vmray: connect process, thread, and call

2025-12-12 07:40:38 -08:00 · 2024-06-20 13:05:32 -06:00
parent ec21f3b3fc
commit 19502efff3
5 changed files with 66 additions and 39 deletions
--- a/scripts/show-features.py
+++ b/scripts/show-features.py
@@ -235,34 +235,34 @@ def print_dynamic_features(processes, extractor: DynamicFeatureExtractor):

            print(f" proc: {extractor.get_process_name(p)}: {feature}")

-            for t in extractor.get_threads(p):
-                print(f"  thread: {t.address.tid}")
-                for feature, addr in extractor.extract_thread_features(p, t):
+        for t in extractor.get_threads(p):
+            print(f"  thread: {t.address.tid}")
+            for feature, addr in extractor.extract_thread_features(p, t):
+                if is_global_feature(feature):
+                    continue
+
+                if feature != Feature(0):
+                    print(f"   {format_address(addr)}: {feature}")
+
+            for call in extractor.get_calls(p, t):
+                apis = []
+                arguments = []
+                for feature, addr in extractor.extract_call_features(p, t, call):
                    if is_global_feature(feature):
                        continue

-                    if feature != Feature(0):
-                        print(f"   {format_address(addr)}: {feature}")
+                    if isinstance(feature, API):
+                        assert isinstance(addr, capa.features.address.DynamicCallAddress)
+                        apis.append((addr.id, str(feature.value)))

-                for call in extractor.get_calls(p, t):
-                    apis = []
-                    arguments = []
-                    for feature, addr in extractor.extract_call_features(p, t, call):
-                        if is_global_feature(feature):
-                            continue
+                    if isinstance(feature, (Number, String)):
+                        arguments.append(str(feature.value))

-                        if isinstance(feature, API):
-                            assert isinstance(addr, capa.features.address.DynamicCallAddress)
-                            apis.append((addr.id, str(feature.value)))
+                # if not apis:
+                #    print(f"    arguments=[{', '.join(arguments)}]")

-                        if isinstance(feature, (Number, String)):
-                            arguments.append(str(feature.value))
-
-                    if not apis:
-                        print(f"    arguments=[{', '.join(arguments)}]")
-
-                    for cid, api in apis:
-                        print(f"    call {cid}: {api}({', '.join(arguments)})")
+                for cid, api in apis:
+                    print(f"    call {cid}: {api}({', '.join(arguments)})")


 def ida_main():