From df101e5a60fa0bc3fc88561556c33e7a5d4a9564 Mon Sep 17 00:00:00 2001
From: Willi Ballenthin <willi.ballenthin@gmail.com>
Date: Tue, 14 Jun 2022 17:01:20 -0600
Subject: [PATCH] Update capa/features/extractors/dnfile/extractor.py

Co-authored-by: Mike Hunhoff <mike.hunhoff@gmail.com>
---
 capa/features/extractors/dnfile/extractor.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/capa/features/extractors/dnfile/extractor.py b/capa/features/extractors/dnfile/extractor.py
index 485c2bbd..3c53709f 100644
--- a/capa/features/extractors/dnfile/extractor.py
+++ b/capa/features/extractors/dnfile/extractor.py
@@ -62,7 +62,10 @@ class DnfileFeatureExtractor(FeatureExtractor):
 
     def get_instructions(self, fh, bbh):
         for insn in bbh.inner.instructions:
-            yield InsnHandle(address=DNTokenOffsetAddress(bbh.address.token, insn.offset - fh.inner.offset), inner=insn)
+            yield InsnHandle(
+                address=DNTokenOffsetAddress(bbh.address.token, insn.offset - (fh.inner.offset + fh.inner.header_size)),
+                inner=insn,
+            )
 
     def extract_insn_features(self, fh, bbh, ih) -> Iterator[Tuple[Feature, Address]]:
         yield from capa.features.extractors.dnfile.insn.extract_features(fh, bbh, ih)