cleanup comments and small code refactor

mandiant · Jan 22, 2025 · 746abf9 · 746abf9
1 parent 33ab659
commit 746abf9
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 9 deletions.
diff --git a/capa/features/extractors/vmray/extractor.py b/capa/features/extractors/vmray/extractor.py
@@ -72,7 +72,8 @@ def __init__(self, analysis: VMRayAnalysis):
         self.global_features = list(capa.features.extractors.vmray.global_.extract_features(self.analysis))
 
     def get_base_address(self) -> Address:
-        # value according to the PE header, the actual trace may use a different imagebase
+        # value according to submission file header, the actual trace may use a different imagebase
+        # value may be zero for certain submission file types, e.g. PS1
         return AbsoluteVirtualAddress(self.analysis.submission_base_address)
 
     def extract_file_features(self) -> Iterator[tuple[Feature, Address]]:
@@ -102,11 +103,8 @@ def get_threads(self, ph: ProcessHandle) -> Iterator[ThreadHandle]:
             yield ThreadHandle(address=address, inner=monitor_thread)
 
     def extract_thread_features(self, ph: ProcessHandle, th: ThreadHandle) -> Iterator[tuple[Feature, Address]]:
-        if False:
-            # force this routine to be a generator,
-            # but we don't actually have any elements to generate.
-            yield Characteristic("never"), NO_ADDRESS
-        return
+        # we have not identified thread-specific features for VMRay yet
+        yield from []
 
     def get_calls(self, ph: ProcessHandle, th: ThreadHandle) -> Iterator[CallHandle]:
         for function_call in self.analysis.monitor_process_calls[ph.inner.monitor_id][th.inner.monitor_id]:

diff --git a/capa/features/extractors/vmray/global_.py b/capa/features/extractors/vmray/global_.py
@@ -45,7 +45,7 @@ def extract_arch(analysis: VMRayAnalysis) -> Iterator[tuple[Feature, Address]]:
         yield Arch(ARCH_ANY), NO_ADDRESS
 
         logger.debug(
-            "unrecognized arch for file submission (filename: %s, file_type: %s)",
+            "unrecognized arch for submission (filename: %s, file_type: %s)",
             analysis.submission_name,
             analysis.submission_type,
         )
@@ -62,7 +62,7 @@ def extract_format(analysis: VMRayAnalysis) -> Iterator[tuple[Feature, Address]]
         # so this should be fine for now
 
         logger.debug(
-            "unrecognized format for file submission (filename: %s, file_type: %s)",
+            "unrecognized format for submission (filename: %s, file_type: %s)",
             analysis.submission_name,
             analysis.submission_type,
         )
@@ -77,7 +77,7 @@ def extract_os(analysis: VMRayAnalysis) -> Iterator[tuple[Feature, Address]]:
         yield OS(OS_ANY), NO_ADDRESS
 
         logger.debug(
-            "unrecognized os for file submission (filename: %s, file_type: %s)",
+            "unrecognized os for submission (filename: %s, file_type: %s)",
             analysis.submission_name,
             analysis.submission_type,
         )