various fixes

mandiant · Aug 26, 2023 · b0133f0 · b0133f0
1 parent 49adecb
commit b0133f0
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 10 deletions.
diff --git a/capa/features/extractors/base_extractor.py b/capa/features/extractors/base_extractor.py
@@ -412,8 +412,6 @@ def extract_process_features(self, ph: ProcessHandle) -> Iterator[Tuple[Feature,
         """
         Yields all the features of a process. These include:
         - file features of the process' image
-        - inter-process injection
-        - detected dynamic DLL loading
         """
         raise NotImplementedError()
 
@@ -429,8 +427,6 @@ def extract_thread_features(self, ph: ProcessHandle, th: ThreadHandle) -> Iterat
         """
         Yields all the features of a thread. These include:
         - sequenced api traces
-        - file/registry interactions
-        - network activity
         """
         raise NotImplementedError()
 

diff --git a/capa/features/extractors/helpers.py b/capa/features/extractors/helpers.py
@@ -55,8 +55,8 @@ def generate_symbols(dll: str, symbol: str) -> Iterator[str]:
     dll = dll.lower()
 
     # trim extensions observed in dynamic traces
-    dll = dll.replace(".dll", "")
-    dll = dll.replace(".drv", "")
+    dll = dll[0:-4] if dll.endswith(".dll") else dll
+    dll = dll[0:-4] if dll.endswith(".drv") else dll
 
     # kernel32.CreateFileA
     yield f"{dll}.{symbol}"

diff --git a/capa/features/freeze/__init__.py b/capa/features/freeze/__init__.py
@@ -624,21 +624,21 @@ def is_freeze(buf: bytes) -> bool:
     return buf[: len(MAGIC)] == MAGIC
 
 
-def is_static(buf: bytes) -> bool:
+def is_static_freeze(buf: bytes) -> bool:
     return buf[: len(STATIC_MAGIC)] == STATIC_MAGIC
 
 
-def is_dynamic(buf: bytes) -> bool:
+def is_dynamic_freeze(buf: bytes) -> bool:
     return buf[: len(DYNAMIC_MAGIC)] == DYNAMIC_MAGIC
 
 
 def load(buf: bytes):
     """deserialize a set of features (as a NullFeatureExtractor) from a byte array."""
     if not is_freeze(buf):
         raise ValueError("missing magic header")
-    if is_static(buf):
+    if is_static_freeze(buf):
         return loads_static(zlib.decompress(buf[len(STATIC_MAGIC) :]).decode("utf-8"))
-    elif is_dynamic(buf):
+    elif is_dynamic_freeze(buf):
         return loads_dynamic(zlib.decompress(buf[len(DYNAMIC_MAGIC) :]).decode("utf-8"))
     else:
         raise ValueError("invalid magic header")