Thunk assertion fail on Go sample (ELF 64-bit LSB shared object, ARM aarch64) #2524
Description
For https://www.virustotal.com/gui/file/50f107898c6472a1155354f74b039ce951243cdb9714ef881a917d69b8a71ee0/ and associated BinExport file (available on request).
Traceback (most recent call last):
File "/usr/local/google/home/moritzraabe/code/capa/.venv/bin/capa", line 8, in <module>
sys.exit(main())
^^^^^^
File "/usr/local/google/home/moritzraabe/code/capa/capa/main.py", line 990, in main
extractor = get_extractor_from_cli(args, input_format, backend)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/google/home/moritzraabe/code/capa/capa/main.py", line 837, in get_extractor_from_cli
extractor = capa.loader.get_extractor(
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/google/home/moritzraabe/code/capa/capa/loader.py", line 316, in get_extractor
return capa.features.extractors.binexport2.extractor.BinExport2FeatureExtractor(be2, buf)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/google/home/moritzraabe/code/capa/capa/features/extractors/binexport2/extractor.py", line 47, in __init__
self.analysis: BinExport2Analysis = BinExport2Analysis(self.be2, self.idx, self.buf)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/google/home/moritzraabe/code/capa/capa/features/extractors/binexport2/__init__.py", line 259, in __init__
self._compute_thunks()
File "/usr/local/google/home/moritzraabe/code/capa/capa/features/extractors/binexport2/__init__.py", line 287, in _compute_thunks
assert len(thunk_callees) == 1, f"thunk @ {hex(addr)} failed"
^^^^^^^^^^^^^^^^^^^^^^^
AssertionError: thunk @ 0x42d8c0 failed
From what I see right now, there's a thunk function identified at VA 0x42d8c0 but this appears to be a regular function so our assertion fails.
Easiest fix: remove the assertion, then the file processes.
I'm afraid a deeper analysis could take some time and could require updates to Ghidra and/or BinExport.