From 253d70efac8da25dd5515de73cc8fe01728ff163 Mon Sep 17 00:00:00 2001
From: Mike Hunhoff <mike.hunhoff@gmail.com>
Date: Fri, 12 Jul 2024 18:49:08 -0600
Subject: [PATCH] vmray: add comments

---
 capa/features/extractors/vmray/call.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/capa/features/extractors/vmray/call.py b/capa/features/extractors/vmray/call.py
index e20805bf..0ee43b7d 100644
--- a/capa/features/extractors/vmray/call.py
+++ b/capa/features/extractors/vmray/call.py
@@ -19,6 +19,9 @@ logger = logging.getLogger(__name__)
 
 def get_call_param_features(param: Param, ch: CallHandle) -> Iterator[Tuple[Feature, Address]]:
     if param.deref is not None:
+        # pointer types contain a special "deref" member that stores the deref'd value
+        # so we check for this first and ignore Param.value as this always contains the
+        # deref'd pointer value
         if param.deref.value is not None:
             if param.deref.type_ in PARAM_TYPE_INT:
                 yield Number(hexint(param.deref.value)), ch.address