[Forensics-changes] [yara] 84/160: Implement -D (--print-module-info).
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:29:21 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.4.0
in repository yara.
commit 78336a1a92528b76c319127a381b575d4724ab9c
Author: Wesley Shields <wxs at atarininja.org>
Date: Tue Apr 21 13:40:16 2015 -0400
Implement -D (--print-module-info).
Define another flag (SHOW_MODULE_INFO) which, when set, will dump the
module information via yr_modules_print_data.
---
libyara/include/yara/scan.h | 2 ++
libyara/rules.c | 5 ++---
yara.c | 28 +++++++++++++++++++++++++---
3 files changed, 29 insertions(+), 6 deletions(-)
diff --git a/libyara/include/yara/scan.h b/libyara/include/yara/scan.h
index c0eb3d2..705f82d 100644
--- a/libyara/include/yara/scan.h
+++ b/libyara/include/yara/scan.h
@@ -19,8 +19,10 @@ limitations under the License.
#include <yara/types.h>
+// Bitmasks for flags.
#define SCAN_FLAGS_FAST_MODE 1
#define SCAN_FLAGS_PROCESS_MEMORY 2
+#define SHOW_MODULE_INFO 4
int yr_scan_verify_match(
diff --git a/libyara/rules.c b/libyara/rules.c
index 85cd2f9..7894b0b 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -470,9 +470,8 @@ YR_API int yr_rules_scan_mem_blocks(
_exit:
- #ifdef PRINT_MODULE_DATA
- yr_modules_print_data(&context);
- #endif
+ if (flags & SHOW_MODULE_INFO)
+ yr_modules_print_data(&context);
yr_modules_unload_all(&context);
diff --git a/yara.c b/yara.c
index 61fb234..dc1fa16 100644
--- a/yara.c
+++ b/yara.c
@@ -94,6 +94,7 @@ char* ext_vars[MAX_ARGS_EXT_VAR + 1];
char* modules_data[MAX_ARGS_EXT_VAR + 1];
int recursive_search = FALSE;
+int show_module_info = FALSE;
int show_tags = FALSE;
int show_specified_tags = FALSE;
int show_specified_rules = FALSE;
@@ -126,6 +127,9 @@ args_option_t options[] =
OPT_BOOLEAN('n', "negate", &negate,
"print only not satisfied rules (negate)", NULL),
+ OPT_BOOLEAN('D', "print-module-info", &show_module_info,
+ "print module information"),
+
OPT_BOOLEAN('g', "print-tags", &show_tags,
"print tags"),
@@ -639,6 +643,12 @@ void* scanning_thread(void* param)
THREAD_ARGS* args = (THREAD_ARGS*) param;
char* file_path = file_queue_get();
+ int flags = 0;
+ if (fast_scan)
+ flags |= SCAN_FLAGS_FAST_MODE;
+ if (show_module_info)
+ flags |= SHOW_MODULE_INFO;
+
while (file_path != NULL)
{
int elapsed_time = (int) difftime(time(NULL), args->start_time);
@@ -648,7 +658,7 @@ void* scanning_thread(void* param)
result = yr_rules_scan_file(
args->rules,
file_path,
- fast_scan ? SCAN_FLAGS_FAST_MODE : 0,
+ flags,
callback,
file_path,
timeout - elapsed_time);
@@ -984,10 +994,16 @@ int main(
{
int pid = atoi(argv[1]);
+ int flags = 0;
+ if (fast_scan)
+ flags |= SCAN_FLAGS_FAST_MODE;
+ if (show_module_info)
+ flags |= SHOW_MODULE_INFO;
+
result = yr_rules_scan_proc(
rules,
pid,
- fast_scan ? SCAN_FLAGS_FAST_MODE : 0,
+ flags,
callback,
(void*) argv[1],
timeout);
@@ -1040,10 +1056,16 @@ int main(
}
else
{
+ int flags = 0;
+ if (fast_scan)
+ flags |= SCAN_FLAGS_FAST_MODE;
+ if (show_module_info)
+ flags |= SHOW_MODULE_INFO;
+
result = yr_rules_scan_file(
rules,
argv[1],
- fast_scan ? SCAN_FLAGS_FAST_MODE : 0,
+ flags,
callback,
(void*) argv[1],
timeout);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list