No reliable way to retrieve the IL of a function without using try/catch #6170
Labels
Component: API
Issue needs changes to the API
Effort: Low
Issue should take < 1 week
Impact: Low
Issue is a papercut or has a good, supported workaround
Type: Enhancement
Issue is a small enhancement to existing functionality
Milestone
While working on the binja backend for capa, I noticed a few outstanding crashes: mandiant/capa#2406 (comment), and mandiant/capa#2249. After troubleshooting this, I realized that to reliably get the IL of a function, we have to use try/catch for now.
Here is what could happen when I try to retrieve the IL of a function:
Now think of the case of
func.mlil
, it will work for case 1 & 2, but it will throw an exception in case 3. If I usefunc.mlil_if_available
, then it will work for case 1 & 3, but not for case 2 according to my test. I had to use this code pattern to handle all cases:Which is quite ugly and inconvenient. It would be great if we can devise a way to retrieve the IL without needing to write code in the above pattern. Potentially we could just create a new API that wraps the above code logic
The text was updated successfully, but these errors were encountered: