Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

binja unit test failing because an expected function is not created by the auto analysis #2507

Closed
xusheng6 opened this issue Nov 26, 2024 · 5 comments

Comments

@xusheng6
Copy link
Contributor

The binja unit test is now failing: https://github.com/mandiant/capa/actions/runs/12018561216/job/33504909578#step:7:222

And the reason is the stable 4.2 binja is not creating a function at 0x14004b4f0 for the sample al-khaser_x64.exe_

Screenshot 2024-11-26 at 1 54 32 PM

@xusheng6
Copy link
Contributor Author

xusheng6 commented Nov 26, 2024

I will create a workaround for it since a proper fix will only come in the next stable release

@xusheng6
Copy link
Contributor Author

@williballenthin I checked the code and did not find a good way to workaround this. Can we disable the al-khaser_x64.exe test for binja backend? Since even if we have a proper fix for it soon, it would not be available in the stable until the next stable release

@xusheng6
Copy link
Contributor Author

@williballenthin please add binary-ninja tag on this

@xusheng6 xusheng6 changed the title binja unit test failing because an expected function is not creatd by the auto analysis binja unit test failing because an expected function is not created by the auto analysis Nov 29, 2024
@mr-tz
Copy link
Collaborator

mr-tz commented Dec 3, 2024

Could we manually create the function like for vivisect?

capa/tests/fixtures.py

Lines 119 to 128 in c85be8d

def fixup_viv(path: Path, extractor):
"""
vivisect fixups to overcome differences between backends
"""
if "3b13b" in path.name:
# vivisect only recognizes calling thunk function at 0x10001573
extractor.vw.makeFunction(0x10006860)
if "294b8d" in path.name:
# see vivisect/#561
extractor.vw.makeFunction(0x404970)

Otherwise, we can just skip/xfail the test with the missing function.

@xusheng6
Copy link
Contributor Author

xusheng6 commented Dec 3, 2024

Could we manually create the function like for vivisect?

capa/tests/fixtures.py

Lines 119 to 128 in c85be8d

def fixup_viv(path: Path, extractor):
"""
vivisect fixups to overcome differences between backends
"""
if "3b13b" in path.name:
# vivisect only recognizes calling thunk function at 0x10001573
extractor.vw.makeFunction(0x10006860)
if "294b8d" in path.name:
# see vivisect/#561
extractor.vw.makeFunction(0x404970)

Otherwise, we can just skip/xfail the test with the missing function.

We definitely should! I was looking for a place to do it, but I cannot find an elegant place to plug it. But now I know how to do it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants