binexport: Ghidra operand issue (LDP) Ghidra symbol madness?

mandiant / capa

The FLARE team's open-source tool to identify capabilities in executable files.

https://mandiant.github.io/capa/

Apache License 2.0

4.91k stars 565 forks source link

binexport: Ghidra operand issue (LDP) Ghidra symbol madness? #2102

Closed mr-tz closed 3 months ago

mr-tz commented 6 months ago

for 687e79cde5b0ced75ac229465835054931f9ec438816f2827a8be5f3bd474929

.text:00000000000075B8 LDP             X29, X30, [SP],#0x10

operand: X29
operand: X30
operand: [SP],#0x10

@mike-hunhoff may have more insight on the status here

mike-hunhoff commented 6 months ago

The Ghidra operand parsing is fragile at best right now. There is a PR being worked to improve the Ghidra BinExport extension's operand parsing and once that's merged I'll be looping back to capa's BinExport operand parsing to ensure the improvements are leveraged here.