vmray: emit process name

2026-02-04 19:12:01 -08:00 · 2024-06-18 14:41:47 -06:00
parent 8f32b7fc65
commit b3ebf80d9b
2 changed files with 4 additions and 3 deletions
--- a/capa/features/extractors/vmray/extractor.py
+++ b/capa/features/extractors/vmray/extractor.py
@@ -17,7 +17,7 @@ import capa.features.extractors.vmray.global_
 from capa.features.common import Feature
 from capa.features.address import Address, AbsoluteVirtualAddress
 from capa.features.extractors.vmray import VMRayAnalysis
-from capa.features.extractors.vmray.models import Analysis, SummaryV2
+from capa.features.extractors.vmray.models import Process, Analysis, SummaryV2
 from capa.features.extractors.base_extractor import (
    CallHandle,
    SampleHashes,
@@ -62,8 +62,8 @@ class VMRayExtractor(DynamicFeatureExtractor):
        yield from []

    def get_process_name(self, ph) -> str:
-        # TODO (meh)
-        raise NotImplementedError()
+        process: Process = ph.inner
+        return process.image_name

    def get_threads(self, ph: ProcessHandle) -> Iterator[ThreadHandle]:
        # TODO (meh)
--- a/capa/features/extractors/vmray/models.py
+++ b/capa/features/extractors/vmray/models.py
@@ -147,6 +147,7 @@ class Process(BaseModel):
    monitor_reason: str
    os_pid: int
    filename: str
+    image_name: str
    ref_parent_process: Optional[GenericReference] = None