[Forensics-changes] [yara] 277/415: Implement fast matching mode

Hilko Bengen bengen at moszumanska.debian.org
Thu Apr 3 05:43:14 UTC 2014 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit 43eecfea38aba434eb773b0ab307b3cebd650403
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Tue Dec 3 11:48:56 2013 +0100

    Implement fast matching mode
---
 libyara/rules.c | 14 +++++++++++---
 yara.c          |  5 +++--
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/libyara/rules.c b/libyara/rules.c
index 509c08d..d20ead1 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -649,13 +649,19 @@ inline int _yr_scan_verify_match(
     uint8_t* data,
     size_t data_size,
     size_t offset,
-    YR_ARENA* matches_arena)
+    YR_ARENA* matches_arena,
+    int fast_scan_mode)
 {
   YR_STRING* string = ac_match->string;
 
   if (data_size - offset <= 0)
     return ERROR_SUCCESS;
 
+  if (fast_scan_mode &&
+      STRING_IS_SINGLE_MATCH(string) &&
+      STRING_FOUND(string))
+    return ERROR_SUCCESS;
+
   if (STRING_IS_LITERAL(string))
   {
     FAIL_ON_ERROR(_yr_scan_verify_literal_match(
@@ -829,7 +835,8 @@ int yr_rules_scan_mem_block(
               data,
               data_size,
               offset,
-              matches_arena);
+              matches_arena,
+              fast_scan_mode);
       }
 
       ac_match = ac_match->next;
@@ -866,7 +873,8 @@ int yr_rules_scan_mem_block(
         data,
         data_size,
         data_size - ac_match->backtrack,
-        matches_arena);
+        matches_arena,
+        fast_scan_mode);
 
     ac_match = ac_match->next;
   }
diff --git a/yara.c b/yara.c
index 1f49e6a..1b678a1 100644
--- a/yara.c
+++ b/yara.c
@@ -49,11 +49,12 @@ limitations under the License.
 "  -g                       print tags.\n"\
 "  -m                       print metadata.\n"\
 "  -s                       print matching strings.\n"\
-"  -l <number>              abort scanning after matching a <number> rules.\n"\
+"  -l <number>              abort scanning after matching a number rules.\n"\
 "  -a <seconds>             abort scanning after a number of seconds has elapsed.\n"\
 "  -d <identifier>=<value>  define external variable.\n"\
 "  -r                       recursively search directories.\n"\
-"  -w                       disable warnings."\
+"  -f                       fast matching mode.\n"\
+"  -w                       disable warnings.\n"\
 "  -v                       show version information.\n"
 
 #define EXTERNAL_TYPE_INTEGER   1

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list