[Forensics-changes] [yara] 05/415: Lots of improvements and fixes
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:42:37 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit ff3fd855ce7918748cd2094d76631a880b0f50ea
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Mon Jan 5 15:02:08 2009 +0000
Lots of improvements and fixes
---
doc/YARA User's Manual.pdf | Bin 131096 -> 131058 bytes
doc/yara.1 | 9 ++--
libyara/ast.c | 16 +++---
libyara/error.c | 2 +-
libyara/lex.c | 46 +++++++++--------
libyara/lex.l | 8 ++-
libyara/libyara.tmproj | 122 ++++++++++++++++++++-------------------------
libyara/scan.c | 34 +++++++------
libyara/yara.h | 9 +++-
yara-python/README | 8 +--
yara-python/setup.py | 2 +-
yara-python/setupwin.py | 2 +-
yara-python/yara-python.c | 3 ++
yara.c | 12 +++--
14 files changed, 143 insertions(+), 130 deletions(-)
diff --git a/doc/YARA User's Manual.pdf b/doc/YARA User's Manual.pdf
index b1dab2d..ff9f3d8 100644
Binary files a/doc/YARA User's Manual.pdf and b/doc/YARA User's Manual.pdf differ
diff --git a/doc/yara.1 b/doc/yara.1
index dda47e5..d0865b3 100644
--- a/doc/yara.1
+++ b/doc/yara.1
@@ -28,15 +28,18 @@ The options to
are:
.TP
.BI \-t " tag"
-Display rules tagged as
+Print rules tagged as
.I tag
and ignore the rest. This option can be used multiple times.
.TP
+.B \-n
+Print rules that doesn't apply (negate)
+.TP
.B \-g
-Display the tags associated to the rule.
+Print the tags associated to the rule.
.TP
.B \-s
-Display strings found in the file.
+Print strings found in the file.
.TP
.B \-r
Scan files in directories recursively.
diff --git a/libyara/ast.c b/libyara/ast.c
index 803ef7c..1dc3757 100644
--- a/libyara/ast.c
+++ b/libyara/ast.c
@@ -363,7 +363,7 @@ int new_hex_string(SIZED_STRING* charstr, unsigned char** hexstr, unsigned char*
/* wildcards or skip instructions are not allowed at the first position the string */
- if ((*maskstr)[0] != 0xFF || (*maskstr)[1] != 0xFF)
+ if ((*maskstr)[0] != 0xFF)
{
result = ERROR_MISPLACED_WILDCARD_OR_SKIP;
}
@@ -385,7 +385,7 @@ int new_hex_string(SIZED_STRING* charstr, unsigned char** hexstr, unsigned char*
}
-int new_text_string(SIZED_STRING* charstr, int flags, unsigned char** hexstr, pcre** regexp, unsigned int* length)
+int new_text_string(SIZED_STRING* charstr, int flags, unsigned char** hexstr, REGEXP* re, unsigned int* length)
{
const char *error;
int erroffset;
@@ -414,10 +414,11 @@ int new_text_string(SIZED_STRING* charstr, int flags, unsigned char** hexstr, pc
options |= PCRE_CASELESS;
}
- *regexp = pcre_compile((char*) *hexstr, options, &error, &erroffset, NULL);
+ re->regexp = pcre_compile((char*) *hexstr, options, &error, &erroffset, NULL);
- if (*regexp != NULL)
+ if (re->regexp != NULL)
{
+ re->extra = pcre_study(re->regexp, 0, &error);
result = ERROR_SUCCESS;
}
else /* compilation failed */
@@ -428,7 +429,7 @@ int new_text_string(SIZED_STRING* charstr, int flags, unsigned char** hexstr, pc
}
else
{
- *regexp = NULL;
+ re->regexp = NULL;
}
@@ -455,7 +456,7 @@ int new_string(char* identifier, SIZED_STRING* charstr, int flags, STRING** stri
}
else
{
- result = new_text_string(charstr, flags, &new_string->string, &new_string->regexp, &new_string->length);
+ result = new_text_string(charstr, flags, &new_string->string, &new_string->re, &new_string->length);
}
if (result != ERROR_SUCCESS)
@@ -678,7 +679,8 @@ void free_rule_list(RULE_LIST* rule_list)
}
else if (IS_REGEXP(string))
{
- pcre_free(string->regexp);
+ pcre_free(string->re.regexp);
+ pcre_free(string->re.extra);
}
match = string->matches;
diff --git a/libyara/error.c b/libyara/error.c
index 66a5297..f77b737 100644
--- a/libyara/error.c
+++ b/libyara/error.c
@@ -75,7 +75,7 @@ void show_last_error()
yyerror(errmsg);
break;
case ERROR_MISPLACED_WILDCARD_OR_SKIP:
- sprintf(errmsg, "misplaced wildcard or skip at string \"%s\", wildcards and skips are only allowed after the first two bytes of the string", last_error_extra_info);
+ sprintf(errmsg, "misplaced wildcard or skip at string \"%s\", wildcards and skips are only allowed after the first byte of the string", last_error_extra_info);
yyerror(errmsg);
break;
case ERROR_UNDEFINED_STRING:
diff --git a/libyara/lex.c b/libyara/lex.c
index 56c590a..97b39d6 100644
--- a/libyara/lex.c
+++ b/libyara/lex.c
@@ -989,6 +989,8 @@ YY_RULE_SETUP
#line 132 "lex.l"
{ /* saw closing quote - all done */
+ SIZED_STRING* s;
+
if (string_buf_len == 0)
{
yyerror("empty string");
@@ -999,7 +1001,7 @@ YY_RULE_SETUP
BEGIN(INITIAL);
- SIZED_STRING* s = (SIZED_STRING*) malloc(string_buf_len + sizeof(SIZED_STRING));
+ s = (SIZED_STRING*) malloc(string_buf_len + sizeof(SIZED_STRING));
s->length = string_buf_len;
@@ -1012,22 +1014,22 @@ YY_RULE_SETUP
YY_BREAK
case 40:
YY_RULE_SETUP
-#line 155 "lex.l"
+#line 157 "lex.l"
{ *string_buf_ptr++ = '\t'; string_buf_len++; }
YY_BREAK
case 41:
YY_RULE_SETUP
-#line 156 "lex.l"
+#line 158 "lex.l"
{ *string_buf_ptr++ = '\"'; string_buf_len++; }
YY_BREAK
case 42:
YY_RULE_SETUP
-#line 157 "lex.l"
+#line 159 "lex.l"
{ *string_buf_ptr++ = '\\'; string_buf_len++; }
YY_BREAK
case 43:
YY_RULE_SETUP
-#line 159 "lex.l"
+#line 161 "lex.l"
{
int result;
@@ -1039,7 +1041,7 @@ YY_RULE_SETUP
YY_BREAK
case 44:
YY_RULE_SETUP
-#line 168 "lex.l"
+#line 170 "lex.l"
{
char *yptr = yytext;
@@ -1052,7 +1054,7 @@ YY_RULE_SETUP
YY_BREAK
case 45:
YY_RULE_SETUP
-#line 178 "lex.l"
+#line 180 "lex.l"
{
yyerror("unterminated string");
yyterminate();
@@ -1061,7 +1063,7 @@ YY_RULE_SETUP
YY_BREAK
case 46:
YY_RULE_SETUP
-#line 184 "lex.l"
+#line 186 "lex.l"
{
yyerror("illegal escape sequence");
yynerrs++;
@@ -1069,7 +1071,7 @@ YY_RULE_SETUP
YY_BREAK
case 47:
YY_RULE_SETUP
-#line 189 "lex.l"
+#line 191 "lex.l"
{
string_buf_ptr = string_buf;
string_buf_len = 0;
@@ -1079,8 +1081,10 @@ YY_RULE_SETUP
YY_BREAK
case 48:
YY_RULE_SETUP
-#line 196 "lex.l"
+#line 198 "lex.l"
{
+ SIZED_STRING* s;
+
if (string_buf_len == 0)
{
yyerror("empty regular expression");
@@ -1092,7 +1096,7 @@ YY_RULE_SETUP
BEGIN(INITIAL);
- SIZED_STRING* s = (SIZED_STRING*) malloc(string_buf_len + sizeof(SIZED_STRING));
+ s = (SIZED_STRING*) malloc(string_buf_len + sizeof(SIZED_STRING));
s->length = string_buf_len;
@@ -1105,12 +1109,12 @@ YY_RULE_SETUP
YY_BREAK
case 49:
YY_RULE_SETUP
-#line 220 "lex.l"
+#line 224 "lex.l"
{ *string_buf_ptr++ = '/'; string_buf_len++; }
YY_BREAK
case 50:
YY_RULE_SETUP
-#line 222 "lex.l"
+#line 226 "lex.l"
{
char *yptr = yytext;
@@ -1123,7 +1127,7 @@ YY_RULE_SETUP
YY_BREAK
case 51:
YY_RULE_SETUP
-#line 232 "lex.l"
+#line 236 "lex.l"
{
yyerror("unterminated regular expression");
yyterminate();
@@ -1132,7 +1136,7 @@ YY_RULE_SETUP
YY_BREAK
case 52:
YY_RULE_SETUP
-#line 240 "lex.l"
+#line 244 "lex.l"
{
int len = strlen(yytext);
@@ -1149,12 +1153,12 @@ YY_RULE_SETUP
YY_BREAK
case 53:
YY_RULE_SETUP
-#line 255 "lex.l"
+#line 259 "lex.l"
/* skip whitespace */
YY_BREAK
case 54:
YY_RULE_SETUP
-#line 257 "lex.l"
+#line 261 "lex.l"
{
line_number++;
@@ -1162,17 +1166,17 @@ YY_RULE_SETUP
YY_BREAK
case 55:
YY_RULE_SETUP
-#line 262 "lex.l"
+#line 266 "lex.l"
{
return yytext[0];
}
YY_BREAK
case 56:
YY_RULE_SETUP
-#line 265 "lex.l"
+#line 269 "lex.l"
ECHO;
YY_BREAK
-#line 1176 "lex.c"
+#line 1180 "lex.c"
case YY_STATE_EOF(INITIAL):
case YY_STATE_EOF(str):
case YY_STATE_EOF(regexp):
@@ -2060,7 +2064,7 @@ int main()
return 0;
}
#endif
-#line 265 "lex.l"
+#line 269 "lex.l"
diff --git a/libyara/lex.l b/libyara/lex.l
index b36f5dc..6eece95 100644
--- a/libyara/lex.l
+++ b/libyara/lex.l
@@ -131,6 +131,8 @@ $({letter}|{digit})* {
<str>\" { /* saw closing quote - all done */
+ SIZED_STRING* s;
+
if (string_buf_len == 0)
{
yyerror("empty string");
@@ -141,7 +143,7 @@ $({letter}|{digit})* {
BEGIN(INITIAL);
- SIZED_STRING* s = (SIZED_STRING*) malloc(string_buf_len + sizeof(SIZED_STRING));
+ s = (SIZED_STRING*) malloc(string_buf_len + sizeof(SIZED_STRING));
s->length = string_buf_len;
@@ -194,6 +196,8 @@ $({letter}|{digit})* {
}
<regexp>"/" {
+ SIZED_STRING* s;
+
if (string_buf_len == 0)
{
yyerror("empty regular expression");
@@ -205,7 +209,7 @@ $({letter}|{digit})* {
BEGIN(INITIAL);
- SIZED_STRING* s = (SIZED_STRING*) malloc(string_buf_len + sizeof(SIZED_STRING));
+ s = (SIZED_STRING*) malloc(string_buf_len + sizeof(SIZED_STRING));
s->length = string_buf_len;
diff --git a/libyara/libyara.tmproj b/libyara/libyara.tmproj
index fbad253..a3090f0 100644
--- a/libyara/libyara.tmproj
+++ b/libyara/libyara.tmproj
@@ -13,7 +13,7 @@
<key>filename</key>
<string>scan.c</string>
<key>lastUsed</key>
- <date>2008-12-18T15:06:36Z</date>
+ <date>2008-12-24T17:47:25Z</date>
<key>selected</key>
<true/>
</dict>
@@ -21,7 +21,7 @@
<key>filename</key>
<string>pefile.c</string>
<key>lastUsed</key>
- <date>2008-12-18T13:41:19Z</date>
+ <date>2008-12-23T11:29:21Z</date>
</dict>
<dict>
<key>filename</key>
@@ -33,13 +33,13 @@
<key>filename</key>
<string>eval.c</string>
<key>lastUsed</key>
- <date>2008-12-18T13:39:44Z</date>
+ <date>2008-12-23T10:51:13Z</date>
</dict>
<dict>
<key>filename</key>
<string>error.c</string>
<key>lastUsed</key>
- <date>2008-12-18T12:33:29Z</date>
+ <date>2008-12-24T13:10:36Z</date>
</dict>
<dict>
<key>filename</key>
@@ -51,25 +51,25 @@
<key>filename</key>
<string>ast.c</string>
<key>lastUsed</key>
- <date>2008-12-18T12:58:08Z</date>
+ <date>2008-12-24T17:43:43Z</date>
</dict>
<dict>
<key>filename</key>
<string>lex.l</string>
<key>lastUsed</key>
- <date>2008-12-18T13:41:12Z</date>
+ <date>2008-12-24T17:27:40Z</date>
</dict>
<dict>
<key>filename</key>
<string>grammar.y</string>
<key>lastUsed</key>
- <date>2008-12-18T15:06:36Z</date>
+ <date>2008-12-24T17:32:47Z</date>
</dict>
<dict>
<key>filename</key>
<string>../yara.c</string>
<key>lastUsed</key>
- <date>2008-12-18T12:06:48Z</date>
+ <date>2008-12-24T17:47:25Z</date>
</dict>
</array>
<key>expanded</key>
@@ -84,7 +84,7 @@
<key>filename</key>
<string>yara.h</string>
<key>lastUsed</key>
- <date>2008-12-18T13:01:29Z</date>
+ <date>2008-12-24T17:39:53Z</date>
</dict>
<dict>
<key>filename</key>
@@ -120,7 +120,7 @@
<key>filename</key>
<string>error.h</string>
<key>lastUsed</key>
- <date>2008-12-17T19:14:52Z</date>
+ <date>2008-12-24T13:10:39Z</date>
</dict>
<dict>
<key>filename</key>
@@ -132,7 +132,7 @@
<key>filename</key>
<string>ast.h</string>
<key>lastUsed</key>
- <date>2008-12-18T13:01:14Z</date>
+ <date>2008-12-24T17:23:34Z</date>
</dict>
<dict>
<key>filename</key>
@@ -156,58 +156,58 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>15</integer>
+ <integer>4</integer>
<key>line</key>
- <integer>281</integer>
+ <integer>465</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>419</integer>
+ <integer>432</integer>
</dict>
<key>ast.c</key>
<dict>
<key>caret</key>
<dict>
<key>column</key>
- <integer>42</integer>
+ <integer>13</integer>
<key>line</key>
- <integer>552</integer>
+ <integer>420</integer>
</dict>
- <key>columnSelection</key>
- <false/>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>518</integer>
- <key>selectFrom</key>
+ <integer>393</integer>
+ </dict>
+ <key>ast.h</key>
+ <dict>
+ <key>caret</key>
<dict>
<key>column</key>
- <integer>19</integer>
+ <integer>23</integer>
<key>line</key>
- <integer>552</integer>
+ <integer>23</integer>
</dict>
- <key>selectTo</key>
+ <key>columnSelection</key>
+ <false/>
+ <key>firstVisibleColumn</key>
+ <integer>0</integer>
+ <key>firstVisibleLine</key>
+ <integer>12</integer>
+ <key>selectFrom</key>
<dict>
<key>column</key>
- <integer>42</integer>
+ <integer>8</integer>
<key>line</key>
- <integer>552</integer>
+ <integer>23</integer>
</dict>
- </dict>
- <key>ast.h</key>
- <dict>
- <key>caret</key>
+ <key>selectTo</key>
<dict>
<key>column</key>
- <integer>33</integer>
+ <integer>23</integer>
<key>line</key>
- <integer>52</integer>
+ <integer>23</integer>
</dict>
- <key>firstVisibleColumn</key>
- <integer>0</integer>
- <key>firstVisibleLine</key>
- <integer>62</integer>
</dict>
<key>compile.c</key>
<dict>
@@ -228,14 +228,14 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>9</integer>
+ <integer>122</integer>
<key>line</key>
- <integer>94</integer>
+ <integer>77</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>53</integer>
+ <integer>0</integer>
</dict>
<key>error.h</key>
<dict>
@@ -263,7 +263,7 @@
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>66</integer>
+ <integer>16</integer>
</dict>
<key>eval.h</key>
<dict>
@@ -326,28 +326,28 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>0</integer>
+ <integer>5</integer>
<key>line</key>
- <integer>311</integer>
+ <integer>397</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>580</integer>
+ <integer>374</integer>
</dict>
<key>lex.l</key>
<dict>
<key>caret</key>
<dict>
<key>column</key>
- <integer>32</integer>
+ <integer>21</integer>
<key>line</key>
- <integer>254</integer>
+ <integer>143</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>210</integer>
+ <integer>229</integer>
</dict>
<key>pefile.c</key>
<dict>
@@ -361,21 +361,21 @@
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>0</integer>
+ <integer>61</integer>
</dict>
<key>scan.c</key>
<dict>
<key>caret</key>
<dict>
<key>column</key>
- <integer>2</integer>
+ <integer>28</integer>
<key>line</key>
- <integer>0</integer>
+ <integer>187</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>674</integer>
+ <integer>160</integer>
</dict>
<key>sizedstr.h</key>
<dict>
@@ -396,30 +396,14 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>8</integer>
+ <integer>18</integer>
<key>line</key>
- <integer>36</integer>
+ <integer>104</integer>
</dict>
- <key>columnSelection</key>
- <false/>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>20</integer>
- <key>selectFrom</key>
- <dict>
- <key>column</key>
- <integer>31</integer>
- <key>line</key>
- <integer>36</integer>
- </dict>
- <key>selectTo</key>
- <dict>
- <key>column</key>
- <integer>8</integer>
- <key>line</key>
- <integer>36</integer>
- </dict>
+ <integer>80</integer>
</dict>
</dict>
<key>openDocuments</key>
@@ -443,6 +427,6 @@
<key>showFileHierarchyDrawer</key>
<true/>
<key>windowFrame</key>
- <string>{{214, 79}, {1020, 911}}</string>
+ <string>{{258, 144}, {1020, 800}}</string>
</dict>
</plist>
diff --git a/libyara/scan.c b/libyara/scan.c
index bf65c28..b452c8c 100644
--- a/libyara/scan.c
+++ b/libyara/scan.c
@@ -128,16 +128,17 @@ int hex_match(unsigned char* buffer, unsigned int buffer_size, unsigned char* pa
b += distance;
matches += distance;
- if (b < buffer_size)
- {
- for (i = 0; i <= delta; i++)
- {
- tmp = hex_match(buffer + b + i, buffer_size - b - i, pattern + p, pattern_length - p, mask + m);
-
- if (tmp > 0)
- return b + i + tmp;
- }
- }
+ i = 0;
+
+ while (i <= delta && b + i < buffer_size)
+ {
+ tmp = hex_match(buffer + b + i, buffer_size - b - i, pattern + p, pattern_length - p, mask + m);
+
+ if (tmp > 0)
+ return b + i + tmp;
+
+ i++;
+ }
break;
}
@@ -163,7 +164,7 @@ int hex_match(unsigned char* buffer, unsigned int buffer_size, unsigned char* pa
return matches;
}
-int regexp_match(unsigned char* buffer, unsigned int buffer_size, unsigned char* pattern, int pattern_length, pcre* regexp, int negative_size)
+int regexp_match(unsigned char* buffer, unsigned int buffer_size, unsigned char* pattern, int pattern_length, REGEXP re, int negative_size)
{
int ovector[3];
unsigned int len;
@@ -184,8 +185,8 @@ int regexp_match(unsigned char* buffer, unsigned int buffer_size, unsigned char*
}
rc = pcre_exec(
- regexp, /* the compiled pattern */
- NULL, /* no extra data - we didn't study the pattern */
+ re.regexp, /* the compiled pattern */
+ re.extra, /* extra data */
(char*) buffer, /* the subject string */
buffer_size, /* the length of the subject */
0, /* start at offset 0 in the subject */
@@ -262,7 +263,8 @@ int init_hash_table(RULE_LIST* rule_list)
y = string->string[1];
hashable = TRUE;
- }
+
+ } /* if (string->flags & STRING_FLAGS_REGEXP) */
if (string->flags & STRING_FLAGS_HEXADECIMAL)
{
@@ -418,7 +420,7 @@ int string_match(unsigned char* buffer, unsigned int buffer_size, STRING* string
i++;
}
- match = regexp_match(tmp, len, string->string, string->length, string->regexp, (negative_size > 2) ? 1 : 0);
+ match = regexp_match(tmp, len, string->string, string->length, string->re, (negative_size > 2) ? 1 : 0);
free(tmp);
return match * 2;
@@ -427,7 +429,7 @@ int string_match(unsigned char* buffer, unsigned int buffer_size, STRING* string
}
else
{
- return regexp_match(buffer, buffer_size, string->string, string->length, string->regexp, negative_size);
+ return regexp_match(buffer, buffer_size, string->string, string->length, string->re, negative_size);
}
}
else if (IS_WIDE(string) && string->length * 2 <= buffer_size)
diff --git a/libyara/yara.h b/libyara/yara.h
index 0fe61fd..96e5a93 100644
--- a/libyara/yara.h
+++ b/libyara/yara.h
@@ -86,6 +86,13 @@ typedef struct _MATCH
} MATCH;
+typedef struct _REGEXP
+{
+ pcre* regexp;
+ pcre_extra* extra;
+
+} REGEXP;
+
typedef struct _STRING
{
int flags;
@@ -95,7 +102,7 @@ typedef struct _STRING
union {
unsigned char* mask;
- pcre* regexp;
+ REGEXP re;
};
MATCH* matches;
diff --git a/yara-python/README b/yara-python/README
index 0d5fba4..b3a5f33 100644
--- a/yara-python/README
+++ b/yara-python/README
@@ -14,17 +14,17 @@ yara-python depends on libyara, a library that implements YARA's core functions.
must build and install YARA in your system before building yara-python. The latest
YARA version can be downloaded from:
-http://yara.googlecode.com/files/yara-1.0.tar.gz
+http://yara.googlecode.com/files/yara-1.1.tar.gz
After installing YARA you can build yara-python this way:
-$ tar xzvf yara-python-1.0.0.tar.gz
-$ cd yara-python-1.0.0
+$ tar xzvf yara-python-1.1.0.tar.gz
+$ cd yara-python-1.1.0
$ python setup.py build
$ sudo python setup.py install
-You can also test your installation by invoking Python and importing the YARA module:
+You can test your installation by invoking Python and importing the YARA module:
$ python
Python 2.5.1 (r251:54863, Jan 17 2008, 19:35:17)
diff --git a/yara-python/setup.py b/yara-python/setup.py
index 13512dd..5cc09d8 100644
--- a/yara-python/setup.py
+++ b/yara-python/setup.py
@@ -2,7 +2,7 @@ from distutils.core import setup, Extension
setup(name = "yara-python",
- version = "1.0.0",
+ version = "1.1.0",
author = "Victor M. Alvarez",
author_email = "plusvic at gmail.com",
url = 'http://yara.googlecode.com',
diff --git a/yara-python/setupwin.py b/yara-python/setupwin.py
index f5ed35b..30b4949 100644
--- a/yara-python/setupwin.py
+++ b/yara-python/setupwin.py
@@ -2,7 +2,7 @@ from distutils.core import setup, Extension
setup(name = "yara-python",
- version = "1.0.0",
+ version = "1.1.0",
author = "Victor M. Alvarez",
author_email = "plusvic at gmail.com",
ext_modules = [ Extension(
diff --git a/yara-python/yara-python.c b/yara-python/yara-python.c
index c84027d..8674f49 100644
--- a/yara-python/yara-python.c
+++ b/yara-python/yara-python.c
@@ -302,6 +302,9 @@ int callback(RULE* rule, unsigned char* buffer, unsigned int buffer_size, void*
PyObject* stringlist = NULL;
PyObject* match;
PyObject* list = (PyObject*) data;
+
+ if (!(rule->flags & RULE_FLAGS_MATCH))
+ return 0;
taglist = PyList_New(0);
stringlist = PyDict_New();
diff --git a/yara.c b/yara.c
index 9e63002..7fe430e 100644
--- a/yara.c
+++ b/yara.c
@@ -23,6 +23,8 @@ GNU General Public License for more details.
#include "getopt.h"
#endif
+#include <time.h>
+
#include <stdio.h>
#include <string.h>
#include <yara.h>
@@ -45,7 +47,7 @@ TAG* specified_tag_list = NULL;
void show_help()
{
- printf("usage: yara [ -t tag ] [ -g ] [ -s ] [ -r ] [ -n ] [ -v ] [RULEFILE...] FILE\n");
+ printf("usage: yara [ -t tag ] [ -n ] [ -g ] [ -s ] [ -r ] [ -v ] [RULEFILE...] FILE\n");
printf("options:\n");
printf(" -t <tag> print rules tagged as <tag> and ignore the rest. This option can be used more than once.\n");
printf(" -n print rules that doesn't apply (negate).\n");
@@ -190,9 +192,9 @@ void print_string(unsigned char* buffer, unsigned int buffer_size, unsigned int
void print_hex_string(unsigned char* buffer, unsigned int buffer_size, unsigned int offset, unsigned int length)
{
int i;
- char* str;
+ unsigned char* str;
- str = (char*) (buffer + offset);
+ str = (unsigned char*) (buffer + offset);
for (i = 0; i < length; i++)
{
@@ -280,7 +282,7 @@ int callback(RULE* rule, unsigned char* buffer, unsigned int buffer_size, void*
{
string_found = string->flags & STRING_FLAGS_FOUND;
- if ( (!string_found))
+ if (string_found)
{
match = string->matches;
@@ -459,7 +461,9 @@ int main(int argc, char const* argv[])
}
else
{
+ printf("%d\n", time(NULL));
scan_file(argv[argc - 1], rules, callback, (void*) argv[argc - 1]);
+ printf("%d\n", time(NULL));
}
free_hash_table(rules);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list