From f48e4a8ad8b28355e95ca9dc2a799dd1fc95282d Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Fri, 11 Aug 2023 09:07:11 +0000 Subject: [PATCH] render: verbose: render dynamic call return address --- capa/render/verbose.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/capa/render/verbose.py b/capa/render/verbose.py index 87f9cd2a..77392cf9 100644 --- a/capa/render/verbose.py +++ b/capa/render/verbose.py @@ -56,10 +56,8 @@ def format_address(address: frz.Address) -> str: return f"token({capa.helpers.hex(token)})+{capa.helpers.hex(offset)}" elif address.type == frz.AddressType.DYNAMIC: assert isinstance(address.value, tuple) - id_, return_address = address.value - assert isinstance(id_, int) - assert isinstance(return_address, int) - return f"event: {id_}, retaddr: 0x{return_address:x}" + ppid, pid, tid, id_, return_address = address.value + return f"process ppid: {ppid}, process pid: {pid}, thread id: {tid}, call: {id_}, return address: {capa.helpers.hex(return_address)}" elif address.type == frz.AddressType.PROCESS: assert isinstance(address.value, tuple) ppid, pid = address.value