From 8a02b0773d88c9271553aa8cf44364dbb1a4b1e0 Mon Sep 17 00:00:00 2001
From: mr-tz <moritz.raabe@mandiant.com>
Date: Mon, 9 Dec 2024 15:03:37 +0000
Subject: [PATCH] handle IDA 8.3/8.4 vs. 9.0 API change

---
 CHANGELOG.md                            |  2 ++
 capa/features/extractors/ida/helpers.py | 10 +++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 637b5af0b..3c69c0293 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@
 
 ### Bug Fixes
 
+- handle IDA 8.3/8.4 vs. 9.0 API change @mr-tz
+
 ### capa Explorer Web
 
 ### capa Explorer IDA Pro plugin
diff --git a/capa/features/extractors/ida/helpers.py b/capa/features/extractors/ida/helpers.py
index dbd2166a8..dca885d0e 100644
--- a/capa/features/extractors/ida/helpers.py
+++ b/capa/features/extractors/ida/helpers.py
@@ -41,7 +41,15 @@ def find_byte_sequence(start: int, end: int, seq: bytes) -> Iterator[int]:
             return
 
         while True:
-            ea, _ = ida_bytes.bin_search(start, end, patterns, ida_bytes.BIN_SEARCH_FORWARD)
+            ea = ida_bytes.bin_search(start, end, patterns, ida_bytes.BIN_SEARCH_FORWARD)
+            if isinstance(ea, int):
+                # "ea_t" in IDA 8.4, 8.3
+                pass
+            elif isinstance(ea, tuple):
+                # "drc_t" in IDA 9
+                ea = ea[0]
+            else:
+                raise NotImplementedError(f"bin_search returned unhandled type: {type(ea)}")
             if ea == idaapi.BADADDR:
                 break
             start = ea + 1