Trim trailing spaces

speakeasy/windows/winemu.py

@@ -1762,8 +1762,7 @@ def init_module(self, modconf={}, name='none', emu_path='', default_base=None):
 
         mod.decoy_path = modconf.get('path', emu_path) or (name + '.dll')
         # Reserve memory for the module
-        res, size = self.get_valid_ranges(mod.image_size,
-                                          base)
+        res, size = self.get_valid_ranges(mod.image_size, base)
         mod.decoy_base = res
         mod.name = modconf.get('name', name)
         self.mem_reserve(size, base=res, tag='emu.module.%s' % (mod.name),

speakeasy/winenv/api/usermode/kernel32.py

@@ -1673,10 +1673,10 @@ def IsProcessorFeaturePresent(self, emu, argv, ctx={}):
         );'''
 
         rv = 1
-        ''' 
+        '''
         Not all the features must return 1, because those can represent a feature which can be unavailable
-        for your processor. For example PF_FLOATING_POINT_PRECISION_ERRATA is a Pentium instructions 
-        which doesn't exist on new ones, and malware developers are using it to see if they are in an 
+        for your processor. For example PF_FLOATING_POINT_PRECISION_ERRATA is a Pentium instructions
+        which doesn't exist on new ones, and malware developers are using it to see if they are in an
         emulated environment or not.
 
         To get the correct value you just need write an app to check all the fatures, something like:
@@ -1730,10 +1730,10 @@ def IsProcessorFeaturePresent(self, emu, argv, ctx={}):
                 40:{"name":"PF_AVX2_INSTRUCTIONS_AVAILABLE","return":1},
                 41:{"name":"PF_AVX512F_INSTRUCTIONS_AVAILABLE","return":0},
         }
-        
+
         rv = lookup[argv[0]]["return"]
         argv[0] = lookup[argv[0]]["name"]
-        
+
         return rv
 
     @apihook('lstrcmpi', argc=2)
@@ -3225,7 +3225,7 @@ def MapViewOfFile(self, emu, argv, ctx={}):
 
                 fname = ntpath.basename(f.get_path())
                 fname = fname.replace('.', '_')
-                
+
                 # If the call to CreateFileMapping (done before calling this API)
                 # has beed done with SEC_IMAGE protection, the mapping is not
                 # done as a contigous stream of bytes, but it is mapped as
@@ -3237,7 +3237,7 @@ def MapViewOfFile(self, emu, argv, ctx={}):
                     base, size = emu.get_valid_ranges(pe.image_size)
                     while base and base & 0xFFF:
                         base, size = emu.get_valid_ranges(size)
-                        
+
                     emu.mem_map(pe.image_size, base=base,tag='%s.%s.0x%x' % (tag_prefix, fname, base))
                     mapping.add_view(base, full_offset, size, access)
                     self.mem_write(base, pe.mapped_image)
@@ -3411,9 +3411,9 @@ def RemoveDirectory(self, emu, argv, ctx={}):
         if pn:
             target = self.read_mem_string(pn, cw)
             argv[0] = target
-            
+
         return True
-    
+
     @apihook('CopyFile', argc=3)
     def CopyFile(self, emu, argv, ctx={}):
         '''
@@ -3727,7 +3727,7 @@ def CloseHandle(self, emu, argv, ctx={}):
             emu.dec_ref(obj)
             return True
         return False
-    
+
     @apihook('SetEndOfFile', argc=1)
     def SetEndOfFile(self, emu, argv, ctx={}):
         '''
@@ -5766,7 +5766,7 @@ def GetModuleFileNameExA(self, emu, argv, ctx={}):
         proc = self.get_object_from_handle(hProcess)
 
         if proc == None:
-            return 
+            return
 
         filename = proc.get_process_path()
 
@@ -5944,19 +5944,19 @@ def GetConsoleTitle(self, emu, argv, ctx={}):
         DWORD WINAPI GetConsoleTitle(
             _Out_ LPTSTR lpConsoleTitle,
             _In_  DWORD  nSize
-        ); 
-        '''   
+        );
+        '''
         lpConsoleTitle, nSize = argv
         cw = self.get_char_width(ctx)
         rv = False
-        
+
         # TODO: consider enumeration logic
         temp_title = "explorer.exe"
-        
-        if cw == 2: 
-            temp_title = temp_title.encode('utf-16le') + b'\x00\x00' 
-        else: 
-            temp_title = temp_title.encode('utf-8') + b'\x00' 
+
+        if cw == 2:
+            temp_title = temp_title.encode('utf-16le') + b'\x00\x00'
+        else:
+            temp_title = temp_title.encode('utf-8') + b'\x00'
 
         argv[0] = temp_title
         argv[1] = len(temp_title)

speakeasy/winenv/api/usermode/ntdll.py

@@ -1,7 +1,7 @@
 # Copyright (C) 2020 FireEye, Inc. All Rights Reserved.
 
 import os
-import binascii 
+import binascii
 
 from .. import api
 
@@ -237,7 +237,7 @@ def NtWaitForSingleObject(self, emu, argv, ctx={}):
         rv = ddk.STATUS_SUCCESS
 
         return rv
-    
+
     @apihook('RtlComputeCrc32', argc=3)
     def RtlComputeCrc32(self, emu, argv, ctx={}):
         '''
@@ -258,9 +258,9 @@ def RtlComputeCrc32(self, emu, argv, ctx={}):
     def LdrFindResource_U(self, emu, argv, ctx={}):
         '''
         pub unsafe extern "system" fn LdrFindResource_U(
-            DllHandle: PVOID, 
-            ResourceInfo: PLDR_RESOURCE_INFO, 
-            Level: ULONG, 
+            DllHandle: PVOID,
+            ResourceInfo: PLDR_RESOURCE_INFO,
+            Level: ULONG,
             ResourceDataEntry: *mut PIMAGE_RESOURCE_DATA_ENTRY
         ) -> NTSTATUS
 
@@ -280,7 +280,7 @@ def LdrFindResource_U(self, emu, argv, ctx={}):
         '''
         DllHandle, ResourceInfo, Level, ResourceDataEntry = argv
 
-        # Reusing some functions from kernel32 module that are used to 
+        # Reusing some functions from kernel32 module that are used to
         # handle the very similar function FindResourceA
         k32 =  emu.api.mods.get('kernel32')
 
@@ -313,15 +313,15 @@ def LdrFindResource_U(self, emu, argv, ctx={}):
         self.mem_write(ptr_data_entry+4, resource['size'].to_bytes(4, 'little'))
 
         return hnd
-        
+
     @apihook('LdrAccessResource', argc=4)
     def LdrAccessResource(self, emu, argv, ctx={}):
         '''
-        NTSTATUS NTAPI LdrAccessResource 	( 	_In_ PVOID  	BaseAddress,
-                _In_ PIMAGE_RESOURCE_DATA_ENTRY  	ResourceDataEntry,
-                _Out_opt_ PVOID *  	Resource,
-                _Out_opt_ PULONG  	Size 
-            ) 	
+        NTSTATUS NTAPI LdrAccessResource    (   _In_ PVOID      BaseAddress,
+                _In_ PIMAGE_RESOURCE_DATA_ENTRY     ResourceDataEntry,
+                _Out_opt_ PVOID *   Resource,
+                _Out_opt_ PULONG    Size
+            )
         '''
         BaseAddress, ResourceDataEntry, Resource, Size = argv
 
@@ -331,6 +331,6 @@ def LdrAccessResource(self, emu, argv, ctx={}):
         # Fill in the Resource struct
         self.mem_write(Size, size.to_bytes(4, 'little'))
         self.mem_write(Resource, offset.to_bytes(4, 'little'))
-        
+
         return 0
 

speakeasy/winenv/api/usermode/shell32.py

@@ -116,12 +116,12 @@ def ShellExecuteEx(self, emu, argv, ctx={}):
                 sei_struct.lpFile,
                 sei_struct.lpParameters, sei_struct.lpDirectory,
                 0
-            ], 
+            ],
             ctx
         )
-        
+
         return True
-        
+
     @apihook('IsUserAnAdmin', argc=0, ordinal=680)
     def IsUserAnAdmin(self, emu, argv, ctx={}):
         """

speakeasy/winenv/api/usermode/shlwapi.py

@@ -54,7 +54,7 @@ def PathIsRelative(self, emu, argv, ctx={}):
             argv[0] = pn
 
         return rv
-    
+
     @apihook('StrStr', argc=2)
     def StrStr(self, emu, argv, ctx={}):
         '''
@@ -83,7 +83,7 @@ def StrStr(self, emu, argv, ctx={}):
             ret = 0
 
         return ret
-    
+
     @apihook('StrStrI', argc=2)
     def StrStrI(self, emu, argv, ctx={}):
         '''
@@ -293,7 +293,7 @@ def PathAppend(self, emu, argv, ctx={}):
         out += '\0'
         self.write_mem_string(out, pszPath, cw)
         return 1
-    
+
     @apihook('PathCanonicalize', argc=2)
     def PathCanonicalize(self, emu, argv, ctx={}):
         """