diff --git a/capa/features/extractors/smda/file.py b/capa/features/extractors/smda/file.py index e10fc171..6f690dbe 100644 --- a/capa/features/extractors/smda/file.py +++ b/capa/features/extractors/smda/file.py @@ -84,9 +84,7 @@ def extract_file_import_names(smda_report, file_path): for name in capa.features.extractors.helpers.generate_symbols(library_name, func.name): yield Import(name), va elif func.is_ordinal: - for name in capa.features.extractors.helpers.generate_symbols( - library_name, "#%s" % func.ordinal - ): + for name in capa.features.extractors.helpers.generate_symbols(library_name, "#%s" % func.ordinal): yield Import(name), va diff --git a/capa/features/extractors/smda/insn.py b/capa/features/extractors/smda/insn.py index be0455c1..32845e29 100644 --- a/capa/features/extractors/smda/insn.py +++ b/capa/features/extractors/smda/insn.py @@ -68,7 +68,9 @@ def extract_insn_api_features(f, bb, insn): referenced_function = current_function.smda_report.getFunction(target) if referenced_function: if referenced_function.isThunkCall(): - api_entry = referenced_function.apirefs[target] if target in referenced_function.apirefs else None + api_entry = ( + referenced_function.apirefs[target] if target in referenced_function.apirefs else None + ) if api_entry: # reformat dll_name, api_name = api_entry.split("!") @@ -258,7 +260,9 @@ def is_security_cookie(f, bb, insn): if index == 0 and insn.offset < (block_instructions[0].offset + SECURITY_COOKIE_BYTES_DELTA): return True # ... or within last bytes (instructions) before a return - if block_instructions[-1].mnemonic.startswith("ret") and insn.offset > (block_instructions[-1].offset - SECURITY_COOKIE_BYTES_DELTA): + if block_instructions[-1].mnemonic.startswith("ret") and insn.offset > ( + block_instructions[-1].offset - SECURITY_COOKIE_BYTES_DELTA + ): return True return False