[Forensics-changes] [yara] 13/415: Added support for anonymous strings
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:42:38 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 9a4ea535a87466e3610a009ab38987e1515d141c
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Wed Feb 4 10:18:13 2009 +0000
Added support for anonymous strings
---
ChangeLog | 1 +
libyara/grammar.c | 9 ++++++++-
libyara/grammar.y | 9 ++++++++-
libyara/yara.h | 12 ++++++------
4 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index a32413f..255024a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,7 @@ version 1.1 (05/01/2009)
version 1.2
* added support for global rules
* added support for declaring alternative sub-strings in hex strings
+ * added support for anonymous strings
* "widechar" is now "wide" and can be used in conjuntion with "ascii"
* some performance improvements
* BUGFIX: Wrong behavior of escaped characters in regular expressions
diff --git a/libyara/grammar.c b/libyara/grammar.c
index 4711caf..10842fc 100644
--- a/libyara/grammar.c
+++ b/libyara/grammar.c
@@ -1992,6 +1992,11 @@ STRING* reduce_string_declaration(char* identifier, SIZED_STRING* str, int flags
char tmp[200];
STRING* string = NULL;
+ if (strcmp(identifier,"$") == 0)
+ {
+ flags |= STRING_FLAGS_ANONYMOUS;
+ }
+
last_error = new_string(identifier, str, flags, &string);
if (last_error == ERROR_INVALID_REGULAR_EXPRESSION)
@@ -2011,7 +2016,9 @@ STRING* reduce_string_declaration(char* identifier, SIZED_STRING* str, int flags
STRING* reduce_strings(STRING* string_list_head, STRING* string)
{
- if (lookup_string(string_list_head,string->identifier) == NULL) /* no strings with the same identifier */
+ /* no strings with the same identifier, except for anonymous strings */
+
+ if (IS_ANONYMOUS(string) || lookup_string(string_list_head,string->identifier) == NULL)
{
string->next = string_list_head;
current_rule_strings = string;
diff --git a/libyara/grammar.y b/libyara/grammar.y
index c560b32..8cc4407 100644
--- a/libyara/grammar.y
+++ b/libyara/grammar.y
@@ -401,6 +401,11 @@ STRING* reduce_string_declaration(char* identifier, SIZED_STRING* str, int flags
char tmp[200];
STRING* string = NULL;
+ if (strcmp(identifier,"$") == 0)
+ {
+ flags |= STRING_FLAGS_ANONYMOUS;
+ }
+
last_error = new_string(identifier, str, flags, &string);
if (last_error == ERROR_INVALID_REGULAR_EXPRESSION)
@@ -420,7 +425,9 @@ STRING* reduce_string_declaration(char* identifier, SIZED_STRING* str, int flags
STRING* reduce_strings(STRING* string_list_head, STRING* string)
{
- if (lookup_string(string_list_head,string->identifier) == NULL) /* no strings with the same identifier */
+ /* no strings with the same identifier, except for anonymous strings */
+
+ if (IS_ANONYMOUS(string) || lookup_string(string_list_head,string->identifier) == NULL)
{
string->next = string_list_head;
current_rule_strings = string;
diff --git a/libyara/yara.h b/libyara/yara.h
index f18123d..91ac822 100644
--- a/libyara/yara.h
+++ b/libyara/yara.h
@@ -41,11 +41,7 @@ GNU General Public License for more details.
#define STRING_FLAGS_WIDE 0x20
#define STRING_FLAGS_REGEXP 0x40
#define STRING_FLAGS_FULL_WORD 0x80
-
-#define RULE_FLAGS_MATCH 0x01
-#define RULE_FLAGS_PRIVATE 0x02
-#define RULE_FLAGS_GLOBAL 0x04
-#define RULE_FLAGS_REQUIRE_PE_FILE 0x08
+#define STRING_FLAGS_ANONYMOUS 0x100
#define IS_HEX(x) (((x)->flags) & STRING_FLAGS_HEXADECIMAL)
#define IS_NO_CASE(x) (((x)->flags) & STRING_FLAGS_NO_CASE)
@@ -53,8 +49,12 @@ GNU General Public License for more details.
#define IS_WIDE(x) (((x)->flags) & STRING_FLAGS_WIDE)
#define IS_REGEXP(x) (((x)->flags) & STRING_FLAGS_REGEXP)
#define IS_FULL_WORD(x) (((x)->flags) & STRING_FLAGS_FULL_WORD)
+#define IS_ANONYMOUS(x) (((x)->flags) & STRING_FLAGS_ANONYMOUS)
-
+#define RULE_FLAGS_MATCH 0x01
+#define RULE_FLAGS_PRIVATE 0x02
+#define RULE_FLAGS_GLOBAL 0x04
+#define RULE_FLAGS_REQUIRE_PE_FILE 0x08
#ifndef ERROR_SUCCESS
#define ERROR_SUCCESS 0
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list