Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e112951

Browse files
plusvicplusvic
committed
Merge remote-tracking branch 'origin/master'
2 parents 750c419 + a624eb4 commit e112951

26 files changed

Lines changed: 461 additions & 6 deletions

File tree

.github/ISSUE_TEMPLATE/bug_report.md

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
---
2+
name: Bug report
3+
about: Create a report to help us improve
4+
title: ''
5+
labels: bug
6+
assignees: ''
7+
8+
---
9+
10+
**Describe the bug**
11+
A clear and concise description of what the bug is.
12+
13+
**To Reproduce**
14+
Steps to reproduce the behavior:
15+
16+
**Expected behavior**
17+
A clear and concise description of what you expected to happen.
18+
19+
**Screenshots**
20+
If applicable, add screenshots to help explain your problem.
21+
22+
**Please complete the following information:**
23+
- OS: [e.g. iOS]
24+
- YARA version: [e.g. 4.3.0]
25+
26+
**Additional context**
27+
Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
---
2+
name: Feature request
3+
about: Suggest a new feature for this project
4+
title: ''
5+
labels: feature-request
6+
assignees: ''
7+
8+
---
9+
10+
**Is your feature request related to a problem? Please describe.**
11+
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
12+
13+
**Describe the solution you'd like**
14+
A clear and concise description of what you want to happen.
15+
16+
**Describe alternatives you've considered**
17+
A clear and concise description of any alternative solutions or features you've considered.
18+
19+
**Additional context**
20+
Add any other context or screenshots about the feature request here.

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,6 +125,7 @@ awesome list of [YARA-related stuff](https://github.com/InQuest/awesome-yara).
125125
* [ThreatConnect](https://www.threatconnect.com/)
126126
* [ThreatStream, Inc.](https://www.threatstream.com)
127127
* [Thug](https://github.com/buffer/thug)
128+
* [Threat.Zone](https://threat.zone)
128129
* [TouchWeb](https://www.touchweb.fr)
129130
* [Trend Micro](https://www.trendmicro.com)
130131
* [Uptycs Inc](https://www.uptycs.com/)

docs/modules/math.rst

Lines changed: 44 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -157,11 +157,54 @@ file and create signatures based on those results.
157157
.. c:function:: mode(offset, size)
158158
159159
.. versionadded:: 4.2.0
160-
160+
161161
Returns the most common byte, starting at *offset* and looking at the next
162162
*size* bytes. When scanning a
163163
running process the *offset* argument should be a virtual address within
164164
the process address space. The returned value is a float.
165165
*offset* and *size* are optional; if left empty, the complete file is searched.
166166

167167
*Example: math.mode(0, filesize) == 0xFF*
168+
169+
.. c:function:: to_string(int)
170+
171+
.. versionadded:: 4.3.0
172+
173+
Convert the given integer to a string. Note: integers in YARA are signed.
174+
175+
*Example: math.to_string(10) == "10"*
176+
*Example: math.to_string(-1) == "-1"*
177+
178+
.. c:function:: to_string(int, base)
179+
180+
.. versionadded:: 4.3.0
181+
182+
Convert the given integer to a string in the given base. Supported bases are
183+
10, 8 and 16. Note: integers in YARA are signed.
184+
185+
*Example: math.to_string(32, 16) == "20"*
186+
*Example: math.to_string(-1, 16) == "ffffffffffffffff"*
187+
188+
.. c:function:: to_int(string)
189+
190+
.. versionadded:: 4.3.0
191+
192+
Convert the given string to a signed integer. If the string starts with "0x"
193+
it is treated as base 16. If the string starts with "0" it is treated base
194+
8. Leading '+' or '-' is also supported.
195+
196+
*Example: math.to_int("1234") == 1234*
197+
*Example: math.to_int("-10") == -10*
198+
*Example: math.to_int("-010" == -8*
199+
200+
.. c:function:: to_int(string, base)
201+
202+
.. versionadded:: 4.3.0
203+
204+
Convert the given string, interpreted with the given base, to a signed
205+
integer. Base must be 0 or between 2 and 32 inclusive. If it is zero then
206+
the string will be intrepreted as base 16 if it starts with "0x" or as base
207+
8 if it starts with "0". Leading '+' or '-' is also supported.
208+
209+
*Example: math.to_int("011", 8) == "9"*
210+
*Example: math.to_int("-011", 0) == "-9"*

docs/modules/pe.rst

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1331,6 +1331,12 @@ Reference
13311331
13321332
Ordinal of imported function. If ordinal does not exist this value is YR_UNDEFINED
13331333

1334+
.. c:member:: rva
1335+
1336+
.. versionadded:: 4.3.0
1337+
1338+
Relative virtual address (RVA) of imported function. If rva not found then this value is YR_UNDEFINED
1339+
13341340
*Example: pe.import_details[1].library_name == "library_name"
13351341
13361342
.. c:type:: delayed_import_details
@@ -1359,6 +1365,12 @@ Reference
13591365
13601366
Ordinal of imported function. If ordinal does not exist this value is YR_UNDEFINED
13611367

1368+
.. c:member:: rva
1369+
1370+
.. versionadded:: 4.3.0
1371+
1372+
Relative virtual address (RVA) of imported function. If rva not found then this value is YR_UNDEFINED
1373+
13621374
*Example: pe.delayed_import_details[1].name == "library_name"
13631375
13641376
.. c:function:: locale(locale_identifier)

libyara/arena.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
2727
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2828
*/
2929

30+
#include <assert.h>
3031
#include <stdarg.h>
3132
#include <stddef.h>
3233
#include <yara/arena.h>

libyara/include/yara.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
4040
#include "yara/object.h"
4141
#include "yara/scanner.h"
4242
#include "yara/stream.h"
43+
#include "yara/strutils.h"
4344
#include "yara/utils.h"
4445

4546
#endif

libyara/include/yara/pe_utils.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ typedef struct _IMPORT_FUNCTION
4242
char* name;
4343
uint8_t has_ordinal;
4444
uint16_t ordinal;
45+
uint64_t rva;
4546

4647
struct _IMPORT_FUNCTION* next;
4748

libyara/include/yara/strutils.h

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,10 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
5858
#define PRIi32 "I32i"
5959
#endif
6060

61+
#if !defined(PRIo64)
62+
#define PRIo64 "I64o"
63+
#endif
64+
6165
#else
6266
#include <inttypes.h>
6367
#endif

libyara/include/yara/utils.h

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3131
#define YR_UTILS_H
3232

3333
#include <limits.h>
34-
#include <yara/strutils.h>
3534

3635
#ifndef NULL
3736
#define NULL 0

0 commit comments

Comments
 (0)