Some executables return a CFG with very few nodes. If the total extracted instruction length is smaller than the n-gram size n, then ngram_hist returns an empty list. Therefore, features relying on the ngram_hist, like zeropad(128, default=0)(binary['cfg']['ngram_hist'](3, True, False)[1])[0] result in an IndexError: list index out of range. This not only leads to empty ngram_hist related features, but all other features remain empty, also the non-cfg-based ones which do successfully compute otherwise.
Issue
Some executables return a CFG with very few nodes. If the total extracted instruction length is smaller than the n-gram size n, then
ngram_hist
returns an empty list. Therefore, features relying on thengram_hist
, likezeropad(128, default=0)(binary['cfg']['ngram_hist'](3, True, False)[1])[0]
result in anIndexError: list index out of range
. This not only leads to emptyngram_hist
related features, but all other features remain empty, also the non-cfg-based ones which do successfully compute otherwise.Samples