Merge pull request #1669 from xusheng6/master

2026-02-04 19:12:01 -08:00 · 2023-07-26 08:35:54 +02:00
parent d598faf145 8f826cb92d
commit dd53349aea
3 changed files with 5 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,8 @@

 ### Bug Fixes

+- Fix binja backend stack string detection. [#1473](https://github.com/mandiant/capa/issues/1473) [@xusheng6](https://github.com/xusheng6)
+
 ### capa explorer IDA Pro plugin

 ### Development
--- a/capa/features/extractors/binja/basicblock.py
+++ b/capa/features/extractors/binja/basicblock.py
@@ -75,10 +75,11 @@ def get_stack_string_len(f: Function, il: MediumLevelILInstruction) -> int:
        return 0

    dest = il.params[0]
-    if dest.operation != MediumLevelILOperation.MLIL_ADDRESS_OF:
+    if dest.operation in [MediumLevelILOperation.MLIL_ADDRESS_OF, MediumLevelILOperation.MLIL_VAR]:
+        var = dest.src
+    else:
        return 0

-    var = dest.src
    if var.source_type != VariableSourceType.StackVariableSourceType:
        return 0

--- a/tests/test_binja_features.py
+++ b/tests/test_binja_features.py
@@ -40,9 +40,6 @@ except ImportError:
    indirect=["sample", "scope"],
 )
 def test_binja_features(sample, scope, feature, expected):
-    if feature == capa.features.common.Characteristic("stack string"):
-        pytest.xfail("skip failing Binja stack string detection temporarily, see #1473")
-
    if isinstance(feature, capa.features.file.Export) and "." in str(feature.value):
        pytest.xfail("skip Binja unsupported forwarded export feature, see #1646")