From 3a43ffa641715f2ea3dad4225c882703c41b6d1e Mon Sep 17 00:00:00 2001
From: "pnx@pyrite" <daniel.plohmann@fkie.fraunhofer.de>
Date: Thu, 5 Nov 2020 12:58:07 +0100
Subject: [PATCH] adjusted identification of thunks via SMDA.

---
 capa/features/extractors/smda/insn.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/capa/features/extractors/smda/insn.py b/capa/features/extractors/smda/insn.py
index 32845e29..af29bbbc 100644
--- a/capa/features/extractors/smda/insn.py
+++ b/capa/features/extractors/smda/insn.py
@@ -58,16 +58,16 @@ def extract_insn_api_features(f, bb, insn):
         dll_name = dll_name.lower()
         for name in capa.features.extractors.helpers.generate_symbols(dll_name, api_name):
             yield API(name), insn.offset
-    # TODO SMDA: we want to check this recursively!
     elif insn.offset in f.outrefs:
         current_function = f
         current_instruction = insn
-        for _ in range(THUNK_CHAIN_DEPTH_DELTA):
-            if len(current_function.outrefs[current_instruction.offset]) == 1:
+        for index in range(THUNK_CHAIN_DEPTH_DELTA):
+            if current_function and len(current_function.outrefs[current_instruction.offset]) == 1:
                 target = current_function.outrefs[current_instruction.offset][0]
                 referenced_function = current_function.smda_report.getFunction(target)
                 if referenced_function:
-                    if referenced_function.isThunkCall():
+                    # TODO SMDA: implement this function for both jmp and call, checking if function has 1 instruction which refs an API
+                    if referenced_function.isApiThunk():
                         api_entry = (
                             referenced_function.apirefs[target] if target in referenced_function.apirefs else None
                         )