From 61e1684783880f09b22b22b5047c6ea044e5bf05 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Wed, 27 Nov 2024 12:18:38 +0000 Subject: [PATCH] binary ninja: use function.callers to compute call graph --- capa/features/extractors/binja/extractor.py | 39 +++------------------ 1 file changed, 5 insertions(+), 34 deletions(-) diff --git a/capa/features/extractors/binja/extractor.py b/capa/features/extractors/binja/extractor.py index 7a8421bb..568a8e21 100644 --- a/capa/features/extractors/binja/extractor.py +++ b/capa/features/extractors/binja/extractor.py @@ -61,40 +61,11 @@ class BinjaFeatureExtractor(StaticFeatureExtractor): f: Function for f in self.bv.functions: - bv: BinaryView = f.view - - for bbil in f.llil: - for llil in bbil: - if llil.operation not in ( - LowLevelILOperation.LLIL_CALL, - LowLevelILOperation.LLIL_CALL_STACK_ADJUST, - LowLevelILOperation.LLIL_JUMP, - LowLevelILOperation.LLIL_TAILCALL, - ): - continue - - if llil.dest.value.type not in ( - RegisterValueType.ImportedAddressValue, - RegisterValueType.ConstantValue, - RegisterValueType.ConstantPointerValue, - ): - continue - - address = llil.dest.value.value - - for sym in bv.get_symbols(address): - if not sym: - continue - - if sym.type not in ( - SymbolType.ImportAddressSymbol, - SymbolType.ImportedFunctionSymbol, - SymbolType.FunctionSymbol, - ): - continue - - calls_from[f.start].add(address) - calls_to[address].add(f.start) + for caller in f.callers: + if caller == f: + logger.debug("recursive: 0x%x", f.start) + calls_from[caller.start].add(f.start) + calls_to[f.start].add(caller.start) call_graph = { "calls_to": calls_to,