From fa9b920b716f2e75a1bbb30c702f6813796f3663 Mon Sep 17 00:00:00 2001
From: Yacine Elhamer <elhamer.yacine@gmail.com>
Date: Tue, 20 Jun 2023 13:17:53 +0100
Subject: [PATCH] cape/thread.py: do not extract return values, and extract
 argument values as Strings

---
 capa/features/extractors/cape/thread.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/capa/features/extractors/cape/thread.py b/capa/features/extractors/cape/thread.py
index 3a1217c9..bf3a6b39 100644
--- a/capa/features/extractors/cape/thread.py
+++ b/capa/features/extractors/cape/thread.py
@@ -42,13 +42,12 @@ def extract_call_features(behavior: Dict, ph: ProcessHandle, th: ThreadHandle) -
 
         caller = int(call["caller"], 16)
         caller = AbsoluteVirtualAddress(caller)
+        yield API(call["api"]), caller
         for arg in call["arguments"]:
             try:
                 yield Number(int(arg["value"], 16)), caller
             except ValueError:
-                continue
-        yield Number(int(call["return"], 16)), caller
-        yield API(call["api"]), caller
+                yield String(arg["value"]), caller
 
 
 def extract_features(behavior: Dict, ph: ProcessHandle, th: ThreadHandle) -> Iterator[Tuple[Feature, Address]]: