[Forensics-changes] [yara] 22/415: Source code re-organization
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:42:39 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 2dbc96ca08b0465e22d849f840b7d47694de52da
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Wed Mar 18 00:08:26 2009 +0000
Source code re-organization
---
libyara/Makefile | 7 +-
libyara/Makefile.am | 3 +-
libyara/Makefile.in | 7 +-
libyara/ast.c | 91 +---------
libyara/compile.c | 53 ------
libyara/compile.h | 36 ----
libyara/error.c | 12 +-
libyara/grammar.c | 183 +++++++++----------
libyara/grammar.h | 2 +-
libyara/grammar.y | 9 +-
libyara/lex.c | 151 ++++++++--------
libyara/lex.l | 3 +-
libyara/libyara.c | 442 ++++++++++++++++++++++++++++++++++++++++++++++
libyara/libyara.tmproj | 104 +++++------
libyara/mem.c | 26 ++-
libyara/mem.h | 7 +
libyara/pefile.h | 5 +
libyara/scan.c | 293 +-----------------------------
libyara/yara.h | 26 ++-
yara-python/yara-python.c | 21 +--
yara.c | 29 +--
21 files changed, 753 insertions(+), 757 deletions(-)
diff --git a/libyara/Makefile b/libyara/Makefile
index f977dfb..9dcbd53 100644
--- a/libyara/Makefile
+++ b/libyara/Makefile
@@ -59,7 +59,7 @@ libLTLIBRARIES_INSTALL = $(INSTALL)
LTLIBRARIES = $(lib_LTLIBRARIES)
libyara_la_LIBADD =
am_libyara_la_OBJECTS = grammar.lo lex.lo ast.lo scan.lo filemap.lo \
- error.lo compile.lo eval.lo pefile.lo xtoi.lo mem.lo
+ error.lo eval.lo pefile.lo xtoi.lo mem.lo libyara.lo
libyara_la_OBJECTS = $(am_libyara_la_OBJECTS)
DEFAULT_INCLUDES = -I.
depcomp = $(SHELL) $(top_srcdir)/depcomp
@@ -216,14 +216,13 @@ libyara_la_SOURCES = \
scan.c \
filemap.c \
error.c \
- compile.c \
eval.c \
pefile.c \
xtoi.c \
mem.c \
+ libyara.c \
ast.h \
error.h \
- compile.h \
eval.h \
filemap.h \
pe.h \
@@ -330,12 +329,12 @@ distclean-compile:
-rm -f *.tab.c
include ./$(DEPDIR)/ast.Plo
-include ./$(DEPDIR)/compile.Plo
include ./$(DEPDIR)/error.Plo
include ./$(DEPDIR)/eval.Plo
include ./$(DEPDIR)/filemap.Plo
include ./$(DEPDIR)/grammar.Plo
include ./$(DEPDIR)/lex.Plo
+include ./$(DEPDIR)/libyara.Plo
include ./$(DEPDIR)/mem.Plo
include ./$(DEPDIR)/pefile.Plo
include ./$(DEPDIR)/scan.Plo
diff --git a/libyara/Makefile.am b/libyara/Makefile.am
index 00c5ff1..cc224d3 100644
--- a/libyara/Makefile.am
+++ b/libyara/Makefile.am
@@ -11,14 +11,13 @@ libyara_la_SOURCES = \
scan.c \
filemap.c \
error.c \
- compile.c \
eval.c \
pefile.c \
xtoi.c \
mem.c \
+ libyara.c \
ast.h \
error.h \
- compile.h \
eval.h \
filemap.h \
pe.h \
diff --git a/libyara/Makefile.in b/libyara/Makefile.in
index 3ce2fac..d45a83b 100644
--- a/libyara/Makefile.in
+++ b/libyara/Makefile.in
@@ -59,7 +59,7 @@ libLTLIBRARIES_INSTALL = $(INSTALL)
LTLIBRARIES = $(lib_LTLIBRARIES)
libyara_la_LIBADD =
am_libyara_la_OBJECTS = grammar.lo lex.lo ast.lo scan.lo filemap.lo \
- error.lo compile.lo eval.lo pefile.lo xtoi.lo mem.lo
+ error.lo eval.lo pefile.lo xtoi.lo mem.lo libyara.lo
libyara_la_OBJECTS = $(am_libyara_la_OBJECTS)
DEFAULT_INCLUDES = -I. at am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
@@ -216,14 +216,13 @@ libyara_la_SOURCES = \
scan.c \
filemap.c \
error.c \
- compile.c \
eval.c \
pefile.c \
xtoi.c \
mem.c \
+ libyara.c \
ast.h \
error.h \
- compile.h \
eval.h \
filemap.h \
pe.h \
@@ -330,12 +329,12 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ast.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/compile.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/error.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/eval.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/filemap.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/grammar.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/lex.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libyara.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/mem.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/pefile.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/scan.Plo at am__quote@
diff --git a/libyara/ast.c b/libyara/ast.c
index 1393f86..8a633b8 100644
--- a/libyara/ast.c
+++ b/libyara/ast.c
@@ -674,7 +674,7 @@ int new_string_identifier(int type, STRING* defined_strings, char* identifier, T
Frees a term. If the term depends on other terms they are also freed. Notice that
some terms hold references to STRING structures, but these structures are freed
- by free_rule_list, not by this function.
+ by yr_free_rule_list, not by this function.
*/
@@ -754,94 +754,5 @@ void free_term(TERM* term)
yr_free(term);
}
-RULE_LIST* alloc_rule_list()
-{
- RULE_LIST* rule_list = (RULE_LIST*) yr_malloc(sizeof(RULE_LIST));
-
- rule_list->head = NULL;
- rule_list->tail = NULL;
- rule_list->non_hashed_strings = NULL;
-
- memset(rule_list->hash_table, 0, sizeof(rule_list->hash_table));
-
- return rule_list;
-}
-
-
-/*
- void free_rule_list(RULE_LIST* rule_list)
-
- Frees a list of rules, its strings and conditions.
-
-*/
-
-void free_rule_list(RULE_LIST* rule_list)
-{
- RULE* rule;
- RULE* next_rule;
- STRING* string;
- STRING* next_string;
- MATCH* match;
- MATCH* next_match;
- TAG* tag;
- TAG* next_tag;
-
- rule = rule_list->head;
-
- while (rule != NULL)
- {
- next_rule = rule->next;
-
- string = rule->string_list_head;
-
- while (string != NULL)
- {
- next_string = string->next;
-
- yr_free(string->identifier);
- yr_free(string->string);
-
- if (IS_HEX(string))
- {
- yr_free(string->mask);
- }
- else if (IS_REGEXP(string))
- {
- pcre_free(string->re.regexp);
- pcre_free(string->re.extra);
- }
-
- match = string->matches;
-
- while (match != NULL)
- {
- next_match = match->next;
- yr_free(match);
- match = next_match;
- }
-
- yr_free(string);
- string = next_string;
- }
-
- tag = rule->tag_list_head;
-
- while (tag != NULL)
- {
- next_tag = tag->next;
-
- yr_free(tag->identifier);
- yr_free(tag);
-
- tag = next_tag;
- }
-
- free_term(rule->condition);
- yr_free(rule->identifier);
- yr_free(rule);
- rule = next_rule;
- }
- yr_free(rule_list);
-}
diff --git a/libyara/compile.c b/libyara/compile.c
deleted file mode 100644
index d6f6351..0000000
--- a/libyara/compile.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
-
-Copyright(c) 2007. Victor M. Alvarez [plusvic at gmail.com].
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2, or (at your option)
-any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-*/
-
-#include <stdio.h>
-#include "compile.h"
-#include "error.h"
-
-
-int line_number;
-const char* file_name;
-
-RULE_LIST* rule_list;
-
-void set_file_name(const char* rules_file_name)
-{
- file_name = rules_file_name;
-}
-
-int compile_rules(FILE* rules_file, RULE_LIST* rules)
-{
- rule_list = rules;
- yyin = rules_file;
-
- if (yyin != NULL)
- {
- //yydebug = 1;
- line_number = 1;
- yyparse();
- }
-
- return yynerrs;
-}
-
-
-/*int yywrap()
-{
- // line_number = 1;
- return 1;
-*/
-
diff --git a/libyara/compile.h b/libyara/compile.h
deleted file mode 100644
index e9af810..0000000
--- a/libyara/compile.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
-
-Copyright(c) 2007. Victor M. Alvarez [plusvic at gmail.com].
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2, or (at your option)
-any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-*/
-
-#ifndef _COMPILE_H
-#define _COMPILE_H
-
-#include "ast.h"
-
-extern RULE_LIST* rule_list;
-
-extern FILE *yyin;
-extern int yydebug;
-extern int line_number;
-
-int yylex (void);
-int yyparse (void);
-
-
-#endif
-
-
-
-
diff --git a/libyara/error.c b/libyara/error.c
index 685fda5..9af35e7 100644
--- a/libyara/error.c
+++ b/libyara/error.c
@@ -18,12 +18,14 @@ GNU General Public License for more details.
#include <string.h>
#include "error.h"
-#include "compile.h"
+#include "yara.h"
#ifdef WIN32
#define snprintf _snprintf
#endif
+extern int line_number;
+
int last_result = ERROR_SUCCESS;
int last_error = ERROR_SUCCESS;
int last_error_line = 0;
@@ -54,23 +56,23 @@ void yyerror(const char *error_message)
}
}
-int get_last_error()
+int yr_get_last_error()
{
return last_error;
}
-int get_error_line_number()
+int yr_get_error_line_number()
{
return last_error_line;
}
-char* get_last_error_message()
+char* yr_get_last_error_message()
{
return last_error_message;
}
-void set_report_function(YARAREPORT fn)
+void yr_set_report_function(YARAREPORT fn)
{
report_function = fn;
}
diff --git a/libyara/grammar.c b/libyara/grammar.c
index 48a847b..e422238 100644
--- a/libyara/grammar.c
+++ b/libyara/grammar.c
@@ -179,10 +179,11 @@
#include "ast.h"
#include "error.h"
-#include "compile.h"
#include "sizedstr.h"
#include "mem.h"
+extern RULE_LIST* rule_list;
+
#define YYERROR_VERBOSE
//#define YYDEBUG 1
@@ -202,7 +203,7 @@
#endif
#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
-#line 94 "grammar.y"
+#line 95 "grammar.y"
typedef union YYSTYPE {
void* sized_string;
@@ -214,7 +215,7 @@ typedef union YYSTYPE {
} YYSTYPE;
/* Line 190 of yacc.c. */
-#line 218 "grammar.c"
+#line 219 "grammar.c"
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
# define YYSTYPE_IS_TRIVIAL 1
@@ -223,7 +224,7 @@ typedef union YYSTYPE {
/* Copy the second part of user declarations. */
-#line 108 "grammar.y"
+#line 109 "grammar.y"
/* Global variables */
@@ -261,7 +262,7 @@ int count_strings(TERM_STRING* st);
/* Line 213 of yacc.c. */
-#line 265 "grammar.c"
+#line 266 "grammar.c"
#if ! defined (yyoverflow) || YYERROR_VERBOSE
@@ -472,15 +473,15 @@ static const yysigned_char yyrhs[] =
/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
static const unsigned short int yyrline[] =
{
- 0, 146, 146, 147, 148, 151, 160, 171, 172, 175,
- 176, 179, 180, 183, 193, 205, 215, 227, 238, 249,
- 262, 263, 266, 267, 268, 269, 272, 273, 274, 285,
- 296, 307, 311, 322, 334, 333, 351, 350, 368, 367,
- 384, 395, 406, 417, 418, 419, 420, 421, 422, 423,
- 424, 425, 426, 427, 428, 429, 433, 434, 437, 438,
- 444, 455, 469, 470, 471, 472, 473, 474, 475, 476,
- 477, 488, 499, 500, 501, 502, 503, 504, 507, 510,
- 511, 512
+ 0, 147, 147, 148, 149, 152, 161, 172, 173, 176,
+ 177, 180, 181, 184, 194, 206, 216, 228, 239, 250,
+ 263, 264, 267, 268, 269, 270, 273, 274, 275, 286,
+ 297, 308, 312, 323, 335, 334, 352, 351, 369, 368,
+ 385, 396, 407, 418, 419, 420, 421, 422, 423, 424,
+ 425, 426, 427, 428, 429, 430, 434, 435, 438, 439,
+ 445, 456, 470, 471, 472, 473, 474, 475, 476, 477,
+ 478, 489, 500, 501, 502, 503, 504, 505, 508, 511,
+ 512, 513
};
#endif
@@ -1349,7 +1350,7 @@ yyreduce:
switch (yyn)
{
case 5:
-#line 152 "grammar.y"
+#line 153 "grammar.y"
{
if (reduce_rule_declaration((yyvsp[-6].c_string),(yyvsp[-8].integer),(yyvsp[-5].tag),0,(yyvsp[-1].term)) != ERROR_SUCCESS)
{
@@ -1361,7 +1362,7 @@ yyreduce:
break;
case 6:
-#line 161 "grammar.y"
+#line 162 "grammar.y"
{
if (reduce_rule_declaration((yyvsp[-9].c_string),(yyvsp[-11].integer),(yyvsp[-8].tag),(yyvsp[-4].string),(yyvsp[-1].term)) != ERROR_SUCCESS)
{
@@ -1373,37 +1374,37 @@ yyreduce:
break;
case 7:
-#line 171 "grammar.y"
+#line 172 "grammar.y"
{ (yyval.integer) = 0; }
break;
case 8:
-#line 172 "grammar.y"
+#line 173 "grammar.y"
{ (yyval.integer) = (yyvsp[-1].integer) | (yyvsp[0].integer); }
break;
case 9:
-#line 175 "grammar.y"
+#line 176 "grammar.y"
{ (yyval.integer) = RULE_FLAGS_PRIVATE; }
break;
case 10:
-#line 176 "grammar.y"
+#line 177 "grammar.y"
{ (yyval.integer) = RULE_FLAGS_GLOBAL; }
break;
case 11:
-#line 179 "grammar.y"
+#line 180 "grammar.y"
{ (yyval.tag) = NULL; }
break;
case 12:
-#line 180 "grammar.y"
+#line 181 "grammar.y"
{ (yyval.tag) = (yyvsp[0].tag); }
break;
case 13:
-#line 183 "grammar.y"
+#line 184 "grammar.y"
{
(yyval.tag) = reduce_tags(NULL,(yyvsp[0].c_string));
@@ -1417,7 +1418,7 @@ yyreduce:
break;
case 14:
-#line 193 "grammar.y"
+#line 194 "grammar.y"
{
(yyval.tag) = reduce_tags((yyvsp[-1].tag),(yyvsp[0].c_string));
@@ -1431,7 +1432,7 @@ yyreduce:
break;
case 15:
-#line 205 "grammar.y"
+#line 206 "grammar.y"
{
(yyval.string) = reduce_strings(NULL,(yyvsp[0].string));
@@ -1445,7 +1446,7 @@ yyreduce:
break;
case 16:
-#line 215 "grammar.y"
+#line 216 "grammar.y"
{
(yyval.string) = reduce_strings((yyvsp[-1].string),(yyvsp[0].string));
@@ -1459,7 +1460,7 @@ yyreduce:
break;
case 17:
-#line 228 "grammar.y"
+#line 229 "grammar.y"
{
(yyval.string) = reduce_string_declaration((yyvsp[-3].term), (yyvsp[-1].sized_string), (yyvsp[0].integer));
@@ -1473,7 +1474,7 @@ yyreduce:
break;
case 18:
-#line 239 "grammar.y"
+#line 240 "grammar.y"
{
(yyval.string) = reduce_string_declaration((yyvsp[-3].term), (yyvsp[-1].sized_string), (yyvsp[0].integer) | STRING_FLAGS_REGEXP);
@@ -1487,7 +1488,7 @@ yyreduce:
break;
case 19:
-#line 250 "grammar.y"
+#line 251 "grammar.y"
{
(yyval.string) = reduce_string_declaration((yyvsp[-2].term), (yyvsp[0].sized_string), STRING_FLAGS_HEXADECIMAL);
@@ -1501,47 +1502,47 @@ yyreduce:
break;
case 20:
-#line 262 "grammar.y"
+#line 263 "grammar.y"
{ (yyval.integer) = 0; }
break;
case 21:
-#line 263 "grammar.y"
+#line 264 "grammar.y"
{ (yyval.integer) = (yyvsp[-1].integer) | (yyvsp[0].integer); }
break;
case 22:
-#line 266 "grammar.y"
+#line 267 "grammar.y"
{ (yyval.integer) = STRING_FLAGS_WIDE; }
break;
case 23:
-#line 267 "grammar.y"
+#line 268 "grammar.y"
{ (yyval.integer) = STRING_FLAGS_ASCII; }
break;
case 24:
-#line 268 "grammar.y"
+#line 269 "grammar.y"
{ (yyval.integer) = STRING_FLAGS_NO_CASE; }
break;
case 25:
-#line 269 "grammar.y"
+#line 270 "grammar.y"
{ (yyval.integer) = STRING_FLAGS_FULL_WORD; }
break;
case 26:
-#line 272 "grammar.y"
+#line 273 "grammar.y"
{ (yyval.term) = reduce_constant(1); }
break;
case 27:
-#line 273 "grammar.y"
+#line 274 "grammar.y"
{ (yyval.term) = reduce_constant(0); }
break;
case 28:
-#line 275 "grammar.y"
+#line 276 "grammar.y"
{
(yyval.term) = reduce_rule((yyvsp[0].c_string));
@@ -1555,7 +1556,7 @@ yyreduce:
break;
case 29:
-#line 286 "grammar.y"
+#line 287 "grammar.y"
{
(yyval.term) = reduce_string((yyvsp[0].term));
@@ -1569,7 +1570,7 @@ yyreduce:
break;
case 30:
-#line 297 "grammar.y"
+#line 298 "grammar.y"
{
(yyval.term) = reduce_string_at((yyvsp[-2].term), (yyvsp[0].term));
@@ -1583,14 +1584,14 @@ yyreduce:
break;
case 31:
-#line 308 "grammar.y"
+#line 309 "grammar.y"
{
(yyval.term) = NULL;
}
break;
case 32:
-#line 312 "grammar.y"
+#line 313 "grammar.y"
{
(yyval.term) = reduce_string_in_range((yyvsp[-7].term), (yyvsp[-4].term), (yyvsp[-1].term));
@@ -1604,7 +1605,7 @@ yyreduce:
break;
case 33:
-#line 323 "grammar.y"
+#line 324 "grammar.y"
{
(yyval.term) = reduce_string_in_section_by_name((yyvsp[-5].term), (yyvsp[-1].sized_string));
@@ -1618,14 +1619,14 @@ yyreduce:
break;
case 34:
-#line 334 "grammar.y"
+#line 335 "grammar.y"
{
- inside_for++;
+ inside_for++;
}
break;
case 35:
-#line 338 "grammar.y"
+#line 339 "grammar.y"
{
inside_for--;
@@ -1641,14 +1642,14 @@ yyreduce:
break;
case 36:
-#line 351 "grammar.y"
+#line 352 "grammar.y"
{
- inside_for++;
+ inside_for++;
}
break;
case 37:
-#line 355 "grammar.y"
+#line 356 "grammar.y"
{
inside_for--;
@@ -1664,14 +1665,14 @@ yyreduce:
break;
case 38:
-#line 368 "grammar.y"
+#line 369 "grammar.y"
{
- inside_for++;
+ inside_for++;
}
break;
case 39:
-#line 372 "grammar.y"
+#line 373 "grammar.y"
{
inside_for--;
@@ -1687,7 +1688,7 @@ yyreduce:
break;
case 40:
-#line 385 "grammar.y"
+#line 386 "grammar.y"
{
(yyval.term) = reduce_term(TERM_TYPE_OF, (yyvsp[-2].term), (yyvsp[0].term), NULL);
@@ -1701,7 +1702,7 @@ yyreduce:
break;
case 41:
-#line 396 "grammar.y"
+#line 397 "grammar.y"
{
(yyval.term) = reduce_term(TERM_TYPE_OF, reduce_constant(count_strings((yyvsp[0].term))), (yyvsp[0].term), NULL);
@@ -1715,7 +1716,7 @@ yyreduce:
break;
case 42:
-#line 407 "grammar.y"
+#line 408 "grammar.y"
{
(yyval.term) = reduce_term(TERM_TYPE_OF, reduce_constant(1), (yyvsp[0].term), NULL);
@@ -1729,89 +1730,89 @@ yyreduce:
break;
case 43:
-#line 417 "grammar.y"
+#line 418 "grammar.y"
{ (yyval.term) = NULL; }
break;
case 44:
-#line 418 "grammar.y"
+#line 419 "grammar.y"
{ (yyval.term) = (yyvsp[-1].term); }
break;
case 45:
-#line 419 "grammar.y"
+#line 420 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_NOT, (yyvsp[0].term), NULL, NULL); }
break;
case 46:
-#line 420 "grammar.y"
+#line 421 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_AND, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 47:
-#line 421 "grammar.y"
+#line 422 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_OR, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 48:
-#line 422 "grammar.y"
+#line 423 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_EQ, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 49:
-#line 423 "grammar.y"
+#line 424 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_LT, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 50:
-#line 424 "grammar.y"
+#line 425 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_GT, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 51:
-#line 425 "grammar.y"
+#line 426 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_LE, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 52:
-#line 426 "grammar.y"
+#line 427 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_GE, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 53:
-#line 427 "grammar.y"
+#line 428 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_EQ, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 54:
-#line 428 "grammar.y"
+#line 429 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_EQ, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 55:
-#line 429 "grammar.y"
+#line 430 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_NOT_EQ, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 56:
-#line 433 "grammar.y"
+#line 434 "grammar.y"
{ (yyval.term) = (yyvsp[-1].term); }
break;
case 57:
-#line 434 "grammar.y"
+#line 435 "grammar.y"
{ (yyval.term) = reduce_string_with_wildcard(yr_strdup("$*")); }
break;
case 59:
-#line 439 "grammar.y"
+#line 440 "grammar.y"
{
(yyval.term) = reduce_string_enumeration((yyvsp[-2].term),(yyvsp[0].term));
}
break;
case 60:
-#line 445 "grammar.y"
+#line 446 "grammar.y"
{
(yyval.term) = reduce_string((yyvsp[0].term));
@@ -1825,7 +1826,7 @@ yyreduce:
break;
case 61:
-#line 456 "grammar.y"
+#line 457 "grammar.y"
{
(yyval.term) = reduce_string_with_wildcard((yyvsp[0].term));
@@ -1839,47 +1840,47 @@ yyreduce:
break;
case 62:
-#line 469 "grammar.y"
+#line 470 "grammar.y"
{ (yyval.term) = reduce_filesize(); }
break;
case 63:
-#line 470 "grammar.y"
+#line 471 "grammar.y"
{ (yyval.term) = reduce_entrypoint(); }
break;
case 64:
-#line 471 "grammar.y"
+#line 472 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_INT8_AT_OFFSET, (yyvsp[-1].term), NULL, NULL); }
break;
case 65:
-#line 472 "grammar.y"
+#line 473 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_INT16_AT_OFFSET, (yyvsp[-1].term), NULL, NULL); }
break;
case 66:
-#line 473 "grammar.y"
+#line 474 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_INT32_AT_OFFSET, (yyvsp[-1].term), NULL, NULL); }
break;
case 67:
-#line 474 "grammar.y"
+#line 475 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_UINT8_AT_OFFSET, (yyvsp[-1].term), NULL, NULL); }
break;
case 68:
-#line 475 "grammar.y"
+#line 476 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_UINT16_AT_OFFSET, (yyvsp[-1].term), NULL, NULL); }
break;
case 69:
-#line 476 "grammar.y"
+#line 477 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_UINT32_AT_OFFSET, (yyvsp[-1].term), NULL, NULL); }
break;
case 70:
-#line 478 "grammar.y"
+#line 479 "grammar.y"
{
(yyval.term) = reduce_string_count((yyvsp[0].term));
@@ -1893,7 +1894,7 @@ yyreduce:
break;
case 71:
-#line 489 "grammar.y"
+#line 490 "grammar.y"
{
(yyval.term) = reduce_string_offset((yyvsp[0].term));
@@ -1907,32 +1908,32 @@ yyreduce:
break;
case 72:
-#line 499 "grammar.y"
+#line 500 "grammar.y"
{ (yyval.term) = (yyvsp[-1].term); }
break;
case 73:
-#line 500 "grammar.y"
+#line 501 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_ADD, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 74:
-#line 501 "grammar.y"
+#line 502 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_SUB, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 75:
-#line 502 "grammar.y"
+#line 503 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_MUL, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 76:
-#line 503 "grammar.y"
+#line 504 "grammar.y"
{ (yyval.term) = reduce_term(TERM_TYPE_DIV, (yyvsp[-2].term), (yyvsp[0].term), NULL); }
break;
case 78:
-#line 507 "grammar.y"
+#line 508 "grammar.y"
{ (yyval.term) = reduce_constant((yyvsp[0].integer)); }
break;
@@ -1940,7 +1941,7 @@ yyreduce:
}
/* Line 1037 of yacc.c. */
-#line 1944 "grammar.c"
+#line 1945 "grammar.c"
yyvsp -= yylen;
yyssp -= yylen;
@@ -2168,7 +2169,7 @@ yyreturn:
}
-#line 515 "grammar.y"
+#line 516 "grammar.y"
diff --git a/libyara/grammar.h b/libyara/grammar.h
index a022f63..38f548d 100644
--- a/libyara/grammar.h
+++ b/libyara/grammar.h
@@ -146,7 +146,7 @@
#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
-#line 94 "grammar.y"
+#line 95 "grammar.y"
typedef union YYSTYPE {
void* sized_string;
diff --git a/libyara/grammar.y b/libyara/grammar.y
index 09b63bd..76bdee5 100644
--- a/libyara/grammar.y
+++ b/libyara/grammar.y
@@ -7,10 +7,11 @@
#include "ast.h"
#include "error.h"
-#include "compile.h"
#include "sizedstr.h"
#include "mem.h"
+extern RULE_LIST* rule_list;
+
#define YYERROR_VERBOSE
//#define YYDEBUG 1
@@ -332,7 +333,7 @@ boolean_expression : _TRUE_ { $$ = reduce_consta
}
| _FOR_ expression _OF_ string_set ':'
{
- inside_for++;
+ inside_for++;
}
'(' boolean_expression ')'
{
@@ -349,7 +350,7 @@ boolean_expression : _TRUE_ { $$ = reduce_consta
}
| _FOR_ _ALL_ _OF_ string_set ':'
{
- inside_for++;
+ inside_for++;
}
'(' boolean_expression ')'
{
@@ -366,7 +367,7 @@ boolean_expression : _TRUE_ { $$ = reduce_consta
}
| _FOR_ _ANY_ _OF_ string_set ':'
{
- inside_for++;
+ inside_for++;
}
'(' boolean_expression ')'
{
diff --git a/libyara/lex.c b/libyara/lex.c
index ca40532..4a7aff0 100644
--- a/libyara/lex.c
+++ b/libyara/lex.c
@@ -517,11 +517,12 @@ char *yytext;
#include <stdio.h>
#include <string.h>
#include "grammar.h"
-#include "compile.h"
#include "error.h"
#include "xtoi.h"
#include "mem.h"
+#include "sizedstr.h"
+extern int line_number;
char string_buf[256];
char *string_buf_ptr;
@@ -532,7 +533,7 @@ unsigned short string_buf_len;
#define regexp 2
-#line 536 "lex.c"
+#line 537 "lex.c"
/* Macros after this point can all be overridden by user definitions in
* section 1.
@@ -683,10 +684,10 @@ YY_DECL
register char *yy_cp, *yy_bp;
register int yy_act;
-#line 31 "lex.l"
+#line 32 "lex.l"
-#line 690 "lex.c"
+#line 691 "lex.c"
if ( yy_init )
{
@@ -771,207 +772,207 @@ do_action: /* This label is used only to access EOF actions. */
case 1:
YY_RULE_SETUP
-#line 33 "lex.l"
+#line 34 "lex.l"
{ return _LT_; }
YY_BREAK
case 2:
YY_RULE_SETUP
-#line 34 "lex.l"
+#line 35 "lex.l"
{ return _GT_; }
YY_BREAK
case 3:
YY_RULE_SETUP
-#line 35 "lex.l"
+#line 36 "lex.l"
{ return _LE_; }
YY_BREAK
case 4:
YY_RULE_SETUP
-#line 36 "lex.l"
+#line 37 "lex.l"
{ return _GE_; }
YY_BREAK
case 5:
YY_RULE_SETUP
-#line 37 "lex.l"
+#line 38 "lex.l"
{ return _EQ_; }
YY_BREAK
case 6:
YY_RULE_SETUP
-#line 38 "lex.l"
+#line 39 "lex.l"
{ return _NEQ_; }
YY_BREAK
case 7:
YY_RULE_SETUP
-#line 39 "lex.l"
+#line 40 "lex.l"
{ return _PRIVATE_; }
YY_BREAK
case 8:
YY_RULE_SETUP
-#line 40 "lex.l"
+#line 41 "lex.l"
{ return _GLOBAL_; }
YY_BREAK
case 9:
YY_RULE_SETUP
-#line 41 "lex.l"
+#line 42 "lex.l"
{ return _RULE_; }
YY_BREAK
case 10:
YY_RULE_SETUP
-#line 42 "lex.l"
+#line 43 "lex.l"
{ return _STRINGS_; }
YY_BREAK
case 11:
YY_RULE_SETUP
-#line 43 "lex.l"
+#line 44 "lex.l"
{ return _ASCII_; }
YY_BREAK
case 12:
YY_RULE_SETUP
-#line 44 "lex.l"
+#line 45 "lex.l"
{ return _WIDE_; }
YY_BREAK
case 13:
YY_RULE_SETUP
-#line 45 "lex.l"
+#line 46 "lex.l"
{ return _FULLWORD_; }
YY_BREAK
case 14:
YY_RULE_SETUP
-#line 46 "lex.l"
+#line 47 "lex.l"
{ return _NOCASE_; }
YY_BREAK
case 15:
YY_RULE_SETUP
-#line 47 "lex.l"
+#line 48 "lex.l"
{ return _CONDITION_; }
YY_BREAK
case 16:
YY_RULE_SETUP
-#line 48 "lex.l"
+#line 49 "lex.l"
{ return _TRUE_; }
YY_BREAK
case 17:
YY_RULE_SETUP
-#line 49 "lex.l"
+#line 50 "lex.l"
{ return _FALSE_; }
YY_BREAK
case 18:
YY_RULE_SETUP
-#line 50 "lex.l"
+#line 51 "lex.l"
{ return _NOT_; }
YY_BREAK
case 19:
YY_RULE_SETUP
-#line 51 "lex.l"
+#line 52 "lex.l"
{ return _AND_; }
YY_BREAK
case 20:
YY_RULE_SETUP
-#line 52 "lex.l"
+#line 53 "lex.l"
{ return _OR_; }
YY_BREAK
case 21:
YY_RULE_SETUP
-#line 53 "lex.l"
+#line 54 "lex.l"
{ return _AT_; }
YY_BREAK
case 22:
YY_RULE_SETUP
-#line 54 "lex.l"
+#line 55 "lex.l"
{ return _IN_; }
YY_BREAK
case 23:
YY_RULE_SETUP
-#line 55 "lex.l"
+#line 56 "lex.l"
{ return _OF_; }
YY_BREAK
case 24:
YY_RULE_SETUP
-#line 56 "lex.l"
+#line 57 "lex.l"
{ return _THEM_; }
YY_BREAK
case 25:
YY_RULE_SETUP
-#line 57 "lex.l"
+#line 58 "lex.l"
{ return _FOR_; }
YY_BREAK
case 26:
YY_RULE_SETUP
-#line 58 "lex.l"
+#line 59 "lex.l"
{ return _ALL_; }
YY_BREAK
case 27:
YY_RULE_SETUP
-#line 59 "lex.l"
+#line 60 "lex.l"
{ return _ANY_; }
YY_BREAK
case 28:
YY_RULE_SETUP
-#line 60 "lex.l"
+#line 61 "lex.l"
{ return _ENTRYPOINT_; }
YY_BREAK
case 29:
YY_RULE_SETUP
-#line 61 "lex.l"
+#line 62 "lex.l"
{ return _SIZE_; }
YY_BREAK
case 30:
YY_RULE_SETUP
-#line 62 "lex.l"
+#line 63 "lex.l"
{ return _RVA_; }
YY_BREAK
case 31:
YY_RULE_SETUP
-#line 63 "lex.l"
+#line 64 "lex.l"
{ return _OFFSET_; }
YY_BREAK
case 32:
YY_RULE_SETUP
-#line 64 "lex.l"
+#line 65 "lex.l"
{ return _FILE_; }
YY_BREAK
case 33:
YY_RULE_SETUP
-#line 65 "lex.l"
+#line 66 "lex.l"
{ return _IS_; }
YY_BREAK
case 34:
YY_RULE_SETUP
-#line 66 "lex.l"
+#line 67 "lex.l"
{ return _SECTION_; }
YY_BREAK
case 35:
YY_RULE_SETUP
-#line 67 "lex.l"
+#line 68 "lex.l"
{ return _UINT8_; }
YY_BREAK
case 36:
YY_RULE_SETUP
-#line 68 "lex.l"
+#line 69 "lex.l"
{ return _UINT16_; }
YY_BREAK
case 37:
YY_RULE_SETUP
-#line 69 "lex.l"
+#line 70 "lex.l"
{ return _UINT32_; }
YY_BREAK
case 38:
YY_RULE_SETUP
-#line 70 "lex.l"
+#line 71 "lex.l"
{ return _INT8_; }
YY_BREAK
case 39:
YY_RULE_SETUP
-#line 71 "lex.l"
+#line 72 "lex.l"
{ return _INT16_; }
YY_BREAK
case 40:
YY_RULE_SETUP
-#line 72 "lex.l"
+#line 73 "lex.l"
{ return _INT32_; }
YY_BREAK
case 41:
YY_RULE_SETUP
-#line 76 "lex.l"
+#line 77 "lex.l"
{ /* skip comments */
char* line_break = strchr( yytext, '\n' );
@@ -985,7 +986,7 @@ YY_RULE_SETUP
YY_BREAK
case 42:
YY_RULE_SETUP
-#line 87 "lex.l"
+#line 88 "lex.l"
{ /* skip single-line comments */
line_number++;
@@ -993,7 +994,7 @@ YY_RULE_SETUP
YY_BREAK
case 43:
YY_RULE_SETUP
-#line 92 "lex.l"
+#line 93 "lex.l"
{
yylval.c_string = (char*) yr_strdup(yytext);
return _STRING_IDENTIFIER_WITH_WILDCARD_;
@@ -1001,7 +1002,7 @@ YY_RULE_SETUP
YY_BREAK
case 44:
YY_RULE_SETUP
-#line 97 "lex.l"
+#line 98 "lex.l"
{
yylval.c_string = (char*) yr_strdup(yytext);
return _STRING_IDENTIFIER_;
@@ -1009,7 +1010,7 @@ YY_RULE_SETUP
YY_BREAK
case 45:
YY_RULE_SETUP
-#line 103 "lex.l"
+#line 104 "lex.l"
{
yylval.c_string = (char*) yr_strdup(yytext);
yylval.c_string[0] = '$'; /* replace # by $*/
@@ -1018,7 +1019,7 @@ YY_RULE_SETUP
YY_BREAK
case 46:
YY_RULE_SETUP
-#line 109 "lex.l"
+#line 110 "lex.l"
{
yylval.c_string = (char*) yr_strdup(yytext);
yylval.c_string[0] = '$'; /* replace @ by $*/
@@ -1027,7 +1028,7 @@ YY_RULE_SETUP
YY_BREAK
case 47:
YY_RULE_SETUP
-#line 115 "lex.l"
+#line 116 "lex.l"
{
if (strlen(yytext) > 128)
{
@@ -1041,7 +1042,7 @@ YY_RULE_SETUP
YY_BREAK
case 48:
YY_RULE_SETUP
-#line 126 "lex.l"
+#line 127 "lex.l"
{
yylval.integer = (unsigned int) atoi(yytext);
@@ -1059,7 +1060,7 @@ YY_RULE_SETUP
YY_BREAK
case 49:
YY_RULE_SETUP
-#line 141 "lex.l"
+#line 142 "lex.l"
{
yylval.integer = xtoi(yytext + 2);
return _NUMBER_;
@@ -1067,7 +1068,7 @@ YY_RULE_SETUP
YY_BREAK
case 50:
YY_RULE_SETUP
-#line 146 "lex.l"
+#line 147 "lex.l"
{ /* saw closing quote - all done */
SIZED_STRING* s;
@@ -1095,22 +1096,22 @@ YY_RULE_SETUP
YY_BREAK
case 51:
YY_RULE_SETUP
-#line 171 "lex.l"
+#line 172 "lex.l"
{ *string_buf_ptr++ = '\t'; string_buf_len++; }
YY_BREAK
case 52:
YY_RULE_SETUP
-#line 172 "lex.l"
+#line 173 "lex.l"
{ *string_buf_ptr++ = '\"'; string_buf_len++; }
YY_BREAK
case 53:
YY_RULE_SETUP
-#line 173 "lex.l"
+#line 174 "lex.l"
{ *string_buf_ptr++ = '\\'; string_buf_len++; }
YY_BREAK
case 54:
YY_RULE_SETUP
-#line 175 "lex.l"
+#line 176 "lex.l"
{
int result;
@@ -1122,7 +1123,7 @@ YY_RULE_SETUP
YY_BREAK
case 55:
YY_RULE_SETUP
-#line 184 "lex.l"
+#line 185 "lex.l"
{
char *yptr = yytext;
@@ -1135,7 +1136,7 @@ YY_RULE_SETUP
YY_BREAK
case 56:
YY_RULE_SETUP
-#line 194 "lex.l"
+#line 195 "lex.l"
{
yyerror("unterminated string");
yyterminate();
@@ -1144,7 +1145,7 @@ YY_RULE_SETUP
YY_BREAK
case 57:
YY_RULE_SETUP
-#line 200 "lex.l"
+#line 201 "lex.l"
{
yyerror("illegal escape sequence");
yynerrs++;
@@ -1152,7 +1153,7 @@ YY_RULE_SETUP
YY_BREAK
case 58:
YY_RULE_SETUP
-#line 206 "lex.l"
+#line 207 "lex.l"
{
SIZED_STRING* s;
@@ -1179,7 +1180,7 @@ YY_RULE_SETUP
YY_BREAK
case 59:
YY_RULE_SETUP
-#line 230 "lex.l"
+#line 231 "lex.l"
{
*string_buf_ptr++ = '/';
string_buf_len++ ;
@@ -1187,7 +1188,7 @@ YY_RULE_SETUP
YY_BREAK
case 60:
YY_RULE_SETUP
-#line 235 "lex.l"
+#line 236 "lex.l"
{
*string_buf_ptr++ = yytext[0];
*string_buf_ptr++ = yytext[1];
@@ -1196,7 +1197,7 @@ YY_RULE_SETUP
YY_BREAK
case 61:
YY_RULE_SETUP
-#line 241 "lex.l"
+#line 242 "lex.l"
{
char *yptr = yytext;
@@ -1209,7 +1210,7 @@ YY_RULE_SETUP
YY_BREAK
case 62:
YY_RULE_SETUP
-#line 251 "lex.l"
+#line 252 "lex.l"
{
yyerror("unterminated regular expression");
yyterminate();
@@ -1218,7 +1219,7 @@ YY_RULE_SETUP
YY_BREAK
case 63:
YY_RULE_SETUP
-#line 257 "lex.l"
+#line 258 "lex.l"
{
string_buf_ptr = string_buf;
string_buf_len = 0;
@@ -1227,7 +1228,7 @@ YY_RULE_SETUP
YY_BREAK
case 64:
YY_RULE_SETUP
-#line 263 "lex.l"
+#line 264 "lex.l"
{
string_buf_ptr = string_buf;
string_buf_len = 0;
@@ -1236,7 +1237,7 @@ YY_RULE_SETUP
YY_BREAK
case 65:
YY_RULE_SETUP
-#line 270 "lex.l"
+#line 271 "lex.l"
{
int len = strlen(yytext);
@@ -1253,12 +1254,12 @@ YY_RULE_SETUP
YY_BREAK
case 66:
YY_RULE_SETUP
-#line 285 "lex.l"
+#line 286 "lex.l"
/* skip whitespace */
YY_BREAK
case 67:
YY_RULE_SETUP
-#line 287 "lex.l"
+#line 288 "lex.l"
{
line_number++;
@@ -1266,17 +1267,17 @@ YY_RULE_SETUP
YY_BREAK
case 68:
YY_RULE_SETUP
-#line 292 "lex.l"
+#line 293 "lex.l"
{
return yytext[0];
}
YY_BREAK
case 69:
YY_RULE_SETUP
-#line 295 "lex.l"
+#line 296 "lex.l"
ECHO;
YY_BREAK
-#line 1280 "lex.c"
+#line 1281 "lex.c"
case YY_STATE_EOF(INITIAL):
case YY_STATE_EOF(str):
case YY_STATE_EOF(regexp):
@@ -2164,7 +2165,7 @@ int main()
return 0;
}
#endif
-#line 295 "lex.l"
+#line 296 "lex.l"
diff --git a/libyara/lex.l b/libyara/lex.l
index 33fb1c4..53f4a8b 100644
--- a/libyara/lex.l
+++ b/libyara/lex.l
@@ -6,11 +6,12 @@
#include <stdio.h>
#include <string.h>
#include "grammar.h"
-#include "compile.h"
#include "error.h"
#include "xtoi.h"
#include "mem.h"
+#include "sizedstr.h"
+extern int line_number;
char string_buf[256];
char *string_buf_ptr;
diff --git a/libyara/libyara.c b/libyara/libyara.c
new file mode 100644
index 0000000..99f97d5
--- /dev/null
+++ b/libyara/libyara.c
@@ -0,0 +1,442 @@
+/*
+
+Copyright(c) 2007. Victor M. Alvarez [plusvic at gmail.com].
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+*/
+
+#include <string.h>
+
+#include "yara.h"
+#include "scan.h"
+#include "filemap.h"
+#include "mem.h"
+#include "error.h"
+#include "eval.h"
+
+extern FILE *yyin;
+extern int yydebug;
+
+int yylex (void);
+int yyparse (void);
+
+int line_number;
+const char* file_name;
+RULE_LIST* rule_list;
+
+
+void yr_set_file_name(const char* rules_file_name)
+{
+ file_name = rules_file_name;
+}
+
+void yr_init()
+{
+ yr_heap_alloc();
+}
+
+RULE_LIST* yr_alloc_rule_list()
+{
+ RULE_LIST* rule_list = (RULE_LIST*) yr_malloc(sizeof(RULE_LIST));
+
+ rule_list->head = NULL;
+ rule_list->tail = NULL;
+ rule_list->non_hashed_strings = NULL;
+
+ memset(rule_list->hash_table, 0, sizeof(rule_list->hash_table));
+
+ return rule_list;
+}
+
+
+void yr_free_rule_list(RULE_LIST* rule_list)
+{
+ RULE* rule;
+ RULE* next_rule;
+ STRING* string;
+ STRING* next_string;
+ MATCH* match;
+ MATCH* next_match;
+ TAG* tag;
+ TAG* next_tag;
+
+ rule = rule_list->head;
+
+ while (rule != NULL)
+ {
+ next_rule = rule->next;
+
+ string = rule->string_list_head;
+
+ while (string != NULL)
+ {
+ next_string = string->next;
+
+ yr_free(string->identifier);
+ yr_free(string->string);
+
+ if (IS_HEX(string))
+ {
+ yr_free(string->mask);
+ }
+ else if (IS_REGEXP(string))
+ {
+ pcre_free(string->re.regexp);
+ pcre_free(string->re.extra);
+ }
+
+ match = string->matches;
+
+ while (match != NULL)
+ {
+ next_match = match->next;
+ yr_free(match);
+ match = next_match;
+ }
+
+ yr_free(string);
+ string = next_string;
+ }
+
+ tag = rule->tag_list_head;
+
+ while (tag != NULL)
+ {
+ next_tag = tag->next;
+
+ yr_free(tag->identifier);
+ yr_free(tag);
+
+ tag = next_tag;
+ }
+
+ free_term(rule->condition);
+ yr_free(rule->identifier);
+ yr_free(rule);
+ rule = next_rule;
+ }
+
+ free_hash_table(rule_list);
+ yr_free(rule_list);
+}
+
+
+int yr_compile_file(FILE* rules_file, RULE_LIST* rules)
+{
+ rule_list = rules;
+ yyin = rules_file;
+
+ if (yyin != NULL)
+ {
+ //yydebug = 1;
+ line_number = 1;
+ yyparse();
+ }
+
+ return yynerrs;
+}
+
+
+int yr_prepare_rules(RULE_LIST* rule_list)
+{
+ RULE* rule;
+ STRING* string;
+ STRING_LIST_ENTRY* entry;
+ unsigned char x,y;
+ int next;
+ char hashable;
+
+ rule = rule_list->head;
+
+ while (rule != NULL)
+ {
+ string = rule->string_list_head;
+
+ while (string != NULL)
+ {
+ if (string->flags & STRING_FLAGS_REGEXP)
+ {
+ /* take into account anchors (^) at beginning of regular expressions */
+
+ if (string->string[0] == '^')
+ {
+ if (string->length > 2)
+ {
+ x = string->string[1];
+ y = string->string[2];
+ }
+ else
+ {
+ x = 0;
+ y = 0;
+ }
+ }
+ else
+ {
+ x = string->string[0];
+ y = string->string[1];
+ }
+
+ hashable = isalnum(x) && isalnum(y);
+ }
+ else
+ {
+ x = string->string[0];
+ y = string->string[1];
+
+ hashable = TRUE;
+
+ } /* if (string->flags & STRING_FLAGS_REGEXP) */
+
+ if (string->flags & STRING_FLAGS_HEXADECIMAL)
+ {
+ hashable = (string->mask[0] == 0xFF) && (string->mask[1] == 0xFF);
+ }
+
+ if (hashable && string->flags & STRING_FLAGS_NO_CASE)
+ {
+ /*
+ if string is case-insensitive add an entry in the hash table
+ for each posible combination
+ */
+
+ x = tolower(x);
+ y = tolower(y);
+
+ /* both lowercases */
+
+ entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
+
+ if (entry == NULL)
+ return ERROR_INSUFICIENT_MEMORY;
+
+ entry->next = rule_list->hash_table[x][y];
+ entry->string = string;
+ rule_list->hash_table[x][y] = entry;
+
+ /* X uppercase Y lowercase */
+
+ x = toupper(x);
+
+ entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
+
+ if (entry == NULL)
+ return ERROR_INSUFICIENT_MEMORY;
+
+ entry->next = rule_list->hash_table[x][y];
+ entry->string = string;
+ rule_list->hash_table[x][y] = entry;
+
+ /* both uppercases */
+
+ y = toupper(y);
+
+ entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
+
+ if (entry == NULL)
+ return ERROR_INSUFICIENT_MEMORY;
+
+ entry->next = rule_list->hash_table[x][y];
+ entry->string = string;
+ rule_list->hash_table[x][y] = entry;
+
+ /* X lowercase Y uppercase */
+
+ x = tolower(x);
+
+ entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
+
+ if (entry == NULL)
+ return ERROR_INSUFICIENT_MEMORY;
+
+ entry->next = rule_list->hash_table[x][y];
+ entry->string = string;
+ rule_list->hash_table[x][y] = entry;
+
+ }
+ else if (hashable)
+ {
+ entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
+
+ if (entry == NULL)
+ return ERROR_INSUFICIENT_MEMORY;
+
+ entry->next = rule_list->hash_table[x][y];
+ entry->string = string;
+ rule_list->hash_table[x][y] = entry;
+ }
+ else /* non hashable */
+ {
+ entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
+
+ if (entry == NULL)
+ return ERROR_INSUFICIENT_MEMORY;
+
+ entry->next = rule_list->non_hashed_strings;
+ entry->string = string;
+ rule_list->non_hashed_strings = entry;
+ }
+
+ string = string->next;
+ }
+
+ rule = rule->next;
+ }
+
+ return ERROR_SUCCESS;
+}
+
+
+
+int yr_scan_mem(unsigned char* buffer, unsigned int buffer_size, RULE_LIST* rule_list, YARACALLBACK callback, void* user_data)
+{
+ int error;
+ int global_rules_satisfied;
+ unsigned int i;
+ int file_is_pe;
+
+ RULE* rule;
+ EVALUATION_CONTEXT context;
+
+ context.file_size = buffer_size;
+ context.data = buffer;
+
+ file_is_pe = is_pe(buffer, buffer_size);
+
+ if (file_is_pe)
+ {
+ context.entry_point = get_entry_point_offset(buffer, buffer_size);
+ }
+
+ clear_marks(rule_list);
+
+ for (i = 0; i < buffer_size - 1; i++)
+ {
+ /* search for normal strings */
+ error = find_matches( buffer[i],
+ buffer[i + 1],
+ buffer + i,
+ buffer_size - i,
+ i,
+ STRING_FLAGS_HEXADECIMAL | STRING_FLAGS_ASCII,
+ i,
+ rule_list);
+
+ if (error != ERROR_SUCCESS)
+ return error;
+
+ /* search for wide strings */
+ if (i < buffer_size - 3 && buffer[i + 1] == 0 && buffer[i + 3] == 0)
+ {
+ error = find_matches( buffer[i],
+ buffer[i + 2],
+ buffer + i,
+ buffer_size - i,
+ i,
+ STRING_FLAGS_WIDE,
+ i,
+ rule_list);
+
+ if (error != ERROR_SUCCESS)
+ return error;
+ }
+ }
+
+ rule = rule_list->head;
+
+ /* evaluate global rules */
+
+ global_rules_satisfied = TRUE;
+
+ while (rule != NULL)
+ {
+ if (rule->flags & RULE_FLAGS_GLOBAL)
+ {
+ context.rule = rule;
+
+ if (evaluate(rule->condition, &context))
+ {
+ rule->flags |= RULE_FLAGS_MATCH;
+ }
+ else
+ {
+ global_rules_satisfied = FALSE;
+ }
+
+ if (!(rule->flags & RULE_FLAGS_PRIVATE))
+ {
+ if (callback(rule, buffer, buffer_size, user_data) != 0)
+ {
+ return ERROR_CALLBACK_ERROR;
+ }
+ }
+ }
+
+ rule = rule->next;
+ }
+
+ if (!global_rules_satisfied)
+ {
+ return ERROR_SUCCESS;
+ }
+
+ rule = rule_list->head;
+
+ while (rule != NULL)
+ {
+ /* skip global rules and privates rules */
+
+ if (rule->flags & RULE_FLAGS_GLOBAL || rule->flags & RULE_FLAGS_PRIVATE)
+ {
+ rule = rule->next;
+ continue;
+ }
+
+ /* evaluate only if file is PE or the rule does not requires PE files*/
+
+ if (file_is_pe || !(rule->flags & RULE_FLAGS_REQUIRE_PE_FILE))
+ {
+ context.rule = rule;
+
+ if (evaluate(rule->condition, &context))
+ {
+ rule->flags |= RULE_FLAGS_MATCH;
+ }
+ }
+
+ if (callback(rule, buffer, buffer_size, user_data) != 0)
+ {
+ return ERROR_CALLBACK_ERROR;
+ }
+
+ rule = rule->next;
+ }
+
+ return ERROR_SUCCESS;
+}
+
+
+int yr_scan_file(const char* file_path, RULE_LIST* rule_list, YARACALLBACK callback, void* user_data)
+{
+ MAPPED_FILE mfile;
+ int result;
+
+ result = map_file(file_path, &mfile);
+
+ if (result == ERROR_SUCCESS)
+ {
+ result = yr_scan_mem(mfile.data, (unsigned int) mfile.size, rule_list, callback, user_data);
+ unmap_file(&mfile);
+ }
+
+ return result;
+}
\ No newline at end of file
diff --git a/libyara/libyara.tmproj b/libyara/libyara.tmproj
index bdcfc9f..e426db7 100644
--- a/libyara/libyara.tmproj
+++ b/libyara/libyara.tmproj
@@ -3,7 +3,7 @@
<plist version="1.0">
<dict>
<key>currentDocument</key>
- <string>../yara.c</string>
+ <string>lex.l</string>
<key>documents</key>
<array>
<dict>
@@ -13,69 +13,69 @@
<key>filename</key>
<string>scan.c</string>
<key>lastUsed</key>
- <date>2009-03-06T13:22:41Z</date>
+ <date>2009-03-14T13:44:29Z</date>
</dict>
<dict>
<key>filename</key>
<string>pefile.c</string>
<key>lastUsed</key>
- <date>2009-03-06T13:29:59Z</date>
+ <date>2009-03-14T13:50:02Z</date>
</dict>
<dict>
<key>filename</key>
<string>filemap.c</string>
<key>lastUsed</key>
- <date>2009-03-06T13:30:09Z</date>
+ <date>2009-03-13T14:12:00Z</date>
</dict>
<dict>
<key>filename</key>
<string>eval.c</string>
<key>lastUsed</key>
- <date>2009-03-02T21:50:00Z</date>
+ <date>2009-03-14T13:50:05Z</date>
</dict>
<dict>
<key>filename</key>
<string>error.c</string>
<key>lastUsed</key>
- <date>2009-03-06T12:27:05Z</date>
+ <date>2009-03-14T13:49:57Z</date>
</dict>
<dict>
<key>filename</key>
<string>compile.c</string>
<key>lastUsed</key>
- <date>2009-03-02T19:31:18Z</date>
+ <date>2009-03-14T13:49:55Z</date>
</dict>
<dict>
<key>filename</key>
<string>ast.c</string>
<key>lastUsed</key>
- <date>2009-03-06T13:28:12Z</date>
+ <date>2009-03-13T14:11:01Z</date>
</dict>
<dict>
<key>filename</key>
<string>lex.l</string>
<key>lastUsed</key>
- <date>2009-03-06T13:29:07Z</date>
+ <date>2009-03-14T13:50:16Z</date>
+ <key>selected</key>
+ <true/>
</dict>
<dict>
<key>filename</key>
<string>grammar.y</string>
<key>lastUsed</key>
- <date>2009-03-06T13:28:56Z</date>
+ <date>2009-03-14T13:50:16Z</date>
</dict>
<dict>
<key>filename</key>
<string>../yara.c</string>
<key>lastUsed</key>
- <date>2009-03-06T14:07:26Z</date>
- <key>selected</key>
- <true/>
+ <date>2009-03-14T13:50:08Z</date>
</dict>
<dict>
<key>filename</key>
<string>mem.c</string>
<key>lastUsed</key>
- <date>2009-03-06T14:07:26Z</date>
+ <date>2009-03-14T13:17:04Z</date>
</dict>
</array>
<key>expanded</key>
@@ -90,7 +90,7 @@
<key>filename</key>
<string>yara.h</string>
<key>lastUsed</key>
- <date>2009-03-06T13:22:32Z</date>
+ <date>2009-03-14T13:49:50Z</date>
</dict>
<dict>
<key>filename</key>
@@ -114,7 +114,7 @@
<key>filename</key>
<string>filemap.h</string>
<key>lastUsed</key>
- <date>2009-03-06T13:22:30Z</date>
+ <date>2009-03-14T13:49:49Z</date>
</dict>
<dict>
<key>filename</key>
@@ -126,13 +126,13 @@
<key>filename</key>
<string>error.h</string>
<key>lastUsed</key>
- <date>2009-03-06T12:26:51Z</date>
+ <date>2009-03-14T13:49:59Z</date>
</dict>
<dict>
<key>filename</key>
<string>compile.h</string>
<key>lastUsed</key>
- <date>2009-03-06T13:06:58Z</date>
+ <date>2009-03-14T13:49:58Z</date>
</dict>
<dict>
<key>filename</key>
@@ -144,13 +144,13 @@
<key>filename</key>
<string>sizedstr.h</string>
<key>lastUsed</key>
- <date>2009-03-02T19:37:11Z</date>
+ <date>2009-03-14T13:49:52Z</date>
</dict>
<dict>
<key>filename</key>
<string>mem.h</string>
<key>lastUsed</key>
- <date>2009-03-06T13:25:19Z</date>
+ <date>2009-03-13T14:11:04Z</date>
</dict>
</array>
<key>expanded</key>
@@ -168,14 +168,14 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>10</integer>
+ <integer>3</integer>
<key>line</key>
- <integer>379</integer>
+ <integer>478</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>364</integer>
+ <integer>0</integer>
</dict>
<key>ast.c</key>
<dict>
@@ -184,12 +184,12 @@
<key>column</key>
<integer>20</integer>
<key>line</key>
- <integer>810</integer>
+ <integer>844</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>790</integer>
+ <integer>594</integer>
</dict>
<key>ast.h</key>
<dict>
@@ -226,9 +226,9 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>12</integer>
+ <integer>19</integer>
<key>line</key>
- <integer>6</integer>
+ <integer>39</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
@@ -289,7 +289,7 @@
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>79</integer>
+ <integer>0</integer>
</dict>
<key>eval.h</key>
<dict>
@@ -368,65 +368,49 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>23</integer>
+ <integer>32</integer>
<key>line</key>
- <integer>433</integer>
+ <integer>363</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>387</integer>
+ <integer>0</integer>
</dict>
<key>lex.l</key>
<dict>
<key>caret</key>
<dict>
<key>column</key>
- <integer>0</integer>
+ <integer>18</integer>
<key>line</key>
- <integer>6</integer>
+ <integer>8</integer>
</dict>
- <key>columnSelection</key>
- <false/>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
<integer>0</integer>
- <key>selectFrom</key>
- <dict>
- <key>column</key>
- <integer>19</integer>
- <key>line</key>
- <integer>6</integer>
- </dict>
- <key>selectTo</key>
- <dict>
- <key>column</key>
- <integer>0</integer>
- <key>line</key>
- <integer>6</integer>
- </dict>
</dict>
<key>mem.c</key>
<dict>
<key>caret</key>
<dict>
<key>column</key>
- <integer>19</integer>
+ <integer>1</integer>
<key>line</key>
- <integer>49</integer>
+ <integer>41</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>21</integer>
+ <integer>15</integer>
</dict>
<key>mem.h</key>
<dict>
<key>caret</key>
<dict>
<key>column</key>
- <integer>6</integer>
+ <integer>0</integer>
<key>line</key>
<integer>16</integer>
</dict>
@@ -447,7 +431,7 @@
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>54</integer>
+ <integer>0</integer>
</dict>
<key>pefile.h</key>
<dict>
@@ -468,14 +452,14 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>16</integer>
+ <integer>7</integer>
<key>line</key>
- <integer>26</integer>
+ <integer>720</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>0</integer>
+ <integer>826</integer>
</dict>
<key>sizedstr.h</key>
<dict>
@@ -496,14 +480,14 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>31</integer>
+ <integer>5</integer>
<key>line</key>
- <integer>187</integer>
+ <integer>195</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>157</integer>
+ <integer>146</integer>
</dict>
</dict>
<key>openDocuments</key>
diff --git a/libyara/mem.c b/libyara/mem.c
index 67ba00b..72d3d63 100644
--- a/libyara/mem.c
+++ b/libyara/mem.c
@@ -18,15 +18,27 @@ GNU General Public License for more details.
#include <windows.h>
+static HANDLE hHeap;
+
+void yr_heap_alloc()
+{
+ hHeap = HeapCreate(0, 0x8000, 0);
+}
+
+void yr_heap_free()
+{
+ HeapDestroy(hHeap);
+}
+
void* yr_malloc(size_t size)
{
- return (void*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
+ return (void*) HeapAlloc(hHeap, HEAP_ZERO_MEMORY, size);
}
void yr_free(void* ptr)
{
- HeapFree(GetProcessHeap(), 0, ptr);
+ HeapFree(hHeap, 0, ptr);
}
@@ -49,6 +61,16 @@ char* yr_strdup(const char *s)
#include <stdlib.h>
#include <string.h>
+void yr_heap_alloc()
+{
+ return;
+}
+
+void yr_heap_free()
+{
+ return;
+}
+
void* yr_malloc(size_t size)
{
return malloc(size);
diff --git a/libyara/mem.h b/libyara/mem.h
index 9d34fc2..f10d049 100644
--- a/libyara/mem.h
+++ b/libyara/mem.h
@@ -14,8 +14,15 @@ GNU General Public License for more details.
*/
+#ifndef _MEM_H
+#define _MEM_H
+
+void yr_heap_alloc();
+void yr_heap_free();
void* yr_malloc(size_t size);
void yr_free(void *ptr);
char* yr_strdup(const char *s);
+#endif
+
diff --git a/libyara/pefile.h b/libyara/pefile.h
index d1052a5..97714bb 100644
--- a/libyara/pefile.h
+++ b/libyara/pefile.h
@@ -13,6 +13,11 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
*/
+#ifndef _PE_H
+#define _PE_H
int is_pe(unsigned char* buffer, unsigned int buffer_length);
int get_entry_point_offset(unsigned char* buffer, unsigned int buffer_length);
+
+#endif
+
diff --git a/libyara/scan.c b/libyara/scan.c
index ebd1972..fbe7386 100644
--- a/libyara/scan.c
+++ b/libyara/scan.c
@@ -25,6 +25,7 @@ GNU General Public License for more details.
#include "pefile.h"
#include "error.h"
#include "mem.h"
+#include "eval.h"
#ifndef TRUE
#define TRUE 1
@@ -41,7 +42,6 @@ GNU General Public License for more details.
/* Function implementations */
-
inline int compare(char* str1, char* str2, int len)
{
char* s1 = str1;
@@ -281,154 +281,6 @@ int regexp_match(unsigned char* buffer, unsigned int buffer_size, unsigned char*
return 0;
}
-int init_hash_table(RULE_LIST* rule_list)
-{
- RULE* rule;
- STRING* string;
- STRING_LIST_ENTRY* entry;
- unsigned char x,y;
- int next;
- char hashable;
-
- rule = rule_list->head;
-
- while (rule != NULL)
- {
- string = rule->string_list_head;
-
- while (string != NULL)
- {
- if (string->flags & STRING_FLAGS_REGEXP)
- {
- /* take into account anchors (^) at beginning of regular expressions */
-
- if (string->string[0] == '^')
- {
- if (string->length > 2)
- {
- x = string->string[1];
- y = string->string[2];
- }
- else
- {
- x = 0;
- y = 0;
- }
- }
- else
- {
- x = string->string[0];
- y = string->string[1];
- }
-
- hashable = isalnum(x) && isalnum(y);
- }
- else
- {
- x = string->string[0];
- y = string->string[1];
-
- hashable = TRUE;
-
- } /* if (string->flags & STRING_FLAGS_REGEXP) */
-
- if (string->flags & STRING_FLAGS_HEXADECIMAL)
- {
- hashable = (string->mask[0] == 0xFF) && (string->mask[1] == 0xFF);
- }
-
- if (hashable && string->flags & STRING_FLAGS_NO_CASE)
- {
- /*
- if string is case-insensitive add an entry in the hash table
- for each posible combination
- */
-
- x = tolower(x);
- y = tolower(y);
-
- /* both lowercases */
-
- entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
-
- if (entry == NULL)
- return ERROR_INSUFICIENT_MEMORY;
-
- entry->next = rule_list->hash_table[x][y];
- entry->string = string;
- rule_list->hash_table[x][y] = entry;
-
- /* X uppercase Y lowercase */
-
- x = toupper(x);
-
- entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
-
- if (entry == NULL)
- return ERROR_INSUFICIENT_MEMORY;
-
- entry->next = rule_list->hash_table[x][y];
- entry->string = string;
- rule_list->hash_table[x][y] = entry;
-
- /* both uppercases */
-
- y = toupper(y);
-
- entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
-
- if (entry == NULL)
- return ERROR_INSUFICIENT_MEMORY;
-
- entry->next = rule_list->hash_table[x][y];
- entry->string = string;
- rule_list->hash_table[x][y] = entry;
-
- /* X lowercase Y uppercase */
-
- x = tolower(x);
-
- entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
-
- if (entry == NULL)
- return ERROR_INSUFICIENT_MEMORY;
-
- entry->next = rule_list->hash_table[x][y];
- entry->string = string;
- rule_list->hash_table[x][y] = entry;
-
- }
- else if (hashable)
- {
- entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
-
- if (entry == NULL)
- return ERROR_INSUFICIENT_MEMORY;
-
- entry->next = rule_list->hash_table[x][y];
- entry->string = string;
- rule_list->hash_table[x][y] = entry;
- }
- else /* non hashable */
- {
- entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
-
- if (entry == NULL)
- return ERROR_INSUFICIENT_MEMORY;
-
- entry->next = rule_list->non_hashed_strings;
- entry->string = string;
- rule_list->non_hashed_strings = entry;
- }
-
- string = string->next;
- }
-
- rule = rule->next;
- }
-
- return ERROR_SUCCESS;
-}
void free_hash_table(RULE_LIST* rule_list)
{
@@ -686,7 +538,7 @@ int find_matches_for_strings( STRING_LIST_ENTRY* first_string,
}
-inline int find_matches( unsigned char first_char,
+int find_matches( unsigned char first_char,
unsigned char second_char,
unsigned char* buffer,
unsigned int buffer_size,
@@ -718,147 +570,6 @@ inline int find_matches( unsigned char first_char,
return result;
}
-int scan_mem(unsigned char* buffer, unsigned int buffer_size, RULE_LIST* rule_list, YARACALLBACK callback, void* user_data)
-{
- int error;
- int global_rules_satisfied;
- unsigned int i;
- int file_is_pe;
-
- RULE* rule;
- EVALUATION_CONTEXT context;
-
- context.file_size = buffer_size;
- context.data = buffer;
-
- file_is_pe = is_pe(buffer, buffer_size);
-
- if (file_is_pe)
- {
- context.entry_point = get_entry_point_offset(buffer, buffer_size);
- }
-
- clear_marks(rule_list);
-
- for (i = 0; i < buffer_size - 1; i++)
- {
- /* search for normal strings */
- error = find_matches( buffer[i],
- buffer[i + 1],
- buffer + i,
- buffer_size - i,
- i,
- STRING_FLAGS_HEXADECIMAL | STRING_FLAGS_ASCII,
- i,
- rule_list);
-
- if (error != ERROR_SUCCESS)
- return error;
-
- /* search for wide strings */
- if (i < buffer_size - 3 && buffer[i + 1] == 0 && buffer[i + 3] == 0)
- {
- error = find_matches( buffer[i],
- buffer[i + 2],
- buffer + i,
- buffer_size - i,
- i,
- STRING_FLAGS_WIDE,
- i,
- rule_list);
-
- if (error != ERROR_SUCCESS)
- return error;
- }
- }
-
- rule = rule_list->head;
-
- /* evaluate global rules */
-
- global_rules_satisfied = TRUE;
-
- while (rule != NULL)
- {
- if (rule->flags & RULE_FLAGS_GLOBAL)
- {
- context.rule = rule;
-
- if (evaluate(rule->condition, &context))
- {
- rule->flags |= RULE_FLAGS_MATCH;
- }
- else
- {
- global_rules_satisfied = FALSE;
- }
-
- if (!(rule->flags & RULE_FLAGS_PRIVATE))
- {
- if (callback(rule, buffer, buffer_size, user_data) != 0)
- {
- return ERROR_CALLBACK_ERROR;
- }
- }
- }
-
- rule = rule->next;
- }
-
- if (!global_rules_satisfied)
- {
- return ERROR_SUCCESS;
- }
-
- rule = rule_list->head;
-
- while (rule != NULL)
- {
- /* skip global rules and privates rules */
-
- if (rule->flags & RULE_FLAGS_GLOBAL || rule->flags & RULE_FLAGS_PRIVATE)
- {
- rule = rule->next;
- continue;
- }
-
- /* evaluate only if file is PE or the rule does not requires PE files*/
-
- if (file_is_pe || !(rule->flags & RULE_FLAGS_REQUIRE_PE_FILE))
- {
- context.rule = rule;
-
- if (evaluate(rule->condition, &context))
- {
- rule->flags |= RULE_FLAGS_MATCH;
- }
- }
-
- if (callback(rule, buffer, buffer_size, user_data) != 0)
- {
- return ERROR_CALLBACK_ERROR;
- }
-
- rule = rule->next;
- }
-
- return ERROR_SUCCESS;
-}
-
-int scan_file(const char* file_path, RULE_LIST* rule_list, YARACALLBACK callback, void* user_data)
-{
- MAPPED_FILE mfile;
- int result;
- result = map_file(file_path, &mfile);
-
- if (result == ERROR_SUCCESS)
- {
- result = scan_mem(mfile.data, (unsigned int) mfile.size, rule_list, callback, user_data);
- unmap_file(&mfile);
- }
-
- return result;
-}
diff --git a/libyara/yara.h b/libyara/yara.h
index 461cdb8..daa8451 100644
--- a/libyara/yara.h
+++ b/libyara/yara.h
@@ -173,29 +173,27 @@ STRING* lookup_string(STRING* string_list_head, char* identifier);
TAG* lookup_tag(TAG* tag_list_head, char* identifier);
+void yr_init();
+RULE_LIST* yr_alloc_rule_list();
+void yr_free_rule_list(RULE_LIST* rule_list);
-RULE_LIST* alloc_rule_list();
-void free_rule_list(RULE_LIST* rule_list);
+void yr_set_file_name(const char* rules_file_name);
-void set_file_name(const char* rules_file_name);
-int compile_rules(FILE* rules_file, RULE_LIST* rules);
+int yr_compile_file(FILE* rules_file, RULE_LIST* rules);
-int init_hash_table(RULE_LIST* rule_list);
-void free_hash_table(RULE_LIST* rule_list);
+int yr_prepare_rules(RULE_LIST* rule_list);
typedef int (*YARACALLBACK)(RULE* rule, unsigned char* buffer, unsigned int buffer_size, void* data);
-int scan_mem(unsigned char* buffer, unsigned int buffer_size, RULE_LIST* rule_list, YARACALLBACK callback, void* user_data);
-int scan_file(const char* file_path, RULE_LIST* rule_list, YARACALLBACK callback, void* user_data);
+int yr_scan_mem(unsigned char* buffer, unsigned int buffer_size, RULE_LIST* rule_list, YARACALLBACK callback, void* user_data);
+int yr_scan_file(const char* file_path, RULE_LIST* rule_list, YARACALLBACK callback, void* user_data);
typedef void (*YARAREPORT)(const char* file_name, int line_number, const char* error_message);
-int get_last_error();
-int get_error_line_number();
-char* get_last_error_message();
-void set_report_function(YARAREPORT fn);
-
-
+int yr_get_last_error();
+int yr_get_error_line_number();
+char* yr_get_last_error_message();
+void yr_set_report_function(YARAREPORT fn);
#endif
diff --git a/yara-python/yara-python.c b/yara-python/yara-python.c
index 655b1ef..547b33f 100644
--- a/yara-python/yara-python.c
+++ b/yara-python/yara-python.c
@@ -256,7 +256,7 @@ static PyObject * Rules_NEW(FILE* file)
Rules* object;
int errors;
- rules = alloc_rule_list();
+ rules = yr_alloc_rule_list();
if (rules == NULL)
{
@@ -265,23 +265,23 @@ static PyObject * Rules_NEW(FILE* file)
if (file == NULL)
{
- free_rule_list(rules);
+ yr_free_rule_list(rules);
return PyErr_SetFromErrno(PyExc_IOError);
}
- errors = compile_rules(file, rules);
+ errors = yr_compile_file(file, rules);
if (errors > 0) /* errors during compilation */
{
- free_rule_list(rules);
- return PyErr_Format(YaraSyntaxError, "line %d: %s", get_error_line_number(), get_last_error_message());
+ yr_free_rule_list(rules);
+ return PyErr_Format(YaraSyntaxError, "line %d: %s", yr_get_error_line_number(), yr_get_last_error_message());
}
object = PyObject_NEW(Rules, &Rules_Type);
if (object != NULL)
{
- init_hash_table(rules);
+ yr_prepare_rules(rules);
object->rules = rules;
}
@@ -290,8 +290,7 @@ static PyObject * Rules_NEW(FILE* file)
static void Rules_dealloc(PyObject *self)
{
- free_hash_table(((Rules*) self)->rules);
- free_rule_list(((Rules*) self)->rules);
+ yr_free_rule_list(((Rules*) self)->rules);
PyObject_Del(self);
}
@@ -378,7 +377,7 @@ PyObject * Rules_match(PyObject *self, PyObject *args, PyObject *keywords)
if (filepath != NULL)
{
- result = scan_file(filepath, object->rules, callback, matches);
+ result = yr_scan_file(filepath, object->rules, callback, matches);
if (result != ERROR_SUCCESS)
{
@@ -399,7 +398,7 @@ PyObject * Rules_match(PyObject *self, PyObject *args, PyObject *keywords)
}
else if (data != NULL)
{
- result = scan_mem((unsigned char*) data, (unsigned int) length, object->rules, callback, matches);
+ result = yr_scan_mem((unsigned char*) data, (unsigned int) length, object->rules, callback, matches);
if (result != ERROR_SUCCESS)
{
@@ -496,6 +495,8 @@ static PyMethodDef methods[] = {
void inityara(void)
{
PyObject *m, *d;
+
+ yr_init();
m = Py_InitModule3("yara", methods, module_doc);
d = PyModule_GetDict(m);
diff --git a/yara.c b/yara.c
index 8928070..6be5d05 100644
--- a/yara.c
+++ b/yara.c
@@ -105,7 +105,7 @@ void scan_dir(const char* dir, int recursive, RULE_LIST* rules, YARACALLBACK cal
if (!(FindFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
{
//printf("Processing %s...\n", FindFileData.cFileName);
- scan_file(full_path, rules, callback, full_path);
+ yr_scan_file(full_path, rules, callback, full_path);
}
else if (recursive && FindFileData.cFileName[0] != '.' )
{
@@ -156,7 +156,7 @@ void scan_dir(const char* dir, int recursive, RULE_LIST* rules, YARACALLBACK cal
if(S_ISREG(st.st_mode))
{
//printf("Processing %s\n", de->d_name);
- scan_file(full_path, rules, callback, full_path);
+ yr_scan_file(full_path, rules, callback, full_path);
}
else if(recursive && S_ISDIR(st.st_mode) && de->d_name[0] != '.')
{
@@ -463,12 +463,14 @@ int main(int argc, char const* argv[])
return 0;
}
- rules = alloc_rule_list();
+ yr_init();
+
+ rules = yr_alloc_rule_list();
if (rules == NULL)
return 0;
- set_report_function(report_error);
+ yr_set_report_function(report_error);
for (i = optind; i < argc - 1; i++)
{
@@ -476,15 +478,15 @@ int main(int argc, char const* argv[])
if (rule_file != NULL)
{
- set_file_name(argv[i]);
+ yr_set_file_name(argv[i]);
- errors = compile_rules(rule_file, rules);
+ errors = yr_compile_file(rule_file, rules);
fclose(rule_file);
if (errors > 0) /* errors during compilation */
{
- free_rule_list(rules);
+ yr_free_rule_list(rules);
return 0;
}
}
@@ -496,18 +498,18 @@ int main(int argc, char const* argv[])
if (optind == argc - 1) /* no rule files, read rules from stdin */
{
- set_file_name("stdin");
+ yr_set_file_name("stdin");
- errors = compile_rules(stdin, rules);
+ errors = yr_compile_file(stdin, rules);
if (errors > 0) /* errors during compilation */
{
- free_rule_list(rules);
+ yr_free_rule_list(rules);
return 0;
}
}
- init_hash_table(rules);
+ yr_prepare_rules(rules);
if (is_directory(argv[argc - 1]))
{
@@ -515,11 +517,10 @@ int main(int argc, char const* argv[])
}
else
{
- scan_file(argv[argc - 1], rules, callback, (void*) argv[argc - 1]);
+ yr_scan_file(argv[argc - 1], rules, callback, (void*) argv[argc - 1]);
}
- free_hash_table(rules);
- free_rule_list(rules);
+ yr_free_rule_list(rules);
/* free tag list allocated by process_cmd_line */
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list