Include image=True binaries in load_binaries_from_memory (#108)

malduck/extractor/extract_manager.py

@@ -214,9 +214,6 @@ def push_procmem(
         family = self._extract_procmem(p, matches)
         for binary in binaries:
             family = self._extract_procmem(binary, matches) or family
-            binary_image = binary.image
-            if binary_image:
-                family = self._extract_procmem(binary_image, matches) or family
         return family
 
     @property

malduck/procmem/binmem.py

@@ -71,13 +71,22 @@ def load_binaries_from_memory(cls: Type[T], procmem: ProcessMemory) -> Iterator[
         """
         Looks for binaries in ProcessMemory object and yields specialized ProcessMemoryBinary objects
         :param procmem: ProcessMemory object to search
+
+        .. versionchanged:: 4.4.0
+
+            In addition to image=False binaries, it also returns image=True versions.
+            In previous versions it was done by extractor, so it was working only
+            if memory-aligned version was also "valid".
         """
         if cls.__magic__ is None:
             raise NotImplementedError()
         for binary_va in procmem.findv(cls.__magic__):
-            binary_procmem = cls.from_memory(procmem, base=binary_va)
-            if binary_procmem.is_valid():
-                yield binary_procmem
+            binary_procmem_dmp = cls.from_memory(procmem, base=binary_va)
+            if binary_procmem_dmp.is_valid():
+                yield binary_procmem_dmp
+            binary_procmem_img = binary_procmem_dmp.image
+            if binary_procmem_img and binary_procmem_img.is_valid():
+                yield binary_procmem_img
 
     @abstractmethod
     def is_image_loaded_as_memdump(self) -> bool:

setup.cfg

@@ -23,3 +23,6 @@ ignore_missing_imports = True
 
 [mypy-ida_bytes.*]
 ignore_missing_imports = True
+
+[mypy-dnfile.*]
+ignore_missing_imports = True