capa icon indicating copy to clipboard operation
capa copied to clipboard
verified publisher icon mandiant

binja: `get_instruction` should attach the list of associated LLIL instructions to the instruction object

Open xusheng6 opened this issue 1 year ago • 2 comments

At https://github.com/mandiant/capa/blob/688841fd3b337865c7affb39ac62c6454f9c4d94/capa/features/extractors/binja/extractor.py#L78

Currently, several instruction level analysis tries to get the associated LLIL instruction given an address using the API get_llil_at or get_llils_at. These should be avoided and the lookup should better be just done once

xusheng6 avatar Dec 03 '24 12:12 xusheng6

see 73f56f585cb17d30c964192b6bf383ed107a71d8 for an implementation

williballenthin avatar Dec 03 '24 12:12 williballenthin

see 73f56f5 for an implementation

Oh nice! I was once a bit confused by what you are trying to do with that PR, but now I realized that apparently you did almost exactly what I wanted to do. Thanks! And I will look into it ASAP

xusheng6 avatar Dec 03 '24 13:12 xusheng6