formatting

This commit is contained in:
Daniel Plohmann (jupiter)
2020-10-30 15:34:02 +01:00
parent d276a07a71
commit 6bcdf64f67
2 changed files with 7 additions and 5 deletions
+1 -3
View File
@@ -84,9 +84,7 @@ def extract_file_import_names(smda_report, file_path):
for name in capa.features.extractors.helpers.generate_symbols(library_name, func.name):
yield Import(name), va
elif func.is_ordinal:
for name in capa.features.extractors.helpers.generate_symbols(
library_name, "#%s" % func.ordinal
):
for name in capa.features.extractors.helpers.generate_symbols(library_name, "#%s" % func.ordinal):
yield Import(name), va
+6 -2
View File
@@ -68,7 +68,9 @@ def extract_insn_api_features(f, bb, insn):
referenced_function = current_function.smda_report.getFunction(target)
if referenced_function:
if referenced_function.isThunkCall():
api_entry = referenced_function.apirefs[target] if target in referenced_function.apirefs else None
api_entry = (
referenced_function.apirefs[target] if target in referenced_function.apirefs else None
)
if api_entry:
# reformat
dll_name, api_name = api_entry.split("!")
@@ -258,7 +260,9 @@ def is_security_cookie(f, bb, insn):
if index == 0 and insn.offset < (block_instructions[0].offset + SECURITY_COOKIE_BYTES_DELTA):
return True
# ... or within last bytes (instructions) before a return
if block_instructions[-1].mnemonic.startswith("ret") and insn.offset > (block_instructions[-1].offset - SECURITY_COOKIE_BYTES_DELTA):
if block_instructions[-1].mnemonic.startswith("ret") and insn.offset > (
block_instructions[-1].offset - SECURITY_COOKIE_BYTES_DELTA
):
return True
return False