Merge pull request #2535 from mandiant/fix/ida-find_byte_sequence

handle IDA 8.3/8.4 vs. 9.0 API change
2025-12-12 15:49:46 -08:00 · 2024-12-09 17:11:33 +01:00
parent f11661f8f2 8a02b0773d
commit 347601a112
2 changed files with 11 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@

 ### Bug Fixes

+- handle IDA 8.3/8.4 vs. 9.0 API change @mr-tz
+
 ### capa Explorer Web

 ### capa Explorer IDA Pro plugin
--- a/capa/features/extractors/ida/helpers.py
+++ b/capa/features/extractors/ida/helpers.py
@@ -41,7 +41,15 @@ if hasattr(ida_bytes, "parse_binpat_str"):
            return

        while True:
-            ea, _ = ida_bytes.bin_search(start, end, patterns, ida_bytes.BIN_SEARCH_FORWARD)
+            ea = ida_bytes.bin_search(start, end, patterns, ida_bytes.BIN_SEARCH_FORWARD)
+            if isinstance(ea, int):
+                # "ea_t" in IDA 8.4, 8.3
+                pass
+            elif isinstance(ea, tuple):
+                # "drc_t" in IDA 9
+                ea = ea[0]
+            else:
+                raise NotImplementedError(f"bin_search returned unhandled type: {type(ea)}")
            if ea == idaapi.BADADDR:
                break
            start = ea + 1