From dab88e482d9417858adc8ab680260100bd1f8585 Mon Sep 17 00:00:00 2001
From: William Ballenthin <william.ballenthin@fireeye.com>
Date: Mon, 23 Aug 2021 16:08:01 -0600
Subject: [PATCH] elf: add more explanation about ei_osabi

---
 capa/features/extractors/elf.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/capa/features/extractors/elf.py b/capa/features/extractors/elf.py
index 2f7b7b3d..90c5d1c5 100644
--- a/capa/features/extractors/elf.py
+++ b/capa/features/extractors/elf.py
@@ -110,6 +110,8 @@ def detect_elf_os(f: BinaryIO) -> str:
     }
     logger.debug("ei_osabi: 0x%02x (%s)", ei_osabi, OSABI.get(ei_osabi, "unknown"))
 
+    # os_osabi == 0 is commonly set even when the OS is not SYSV.
+    # other values are unused or unknown.
     if ei_osabi in OSABI and ei_osabi != 0x0:
         # update only if not set
         # so we can get the debugging output of subsequent strategies