Skip to content

Commit

Permalink
remove _ prefix from library functions identified using FLIRT
Browse files Browse the repository at this point in the history
  • Loading branch information
Michael Hunhoff committed Mar 23, 2022
1 parent 8fd81d1 commit e741ea8
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
### capa explorer IDA Pro plugin
- improve file format extraction #918 @mike-hunhoff
- remove decorators added by IDA to ELF imports #919 @mike-hunhoff
- remove _ prefix from library functions identified using FLIRT #924 @mike-hunhoff

### Development

Expand Down
3 changes: 2 additions & 1 deletion capa/features/extractors/ida/insn.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,8 @@ def extract_insn_api_features(f, bb, insn):

if target_func.flags & idaapi.FUNC_LIB:
name = idaapi.get_name(target_func.start_ea)
yield API(name), insn.ea
# IDA uses _ prefix for library functions identified using FLIRT
yield API(name.lstrip("_")), insn.ea


def extract_insn_number_features(f, bb, insn):
Expand Down

0 comments on commit e741ea8

Please sign in to comment.