gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-02-04 11:07:53 -08:00
Code Issues Packages Projects Releases Wiki Activity

cape/thread.py: do not extract return values, and extract argument values as Strings

Browse Source
This commit is contained in:
Yacine Elhamer
2023-06-20 13:17:53 +01:00
parent 40b2d5f724
commit fa9b920b71
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
capa/features/extractors/cape/thread.py
View File

@@ -42,13 +42,12 @@ def extract_call_features(behavior: Dict, ph: ProcessHandle, th: ThreadHandle) -
caller = int(call["caller"], 16)
caller = AbsoluteVirtualAddress(caller)
yield API(call["api"]), caller
for arg in call["arguments"]:
try:
yield Number(int(arg["value"], 16)), caller
except ValueError:
continue
yield Number(int(call["return"], 16)), caller
yield API(call["api"]), caller
yield String(arg["value"]), caller
def extract_features(behavior: Dict, ph: ProcessHandle, th: ThreadHandle) -> Iterator[Tuple[Feature, Address]]: