vmray: loosen file checks to enable processing of additional file types (#2571)

* vmray: loosen file checks to enable addtional file types * additional refactor to loosen file checks * update CHANGELOG * cleanup comments and small code refactor * fix lints * use NO_ADDRESS for submissions that don't have a base address * update comments * add test for ps1 trace
2025-12-05 20:40:05 -08:00 · 2025-01-23 12:47:36 -07:00
parent 3702baf9a9
commit 160ce73a35
8 changed files with 138 additions and 83 deletions
--- a/tests/fixtures.py
+++ b/tests/fixtures.py
@@ -453,6 +453,14 @@ def get_data_path_by_name(name) -> Path:
            / "vmray"
            / "2f8a79b12a7a989ac7e5f6ec65050036588a92e65aeb6841e08dc228ff0e21b4_min_archive.zip"
        )
+    elif name.startswith("eb1287-vmray"):
+        return (
+            CD
+            / "data"
+            / "dynamic"
+            / "vmray"
+            / "eb12873c0ce3e9ea109c2a447956cbd10ca2c3e86936e526b2c6e28764999f21_min_archive.zip"
+        )
    elif name.startswith("ea2876"):
        return CD / "data" / "ea2876e9175410b6f6719f80ee44b9553960758c7d0f7bed73c0fe9a78d8e669.dll_"
    elif name.startswith("1038a2"):
--- a/tests/test_vmray_features.py
+++ b/tests/test_vmray_features.py
@@ -35,6 +35,7 @@ DYNAMIC_VMRAY_FEATURE_PRESENCE_TESTS = sorted(
        ("93b2d1-vmray", "process=(2176:0),thread=2420", capa.features.insn.API("DoesNotExist"), False),
        # call/api
        ("93b2d1-vmray", "process=(2176:0),thread=2420,call=2361", capa.features.insn.API("GetAddrInfoW"), True),
+        ("eb1287-vmray", "process=(4968:0),thread=5992,call=10981", capa.features.insn.API("CreateMutexW"), True),
        # call/string argument
        (
            "93b2d1-vmray",