[Forensics-changes] [yara] 48/407: Chase string_argument revert.
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:28:08 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.3.0
in repository yara.
commit a25f996b2cb9972adc7ed228ddea6e19536f631a
Author: Wesley Shields <wxs at atarininja.org>
Date: Fri Sep 19 21:15:21 2014 -0400
Chase string_argument revert.
---
libyara/modules/pe.c | 25 ++++++++++---------------
1 file changed, 10 insertions(+), 15 deletions(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index fc7b087..f935bb4 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -623,7 +623,7 @@ define_function(section_index)
{
YR_OBJECT* module = module();
SIZED_STRING* sect;
- SIZED_STRING* name = string_argument(1);
+ char* name = string_argument(1);
int64_t n = get_integer(module, "number_of_sections");
int64_t i;
@@ -634,9 +634,7 @@ define_function(section_index)
for (i = 0; i < n; i++)
{
sect = get_string(module, "sections[%i].name", i);
- if (sect->length != name->length)
- continue;
- if (memcmp(name->c_string, sect->c_string, name->length) == 0)
+ if (strcmp(name, sect->c_string) == 0)
return_integer(i);
}
@@ -646,7 +644,7 @@ define_function(section_index)
define_function(exports)
{
- SIZED_STRING* function_name = string_argument(1);
+ char* function_name = string_argument(1);
YR_OBJECT* module = module();
PE* pe = (PE*) module->data;
@@ -696,10 +694,7 @@ define_function(exports)
name = (char*)(pe->data + offset);
- if (function_name->length != pe->data_size - offset)
- continue;
-
- if (memcmp(name, function_name->c_string, pe->data_size - offset) == 0)
+ if (strncmp(name, function_name, pe->data_size - offset) == 0)
return_integer(1);
}
@@ -709,9 +704,9 @@ define_function(exports)
define_function(imports)
{
- SIZED_STRING* dll_name = string_argument(1);
- SIZED_STRING* function_name = string_argument(2);
- int function_name_len = function_name->length;
+ char* dll_name = string_argument(1);
+ char* function_name = string_argument(2);
+ int function_name_len = strlen(function_name);
YR_OBJECT* module = module();
PE* pe = (PE*) module->data;
@@ -750,7 +745,7 @@ define_function(imports)
if (offset > 0 &&
offset <= pe->data_size &&
strncasecmp(
- dll_name->c_string, // XXX
+ dll_name,
(char*)(pe->data + offset),
pe->data_size - offset) == 0)
{
@@ -778,7 +773,7 @@ define_function(imports)
if (fits_in_pe(pe, import->Name, function_name_len))
{
if (strncmp((char*) import->Name,
- function_name->c_string,
+ function_name,
function_name_len) == 0)
{
return_integer(1);
@@ -810,7 +805,7 @@ define_function(imports)
if (fits_in_pe(pe, import->Name, function_name_len))
{
if (strncmp((char*) import->Name,
- function_name->c_string,
+ function_name,
function_name_len) == 0)
{
return_integer(1);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list