Broken offset matching in IDA

### Description

During the development of rules for donut-related rules, it is discovered that `offset` keyword does not match instructions that should match per capa's specs. When investigated, I found out that the `offset` matching behavior within capa standalone and IDA capa explorer differs. At the moment, the `offset` matching works in capa standalone but not within IDA. 

### Steps to Reproduce

1. Open shellcode sample referenced in https://github.com/mandiant/capa-rules/pull/997 in IDA 
2. Open capa explorer
3. Wait for analysis results

**Expected behavior:**

Rules that use the `offset` keyword to match the relevant instructions

**Actual behavior:**

Sample does not match the `offset` keyword defined within the rule

![Image](https://github.com/user-attachments/assets/d36520f1-d02e-4cf4-a386-fcb729a51307)

### Versions



- capa 9.1.0 (3bd339522e57afe4b1103ca00bfac928cdcb8f2c)
- IDA Pro 9.0.241217
- vivisect
viv_utils                 0.8.0
vivisect                  1.2.1

### Additional Information

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Broken offset matching in IDA #2638

Description

Steps to Reproduce

Versions

Additional Information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Broken offset matching in IDA #2638

Description

Description

Steps to Reproduce

Versions

Additional Information

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions