Binary Ninja update and fix (#2205)

* Fix binja warning (use of a deprecated API method) * Update binja plugin > Fix json openning and parsing > Fix base address * Fix code_style * lint black update
2025-12-05 20:40:05 -08:00 · 2024-07-12 12:25:19 +02:00
parent bb86d1485c
commit 76913af20b
2 changed files with 22 additions and 6 deletions
--- a/capa/features/extractors/binja/extractor.py
+++ b/capa/features/extractors/binja/extractor.py
@@ -28,7 +28,7 @@ from capa.features.extractors.base_extractor import (

 class BinjaFeatureExtractor(StaticFeatureExtractor):
    def __init__(self, bv: binja.BinaryView):
-        super().__init__(hashes=SampleHashes.from_bytes(bv.file.raw.read(0, len(bv.file.raw))))
+        super().__init__(hashes=SampleHashes.from_bytes(bv.file.raw.read(0, bv.file.raw.length)))
        self.bv = bv
        self.global_features: List[Tuple[Feature, Address]] = []
        self.global_features.extend(capa.features.extractors.binja.file.extract_file_format(self.bv))
--- a/scripts/import-to-bn.py
+++ b/scripts/import-to-bn.py
@@ -69,7 +69,8 @@ def load_analysis(bv):
        return 0
    binaryninja.log_info(f"Using capa file {path}")

-    doc = json.loads(path.read_bytes().decode("utf-8"))
+    with Path(path).open("r", encoding="utf-8") as file:
+        doc = json.load(file)

    if "meta" not in doc or "rules" not in doc:
        binaryninja.log_error("doesn't appear to be a capa report")
@@ -83,20 +84,35 @@ def load_analysis(bv):
        binaryninja.log_error("sample mismatch")
        return -2

+    # Retreive base address
+    capa_base_address = 0
+    if "analysis" in doc["meta"] and "base_address" in doc["meta"]["analysis"]:
+        if doc["meta"]["analysis"]["base_address"]["type"] == "absolute":
+            capa_base_address = int(doc["meta"]["analysis"]["base_address"]["value"])
+
    rows = []
    for rule in doc["rules"].values():
        if rule["meta"].get("lib"):
            continue
        if rule["meta"].get("capa/subscope"):
            continue
-        if rule["meta"]["scope"] != "function":
+        if rule["meta"]["scopes"].get("static") != "function":
            continue

        name = rule["meta"]["name"]
        ns = rule["meta"].get("namespace", "")
-        for va in rule["matches"].keys():
-            va = int(va)
-            rows.append((ns, name, va))
+        for matches in rule["matches"]:
+            for match in matches:
+                if "type" not in match.keys():
+                    continue
+                if "value" not in match.keys():
+                    continue
+                va = match["value"]
+                # Substract va and CAPA base_address
+                va = int(va) - capa_base_address
+                # Add binja base address
+                va = va + bv.start
+                rows.append((ns, name, va))

    # order by (namespace, name) so that like things show up together
    rows = sorted(rows)