[Forensics-changes] [yara] 93/407: Merge branch 'master' into richpe
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:28:13 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.3.0
in repository yara.
commit a9d7b78ea548ff1d87bfb0224f10afaa7738f018
Merge: c9fd5ab b34c0db
Author: Wesley Shields <wxs at atarininja.org>
Date: Thu Oct 9 21:13:02 2014 -0400
Merge branch 'master' into richpe
CONTRIBUTORS | 1 +
configure.ac | 10 +++
libyara/Makefile.am | 3 +
libyara/ahocorasick.c | 2 +-
libyara/arena.c | 14 +--
libyara/atoms.c | 18 ++--
libyara/compiler.c | 41 ++++-----
libyara/exefiles.c | 5 --
libyara/filemap.c | 8 +-
libyara/grammar.c | 4 +-
libyara/grammar.y | 4 +-
libyara/hash.c | 2 +-
libyara/hex_lexer.c | 60 ++++++-------
libyara/hex_lexer.l | 5 +-
libyara/include/yara.h | 9 --
libyara/include/yara/atoms.h | 8 +-
libyara/include/yara/compiler.h | 23 ++---
libyara/include/yara/elf.h | 12 +--
libyara/include/yara/filemap.h | 6 +-
libyara/include/yara/libyara.h | 12 +--
libyara/include/yara/pe.h | 28 +++---
libyara/include/yara/rules.h | 21 ++---
libyara/include/yara/utils.h | 5 ++
libyara/lexer.c | 184 +++++++++++++++++++---------------------
libyara/lexer.l | 1 +
libyara/libyara.c | 10 +--
libyara/modules/cuckoo.c | 3 +
libyara/modules/elf.c | 5 --
libyara/modules/hash.c | 171 +++++++++++++++++++++++++++++++++++++
libyara/modules/module_list | 4 +
libyara/modules/pe.c | 15 ++--
libyara/object.c | 19 +++--
libyara/parser.c | 12 +--
libyara/re.c | 16 ++--
libyara/re_lexer.c | 106 +++++++++++------------
libyara/re_lexer.l | 17 +++-
libyara/rules.c | 22 ++---
libyara/scan.c | 2 +-
windows/libyara/libyara.vcxproj | 7 +-
windows/yara/yara.vcxproj | 5 +-
windows/yarac/yarac.vcxproj | 4 +
yara.c | 6 +-
42 files changed, 552 insertions(+), 358 deletions(-)
diff --cc libyara/include/yara/pe.h
index 348fe1a,22123ea..911316c
--- a/libyara/include/yara/pe.h
+++ b/libyara/include/yara/pe.h
@@@ -73,32 -74,9 +74,29 @@@ typedef struct _IMAGE_DOS_HEADER
LONG e_lfanew; // File address of new exe header
} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
-
- #ifndef _MAC
- #pragma pack(pop) // Back to 4 byte packing
- #endif
+ #pragma pack(pop)
//
+// Rich signature.
+// http://www.ntcore.com/files/richsign.htm
+//
+typedef struct _RICH_SIGNATURE {
+ DWORD dans;
+ DWORD key1;
+ DWORD key2;
+ DWORD key3;
+ } RICH_SIGNATURE, *PRICH_SIGNATURE;
+
+#define RICH_DANS 0x536e6144 // "DanS"
+#define RICH_RICH 0x68636952 // "Rich"
+
+typedef struct _RICH_DATA {
+ size_t len;
+ BYTE* raw_data;
+ BYTE* clear_data;
+ } RICH_DATA, *PRICH_DATA;
+
+//
// File header format.
//
diff --cc libyara/modules/pe.c
index 468f202,3e79022..1e140c7
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@@ -14,17 -14,10 +14,13 @@@ See the License for the specific langua
limitations under the License.
*/
- #ifdef _WIN32
- #include <windows.h>
- #else
#include <yara/pe.h>
- #endif
+#include <ctype.h>
#include <yara/modules.h>
+#include <yara/md5.h>
#include <yara/mem.h>
+#include <yara/sha256.h>
#include <yara/strutils.h>
#define MODULE_NAME pe
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list