[Forensics-changes] [yara] 42/407: Use IMAGE_FILE_MACHINE_AMD64 appropriately.
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:28:07 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.3.0
in repository yara.
commit f4b2c317675283b453d749a59714e12910b731fd
Author: Wesley Shields <wxs at atarininja.org>
Date: Thu Sep 18 12:16:26 2014 -0400
Use IMAGE_FILE_MACHINE_AMD64 appropriately.
---
libyara/modules/pe.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 8a81f2c..7b70349 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -138,7 +138,7 @@ PIMAGE_DATA_DIRECTORY pe_get_directory_entry(
{
PIMAGE_DATA_DIRECTORY result;
- if (pe->header->FileHeader.Machine == 0x8664) // is a 64-bit PE ?
+ if (pe->header->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64)
result = &((PIMAGE_NT_HEADERS64) pe->header)->
OptionalHeader.DataDirectory[entry];
else
@@ -414,7 +414,7 @@ void pe_parse(
char section_name[IMAGE_SIZEOF_SHORT_NAME + 1];
#define OptionalHeader(field) \
- (pe->header->FileHeader.Machine == 0x8664 ? \
+ (pe->header->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64 ? \
((PIMAGE_NT_HEADERS64) pe->header)->OptionalHeader.field : \
pe->header->OptionalHeader.field)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list