -172,7 +172,7 @@ def extract_insn_bytes_features(fh: FunctionHandle, bbh: BBHandle, ih: InsnHandl
    if ref != insn.ea:
        extracted_bytes = capa.features.extractors.ida.helpers.read_bytes_at(ref, MAX_BYTES_FEATURE_SIZE)
        if extracted_bytes and not capa.features.extractors.helpers.all_zeros(extracted_bytes):
-            if not capa.features.extractors.ida.helpers.find_string_at(insn.ea):
+            if not capa.features.extractors.ida.helpers.find_string_at(ref):
                # don't extract byte features for obvious strings
                yield Bytes(extracted_bytes), ih.address