From 307b0cc3273ef70053987f4e4096519bab9eb6d6 Mon Sep 17 00:00:00 2001 From: Mike Hunhoff Date: Fri, 12 Jul 2024 18:51:21 -0600 Subject: [PATCH] vmray: add comments --- capa/features/extractors/vmray/file.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capa/features/extractors/vmray/file.py b/capa/features/extractors/vmray/file.py index 93feb22f..c84f0190 100644 --- a/capa/features/extractors/vmray/file.py +++ b/capa/features/extractors/vmray/file.py @@ -24,6 +24,8 @@ def get_processes(analysis: VMRayAnalysis) -> Iterator[ProcessHandle]: processes: Dict[str, Process] = analysis.sv2.processes for process in processes.values(): + # we map VMRay's monitor ID to the OS PID to make it easier for users + # to follow the processes in capa's output pid: int = analysis.get_process_os_pid(process.monitor_id) ppid: int = ( analysis.get_process_os_pid(processes[process.ref_parent_process.path[1]].monitor_id)