[Forensics-changes] [yara] 266/407: Merge branch 'master' into resource_name_and_entropy
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:28:33 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.3.0
in repository yara.
commit bbc0ae685ffccf8e737c29695cf31f12104741d1
Merge: 86d991e 82a4212
Author: Wesley Shields <wxs at atarininja.org>
Date: Mon Dec 29 14:17:42 2014 -0500
Merge branch 'master' into resource_name_and_entropy
Conflicts:
libyara/grammar.c
libyara/modules/pe.c
libyara/grammar.c | 145 ++++++++++++++++++++--------------------
libyara/grammar.y | 12 ++--
libyara/include/yara/compiler.h | 7 ++
libyara/modules/pe.c | 3 +-
libyara/parser.c | 9 +++
yara-python/tests.py | 4 ++
6 files changed, 104 insertions(+), 76 deletions(-)
diff --cc libyara/grammar.c
index 22f3e3c,b3629ec..9f235dc
--- a/libyara/grammar.c
+++ b/libyara/grammar.c
@@@ -631,21 -563,80 +631,21 @@@ static const yytype_uint8 yytranslate[
};
#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
- YYRHS. */
-static const yytype_uint16 yyprhs[] =
-{
- 0, 0, 3, 4, 7, 10, 14, 18, 22, 25,
- 35, 36, 40, 41, 45, 49, 50, 53, 55, 57,
- 58, 61, 63, 66, 68, 71, 75, 79, 83, 87,
- 89, 92, 97, 98, 104, 108, 109, 112, 114, 116,
- 118, 120, 122, 126, 131, 136, 137, 139, 143, 145,
- 147, 149, 151, 155, 159, 161, 165, 169, 170, 171,
- 183, 184, 194, 198, 201, 205, 209, 213, 217, 221,
- 225, 229, 233, 237, 239, 243, 247, 249, 256, 258,
- 262, 263, 268, 270, 272, 276, 278, 280, 282, 284,
- 286, 290, 292, 294, 299, 301, 303, 305, 310, 312,
- 314, 318, 322, 326, 330, 334, 338, 342, 346, 349,
- 353, 357
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS. */
-static const yytype_int8 yyrhs[] =
-{
- 70, 0, -1, -1, 70, 72, -1, 70, 71, -1,
- 70, 1, 72, -1, 70, 1, 71, -1, 70, 1,
- 58, -1, 34, 16, -1, 76, 3, 9, 78, 59,
- 73, 74, 75, 60, -1, -1, 6, 61, 80, -1,
- -1, 7, 61, 82, -1, 8, 61, 90, -1, -1,
- 76, 77, -1, 4, -1, 5, -1, -1, 61, 79,
- -1, 9, -1, 79, 9, -1, 81, -1, 80, 81,
- -1, 9, 62, 16, -1, 9, 62, 14, -1, 9,
- 62, 35, -1, 9, 62, 36, -1, 83, -1, 82,
- 83, -1, 10, 62, 16, 85, -1, -1, 10, 62,
- 84, 18, 85, -1, 10, 62, 17, -1, -1, 85,
- 86, -1, 20, -1, 19, -1, 21, -1, 22, -1,
- 9, -1, 87, 63, 9, -1, 87, 64, 103, 65,
- -1, 87, 66, 88, 67, -1, -1, 91, -1, 88,
- 68, 91, -1, 18, -1, 91, -1, 35, -1, 36,
- -1, 103, 32, 89, -1, 103, 33, 103, -1, 10,
- -1, 10, 23, 103, -1, 10, 28, 96, -1, -1,
- -1, 30, 102, 9, 28, 92, 95, 61, 93, 66,
- 90, 67, -1, -1, 30, 102, 29, 98, 61, 94,
- 66, 90, 67, -1, 102, 29, 98, -1, 56, 90,
- -1, 90, 38, 90, -1, 90, 37, 90, -1, 103,
- 48, 103, -1, 103, 46, 103, -1, 103, 47, 103,
- -1, 103, 45, 103, -1, 103, 44, 103, -1, 103,
- 42, 103, -1, 103, 43, 103, -1, 103, -1, 66,
- 91, 67, -1, 66, 97, 67, -1, 96, -1, 66,
- 103, 63, 63, 103, 67, -1, 103, -1, 97, 68,
- 103, -1, -1, 66, 99, 100, 67, -1, 31, -1,
- 101, -1, 100, 68, 101, -1, 10, -1, 13, -1,
- 103, -1, 26, -1, 27, -1, 66, 103, 67, -1,
- 24, -1, 25, -1, 15, 66, 103, 67, -1, 14,
- -1, 16, -1, 11, -1, 12, 64, 103, 65, -1,
- 12, -1, 87, -1, 103, 51, 103, -1, 103, 52,
- 103, -1, 103, 53, 103, -1, 103, 54, 103, -1,
- 103, 55, 103, -1, 103, 41, 103, -1, 103, 39,
- 103, -1, 103, 40, 103, -1, 57, 103, -1, 103,
- 50, 103, -1, 103, 49, 103, -1, 89, -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
+ /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */
static const yytype_uint16 yyrline[] =
{
- 0, 199, 199, 201, 202, 203, 204, 205, 210, 222,
- 241, 244, 272, 276, 304, 309, 310, 315, 316, 322,
- 325, 343, 356, 393, 394, 399, 415, 428, 441, 458,
- 459, 464, 478, 477, 496, 513, 514, 519, 520, 521,
- 522, 527, 615, 663, 723, 770, 773, 795, 828, 873,
- 890, 899, 908, 923, 937, 951, 967, 982, 1017, 981,
- 1131, 1130, 1209, 1215, 1221, 1227, 1235, 1244, 1253, 1262,
- 1271, 1298, 1325, 1352, 1356, 1364, 1365, 1370, 1392, 1404,
- 1420, 1419, 1425, 1434, 1435, 1440, 1445, 1454, 1455, 1459,
- 1467, 1471, 1481, 1495, 1511, 1521, 1544, 1559, 1574, 1596,
- 1637, 1647, 1657, 1667, 1677, 1687, 1697, 1707, 1717, 1727,
- 1737, 1747
+ 0, 228, 228, 230, 231, 232, 233, 234, 239, 251,
+ 270, 273, 301, 305, 333, 338, 339, 344, 345, 351,
+ 354, 372, 385, 422, 423, 428, 444, 457, 470, 487,
+ 488, 493, 507, 506, 525, 542, 543, 548, 549, 550,
+ 551, 556, 644, 692, 752, 799, 802, 827, 863, 908,
+ 925, 934, 943, 958, 972, 986, 1002, 1017, 1052, 1016,
+ 1166, 1165, 1244, 1250, 1256, 1262, 1270, 1324, 1377, 1431,
- 1485, 1543, 1571, 1629, 1633, 1641, 1642, 1647, 1669, 1681,
- 1697, 1696, 1702, 1711, 1712, 1717, 1722, 1731, 1732, 1736,
- 1744, 1748, 1758, 1771, 1787, 1797, 1807, 1830, 1845, 1860,
- 1882, 1924, 1970, 2016, 2062, 2108, 2118, 2128, 2138, 2148,
- 2158, 2168, 2178
++ 1485, 1543, 1570, 1628, 1632, 1640, 1641, 1646, 1668, 1680,
++ 1696, 1695, 1701, 1710, 1711, 1716, 1721, 1730, 1731, 1735,
++ 1743, 1747, 1757, 1771, 1787, 1797, 1807, 1830, 1845, 1860,
++ 1882, 1927, 1973, 2019, 2065, 2111, 2121, 2131, 2141, 2151,
++ 2161, 2171, 2181
};
#endif
@@@ -3131,10 -2970,9 +3131,9 @@@ yyreduce
break;
case 71:
-#line 1299 "grammar.y"
+#line 1544 "grammar.y" /* yacc.c:1661 */
{
- // XXX: What is _IS_? Dead code?
- if ((yyvsp[(1) - (3)].expression).type != (yyvsp[(3) - (3)].expression).type)
+ if ((yyvsp[-2].expression).type != (yyvsp[0].expression).type)
{
yr_compiler_set_error_extra_info(
compiler, "mismatching types for == operator");
@@@ -3159,58 -2997,23 +3158,58 @@@
(yyval.expression).type = EXPRESSION_TYPE_BOOLEAN;
}
- #line 3163 "grammar.c" /* yacc.c:1661 */
++#line 3162 "grammar.c" /* yacc.c:1661 */
break;
case 72:
- #line 1572 "grammar.y" /* yacc.c:1661 */
-#line 1326 "grammar.y"
++#line 1571 "grammar.y" /* yacc.c:1661 */
{
- if ((yyvsp[(1) - (3)].expression).type != (yyvsp[(3) - (3)].expression).type)
+ if ((yyvsp[-2].expression).type != (yyvsp[0].expression).type)
{
- yr_compiler_set_error_extra_info(
- compiler, "mismatching types for != operator");
- compiler->last_result = ERROR_WRONG_TYPE;
+ if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER &&
+ (yyvsp[0].expression).type == EXPRESSION_TYPE_DOUBLE)
+ {
+ // Cast left side to double.
+ compiler->last_result = yr_parser_emit_with_arg(
+ yyscanner,
+ OP_ITD,
+ 2,
+ NULL);
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_DOUBLE &&
+ (yyvsp[0].expression).type == EXPRESSION_TYPE_INTEGER)
+ {
+ // Cast right side to double.
+ compiler->last_result = yr_parser_emit_with_arg(
+ yyscanner,
+ OP_ITD,
+ 1,
+ NULL);
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
+ }
+ else
+ {
+ yr_compiler_set_error_extra_info(
+ compiler, "mismatching types for != operator");
+ compiler->last_result = ERROR_WRONG_TYPE;
+ yyerror(yyscanner, compiler, NULL);
+ YYERROR;
+ }
+
+ compiler->last_result = yr_parser_emit(yyscanner, OP_NEQD, NULL);
}
- else if ((yyvsp[(1) - (3)].expression).type == EXPRESSION_TYPE_STRING)
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_STRING)
{
- compiler->last_result = yr_parser_emit(
- yyscanner,
- OP_STR_NEQ,
- NULL);
+ compiler->last_result = yr_parser_emit(yyscanner, OP_STR_NEQ, NULL);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER)
+ {
+ compiler->last_result = yr_parser_emit(yyscanner, OP_NEQ, NULL);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_DOUBLE)
+ {
+ compiler->last_result = yr_parser_emit(yyscanner, OP_NEQD, NULL);
}
else
{
@@@ -3221,41 -3027,36 +3220,41 @@@
(yyval.expression).type = EXPRESSION_TYPE_BOOLEAN;
}
- #line 3225 "grammar.c" /* yacc.c:1661 */
++#line 3224 "grammar.c" /* yacc.c:1661 */
break;
case 73:
- #line 1630 "grammar.y" /* yacc.c:1661 */
-#line 1353 "grammar.y"
++#line 1629 "grammar.y" /* yacc.c:1661 */
{
- (yyval.expression) = (yyvsp[(1) - (1)].expression);
+ (yyval.expression) = (yyvsp[0].expression);
}
- #line 3233 "grammar.c" /* yacc.c:1661 */
++#line 3232 "grammar.c" /* yacc.c:1661 */
break;
case 74:
- #line 1634 "grammar.y" /* yacc.c:1661 */
-#line 1357 "grammar.y"
++#line 1633 "grammar.y" /* yacc.c:1661 */
{
- (yyval.expression) = (yyvsp[(2) - (3)].expression);
+ (yyval.expression) = (yyvsp[-1].expression);
}
- #line 3241 "grammar.c" /* yacc.c:1661 */
++#line 3240 "grammar.c" /* yacc.c:1661 */
break;
case 75:
- #line 1641 "grammar.y" /* yacc.c:1661 */
-#line 1364 "grammar.y"
++#line 1640 "grammar.y" /* yacc.c:1661 */
{ (yyval.integer) = INTEGER_SET_ENUMERATION; }
- #line 3247 "grammar.c" /* yacc.c:1661 */
++#line 3246 "grammar.c" /* yacc.c:1661 */
break;
case 76:
- #line 1642 "grammar.y" /* yacc.c:1661 */
-#line 1365 "grammar.y"
++#line 1641 "grammar.y" /* yacc.c:1661 */
{ (yyval.integer) = INTEGER_SET_RANGE; }
- #line 3253 "grammar.c" /* yacc.c:1661 */
++#line 3252 "grammar.c" /* yacc.c:1661 */
break;
case 77:
- #line 1648 "grammar.y" /* yacc.c:1661 */
-#line 1371 "grammar.y"
++#line 1647 "grammar.y" /* yacc.c:1661 */
{
- if ((yyvsp[(2) - (6)].expression).type != EXPRESSION_TYPE_INTEGER)
+ if ((yyvsp[-4].expression).type != EXPRESSION_TYPE_INTEGER)
{
yr_compiler_set_error_extra_info(
compiler, "wrong type for range's lower bound");
@@@ -3271,13 -3072,12 +3270,13 @@@
ERROR_IF(compiler->last_result != ERROR_SUCCESS);
}
- #line 3275 "grammar.c" /* yacc.c:1661 */
++#line 3274 "grammar.c" /* yacc.c:1661 */
break;
case 78:
- #line 1670 "grammar.y" /* yacc.c:1661 */
-#line 1393 "grammar.y"
++#line 1669 "grammar.y" /* yacc.c:1661 */
{
- if ((yyvsp[(1) - (1)].expression).type != EXPRESSION_TYPE_INTEGER)
+ if ((yyvsp[0].expression).type != EXPRESSION_TYPE_INTEGER)
{
yr_compiler_set_error_extra_info(
compiler, "wrong type for enumeration item");
@@@ -3287,13 -3087,12 +3286,13 @@@
ERROR_IF(compiler->last_result != ERROR_SUCCESS);
}
- #line 3291 "grammar.c" /* yacc.c:1661 */
++#line 3290 "grammar.c" /* yacc.c:1661 */
break;
case 79:
- #line 1682 "grammar.y" /* yacc.c:1661 */
-#line 1405 "grammar.y"
++#line 1681 "grammar.y" /* yacc.c:1661 */
{
- if ((yyvsp[(3) - (3)].expression).type != EXPRESSION_TYPE_INTEGER)
+ if ((yyvsp[0].expression).type != EXPRESSION_TYPE_INTEGER)
{
yr_compiler_set_error_extra_info(
compiler, "wrong type for enumeration item");
@@@ -3302,71 -3101,63 +3301,71 @@@
ERROR_IF(compiler->last_result != ERROR_SUCCESS);
}
- #line 3306 "grammar.c" /* yacc.c:1661 */
++#line 3305 "grammar.c" /* yacc.c:1661 */
break;
case 80:
- #line 1697 "grammar.y" /* yacc.c:1661 */
-#line 1420 "grammar.y"
++#line 1696 "grammar.y" /* yacc.c:1661 */
{
// Push end-of-list marker
yr_parser_emit_with_arg(yyscanner, OP_PUSH, UNDEFINED, NULL);
}
- #line 3315 "grammar.c" /* yacc.c:1661 */
++#line 3314 "grammar.c" /* yacc.c:1661 */
break;
case 82:
- #line 1703 "grammar.y" /* yacc.c:1661 */
-#line 1426 "grammar.y"
++#line 1702 "grammar.y" /* yacc.c:1661 */
{
yr_parser_emit_with_arg(yyscanner, OP_PUSH, UNDEFINED, NULL);
yr_parser_emit_pushes_for_strings(yyscanner, "$*");
}
- #line 3324 "grammar.c" /* yacc.c:1661 */
++#line 3323 "grammar.c" /* yacc.c:1661 */
break;
case 85:
- #line 1718 "grammar.y" /* yacc.c:1661 */
-#line 1441 "grammar.y"
++#line 1717 "grammar.y" /* yacc.c:1661 */
{
- yr_parser_emit_pushes_for_strings(yyscanner, (yyvsp[(1) - (1)].c_string));
- yr_free((yyvsp[(1) - (1)].c_string));
+ yr_parser_emit_pushes_for_strings(yyscanner, (yyvsp[0].c_string));
+ yr_free((yyvsp[0].c_string));
}
- #line 3333 "grammar.c" /* yacc.c:1661 */
++#line 3332 "grammar.c" /* yacc.c:1661 */
break;
case 86:
- #line 1723 "grammar.y" /* yacc.c:1661 */
-#line 1446 "grammar.y"
++#line 1722 "grammar.y" /* yacc.c:1661 */
{
- yr_parser_emit_pushes_for_strings(yyscanner, (yyvsp[(1) - (1)].c_string));
- yr_free((yyvsp[(1) - (1)].c_string));
+ yr_parser_emit_pushes_for_strings(yyscanner, (yyvsp[0].c_string));
+ yr_free((yyvsp[0].c_string));
}
- #line 3342 "grammar.c" /* yacc.c:1661 */
++#line 3341 "grammar.c" /* yacc.c:1661 */
break;
case 88:
- #line 1733 "grammar.y" /* yacc.c:1661 */
-#line 1456 "grammar.y"
++#line 1732 "grammar.y" /* yacc.c:1661 */
{
yr_parser_emit_with_arg(yyscanner, OP_PUSH, UNDEFINED, NULL);
}
- #line 3350 "grammar.c" /* yacc.c:1661 */
++#line 3349 "grammar.c" /* yacc.c:1661 */
break;
case 89:
- #line 1737 "grammar.y" /* yacc.c:1661 */
-#line 1460 "grammar.y"
++#line 1736 "grammar.y" /* yacc.c:1661 */
{
yr_parser_emit_with_arg(yyscanner, OP_PUSH, 1, NULL);
}
- #line 3358 "grammar.c" /* yacc.c:1661 */
++#line 3357 "grammar.c" /* yacc.c:1661 */
break;
case 90:
- #line 1745 "grammar.y" /* yacc.c:1661 */
-#line 1468 "grammar.y"
++#line 1744 "grammar.y" /* yacc.c:1661 */
{
- (yyval.expression) = (yyvsp[(2) - (3)].expression);
+ (yyval.expression) = (yyvsp[-1].expression);
}
- #line 3366 "grammar.c" /* yacc.c:1661 */
++#line 3365 "grammar.c" /* yacc.c:1661 */
break;
case 91:
- #line 1749 "grammar.y" /* yacc.c:1661 */
-#line 1472 "grammar.y"
++#line 1748 "grammar.y" /* yacc.c:1661 */
{
compiler->last_result = yr_parser_emit(
yyscanner, OP_FILESIZE, NULL);
@@@ -3376,14 -3167,14 +3375,15 @@@
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
(yyval.expression).value.integer = UNDEFINED;
}
- #line 3380 "grammar.c" /* yacc.c:1661 */
++#line 3379 "grammar.c" /* yacc.c:1661 */
break;
case 92:
- #line 1759 "grammar.y" /* yacc.c:1661 */
-#line 1482 "grammar.y"
++#line 1758 "grammar.y" /* yacc.c:1661 */
{
yywarning(yyscanner,
- "Using deprecated \"entrypoint\" keyword. Use the \"entry_point\" " "function from PE module instead.");
+ "Using deprecated \"entrypoint\" keyword. Use the \"entry_point\" "
+ "function from PE module instead.");
compiler->last_result = yr_parser_emit(
yyscanner, OP_ENTRYPOINT, NULL);
@@@ -3567,7 -3333,11 +3567,11 @@@
(yyval.expression).type = EXPRESSION_TYPE_STRING;
break;
default:
- assert(FALSE);
+ yr_compiler_set_error_extra_info_fmt(
+ compiler,
+ "wrong usage of identifier \"%s\"",
- (yyvsp[(1) - (1)].expression).identifier);
++ (yyvsp[0].expression).identifier);
+ compiler->last_result = ERROR_WRONG_TYPE;
}
}
else
@@@ -3578,330 -3347,163 +3581,330 @@@
ERROR_IF(compiler->last_result != ERROR_SUCCESS);
}
- #line 3582 "grammar.c" /* yacc.c:1661 */
++#line 3585 "grammar.c" /* yacc.c:1661 */
break;
- case 100:
-#line 1638 "grammar.y"
+ case 101:
- #line 1925 "grammar.y" /* yacc.c:1661 */
++#line 1928 "grammar.y" /* yacc.c:1661 */
{
- CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "+");
- CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "+");
-
- yr_parser_emit(yyscanner, OP_ADD, NULL);
+ if ((yyvsp[-2].expression).type != (yyvsp[0].expression).type)
+ {
+ if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER &&
+ (yyvsp[0].expression).type == EXPRESSION_TYPE_DOUBLE)
+ {
+ // Cast left side to double.
+ yr_parser_emit_with_arg(yyscanner, OP_ITD, 2, NULL);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_DOUBLE &&
+ (yyvsp[0].expression).type == EXPRESSION_TYPE_INTEGER)
+ {
+ // Cast right side to double.
+ yr_parser_emit_with_arg(yyscanner, OP_ITD, 1, NULL);
+ }
+ else
+ {
+ yr_compiler_set_error_extra_info(
+ compiler, "mismatching types for + operator");
+ compiler->last_result = ERROR_WRONG_TYPE;
+ yyerror(yyscanner, compiler, NULL);
+ YYERROR;
+ }
- (yyval.expression).type = EXPRESSION_TYPE_INTEGER;
- (yyval.expression).value.integer = OPERATION(+, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
+ yr_parser_emit(yyscanner, OP_ADD_DBL, NULL);
+ (yyval.expression).type = EXPRESSION_TYPE_DOUBLE;
+ (yyval.expression).value.double_ = OPERATION(+, (yyvsp[-2].expression).value.double_, (yyvsp[0].expression).value.double_);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER)
+ {
+ yr_parser_emit(yyscanner, OP_ADD, NULL);
+ (yyval.expression).type = EXPRESSION_TYPE_INTEGER;
+ (yyval.expression).value.integer = OPERATION(+, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_DOUBLE)
+ {
+ yr_parser_emit(yyscanner, OP_ADD_DBL, NULL);
+ (yyval.expression).type = EXPRESSION_TYPE_DOUBLE;
+ (yyval.expression).value.double_ = OPERATION(+, (yyvsp[-2].expression).value.double_, (yyvsp[0].expression).value.double_);
+ }
+ else
+ {
+ CLEANUP("+", (yyvsp[-2].expression));
+ }
}
- #line 3632 "grammar.c" /* yacc.c:1661 */
++#line 3635 "grammar.c" /* yacc.c:1661 */
break;
- case 101:
-#line 1648 "grammar.y"
+ case 102:
- #line 1971 "grammar.y" /* yacc.c:1661 */
++#line 1974 "grammar.y" /* yacc.c:1661 */
{
- CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "-");
- CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "-");
-
- yr_parser_emit(yyscanner, OP_SUB, NULL);
+ if ((yyvsp[-2].expression).type != (yyvsp[0].expression).type)
+ {
+ if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER &&
+ (yyvsp[0].expression).type == EXPRESSION_TYPE_DOUBLE)
+ {
+ // Cast left side to double.
+ yr_parser_emit_with_arg(yyscanner, OP_ITD, 2, NULL);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_DOUBLE &&
+ (yyvsp[0].expression).type == EXPRESSION_TYPE_INTEGER)
+ {
+ // Cast right side to double.
+ yr_parser_emit_with_arg(yyscanner, OP_ITD, 1, NULL);
+ }
+ else
+ {
+ yr_compiler_set_error_extra_info(
+ compiler, "mismatching types for - operator");
+ compiler->last_result = ERROR_WRONG_TYPE;
+ yyerror(yyscanner, compiler, NULL);
+ YYERROR;
+ }
- (yyval.expression).type = EXPRESSION_TYPE_INTEGER;
- (yyval.expression).value.integer = OPERATION(-, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
+ yr_parser_emit(yyscanner, OP_SUB_DBL, NULL);
+ (yyval.expression).type = EXPRESSION_TYPE_DOUBLE;
+ (yyval.expression).value.double_ = OPERATION(-, (yyvsp[-2].expression).value.double_, (yyvsp[0].expression).value.double_);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER)
+ {
+ yr_parser_emit(yyscanner, OP_SUB, NULL);
+ (yyval.expression).type = EXPRESSION_TYPE_INTEGER;
+ (yyval.expression).value.integer = OPERATION(-, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_DOUBLE)
+ {
+ yr_parser_emit(yyscanner, OP_SUB_DBL, NULL);
+ (yyval.expression).type = EXPRESSION_TYPE_DOUBLE;
+ (yyval.expression).value.double_ = OPERATION(-, (yyvsp[-2].expression).value.double_, (yyvsp[0].expression).value.double_);
+ }
+ else
+ {
+ CLEANUP("-", (yyvsp[-2].expression));
+ }
}
- #line 3682 "grammar.c" /* yacc.c:1661 */
++#line 3685 "grammar.c" /* yacc.c:1661 */
break;
- case 102:
-#line 1658 "grammar.y"
+ case 103:
- #line 2017 "grammar.y" /* yacc.c:1661 */
++#line 2020 "grammar.y" /* yacc.c:1661 */
{
- CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "*");
- CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "*");
-
- yr_parser_emit(yyscanner, OP_MUL, NULL);
+ if ((yyvsp[-2].expression).type != (yyvsp[0].expression).type)
+ {
+ if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER &&
+ (yyvsp[0].expression).type == EXPRESSION_TYPE_DOUBLE)
+ {
+ // Cast left side to double.
+ yr_parser_emit_with_arg(yyscanner, OP_ITD, 2, NULL);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_DOUBLE &&
+ (yyvsp[0].expression).type == EXPRESSION_TYPE_INTEGER)
+ {
+ // Cast right side to double.
+ yr_parser_emit_with_arg(yyscanner, OP_ITD, 1, NULL);
+ }
+ else
+ {
+ yr_compiler_set_error_extra_info(
+ compiler, "mismatching types for * operator");
+ compiler->last_result = ERROR_WRONG_TYPE;
+ yyerror(yyscanner, compiler, NULL);
+ YYERROR;
+ }
- (yyval.expression).type = EXPRESSION_TYPE_INTEGER;
- (yyval.expression).value.integer = OPERATION(*, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
+ yr_parser_emit(yyscanner, OP_MUL_DBL, NULL);
+ (yyval.expression).type = EXPRESSION_TYPE_DOUBLE;
+ (yyval.expression).value.double_ = OPERATION(*, (yyvsp[-2].expression).value.double_, (yyvsp[0].expression).value.double_);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER)
+ {
+ yr_parser_emit(yyscanner, OP_MUL, NULL);
+ (yyval.expression).type = EXPRESSION_TYPE_INTEGER;
+ (yyval.expression).value.integer = OPERATION(*, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_DOUBLE)
+ {
+ yr_parser_emit(yyscanner, OP_MUL_DBL, NULL);
+ (yyval.expression).type = EXPRESSION_TYPE_DOUBLE;
+ (yyval.expression).value.double_ = OPERATION(*, (yyvsp[-2].expression).value.double_, (yyvsp[0].expression).value.double_);
+ }
+ else
+ {
+ CLEANUP("*", (yyvsp[-2].expression));
+ }
}
- #line 3732 "grammar.c" /* yacc.c:1661 */
++#line 3735 "grammar.c" /* yacc.c:1661 */
break;
- case 103:
-#line 1668 "grammar.y"
+ case 104:
- #line 2063 "grammar.y" /* yacc.c:1661 */
++#line 2066 "grammar.y" /* yacc.c:1661 */
{
- CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "\\");
- CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "\\");
-
- yr_parser_emit(yyscanner, OP_DIV, NULL);
+ if ((yyvsp[-2].expression).type != (yyvsp[0].expression).type)
+ {
+ if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER &&
+ (yyvsp[0].expression).type == EXPRESSION_TYPE_DOUBLE)
+ {
+ // Cast left side to double.
+ yr_parser_emit_with_arg(yyscanner, OP_ITD, 2, NULL);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_DOUBLE &&
+ (yyvsp[0].expression).type == EXPRESSION_TYPE_INTEGER)
+ {
+ // Cast right side to double.
+ yr_parser_emit_with_arg(yyscanner, OP_ITD, 1, NULL);
+ }
+ else
+ {
+ yr_compiler_set_error_extra_info(
+ compiler, "mismatching types for \\ operator");
+ compiler->last_result = ERROR_WRONG_TYPE;
+ yyerror(yyscanner, compiler, NULL);
+ YYERROR;
+ }
- (yyval.expression).type = EXPRESSION_TYPE_INTEGER;
- (yyval.expression).value.integer = OPERATION(/, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
+ yr_parser_emit(yyscanner, OP_DIV_DBL, NULL);
+ (yyval.expression).type = EXPRESSION_TYPE_DOUBLE;
+ (yyval.expression).value.double_ = OPERATION(/, (yyvsp[-2].expression).value.double_, (yyvsp[0].expression).value.double_);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_INTEGER)
+ {
+ yr_parser_emit(yyscanner, OP_DIV, NULL);
+ (yyval.expression).type = EXPRESSION_TYPE_INTEGER;
+ (yyval.expression).value.integer = OPERATION(*, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer);
+ }
+ else if ((yyvsp[-2].expression).type == EXPRESSION_TYPE_DOUBLE)
+ {
+ yr_parser_emit(yyscanner, OP_DIV_DBL, NULL);
+ (yyval.expression).type = EXPRESSION_TYPE_DOUBLE;
+ (yyval.expression).value.double_ = OPERATION(/, (yyvsp[-2].expression).value.double_, (yyvsp[0].expression).value.double_);
+ }
+ else
+ {
+ CLEANUP("\\", (yyvsp[-2].expression));
+ }
}
- #line 3782 "grammar.c" /* yacc.c:1661 */
++#line 3785 "grammar.c" /* yacc.c:1661 */
break;
- case 104:
-#line 1678 "grammar.y"
+ case 105:
- #line 2109 "grammar.y" /* yacc.c:1661 */
++#line 2112 "grammar.y" /* yacc.c:1661 */
{
- CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "%");
- CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "%");
+ CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_INTEGER, "%");
+ CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, "%");
yr_parser_emit(yyscanner, OP_MOD, NULL);
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
- (yyval.expression).value.integer = OPERATION(%, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
+ (yyval.expression).value.integer = OPERATION(%, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer);
}
- #line 3796 "grammar.c" /* yacc.c:1661 */
++#line 3799 "grammar.c" /* yacc.c:1661 */
break;
- case 105:
-#line 1688 "grammar.y"
+ case 106:
- #line 2119 "grammar.y" /* yacc.c:1661 */
++#line 2122 "grammar.y" /* yacc.c:1661 */
{
- CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "^");
- CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "^");
+ CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_INTEGER, "^");
+ CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, "^");
yr_parser_emit(yyscanner, OP_BITWISE_XOR, NULL);
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
- (yyval.expression).value.integer = OPERATION(^, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
+ (yyval.expression).value.integer = OPERATION(^, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer);
}
- #line 3810 "grammar.c" /* yacc.c:1661 */
++#line 3813 "grammar.c" /* yacc.c:1661 */
break;
- case 106:
-#line 1698 "grammar.y"
+ case 107:
- #line 2129 "grammar.y" /* yacc.c:1661 */
++#line 2132 "grammar.y" /* yacc.c:1661 */
{
- CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "^");
- CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "^");
+ CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_INTEGER, "^");
+ CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, "^");
yr_parser_emit(yyscanner, OP_BITWISE_AND, NULL);
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
- (yyval.expression).value.integer = OPERATION(&, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
+ (yyval.expression).value.integer = OPERATION(&, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer);
}
- #line 3824 "grammar.c" /* yacc.c:1661 */
++#line 3827 "grammar.c" /* yacc.c:1661 */
break;
- case 107:
-#line 1708 "grammar.y"
+ case 108:
- #line 2139 "grammar.y" /* yacc.c:1661 */
++#line 2142 "grammar.y" /* yacc.c:1661 */
{
- CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "|");
- CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "|");
+ CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_INTEGER, "|");
+ CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, "|");
yr_parser_emit(yyscanner, OP_BITWISE_OR, NULL);
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
- (yyval.expression).value.integer = OPERATION(|, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
+ (yyval.expression).value.integer = OPERATION(|, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer);
}
- #line 3838 "grammar.c" /* yacc.c:1661 */
++#line 3841 "grammar.c" /* yacc.c:1661 */
break;
- case 108:
-#line 1718 "grammar.y"
+ case 109:
- #line 2149 "grammar.y" /* yacc.c:1661 */
++#line 2152 "grammar.y" /* yacc.c:1661 */
{
- CHECK_TYPE((yyvsp[(2) - (2)].expression), EXPRESSION_TYPE_INTEGER, "~");
+ CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, "~");
yr_parser_emit(yyscanner, OP_BITWISE_NOT, NULL);
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
- (yyval.expression).value.integer = ((yyvsp[(2) - (2)].expression).value.integer == UNDEFINED) ?
- UNDEFINED : (yyvsp[(2) - (2)].expression).value.integer;
+ (yyval.expression).value.integer = ((yyvsp[0].expression).value.integer == UNDEFINED) ?
+ UNDEFINED : (yyvsp[0].expression).value.integer;
}
- #line 3852 "grammar.c" /* yacc.c:1661 */
++#line 3855 "grammar.c" /* yacc.c:1661 */
break;
- case 109:
-#line 1728 "grammar.y"
+ case 110:
- #line 2159 "grammar.y" /* yacc.c:1661 */
++#line 2162 "grammar.y" /* yacc.c:1661 */
{
- CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "<<");
- CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "<<");
+ CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_INTEGER, "<<");
+ CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, "<<");
yr_parser_emit(yyscanner, OP_SHL, NULL);
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
- (yyval.expression).value.integer = OPERATION(<<, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
+ (yyval.expression).value.integer = OPERATION(<<, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer);
}
- #line 3866 "grammar.c" /* yacc.c:1661 */
++#line 3869 "grammar.c" /* yacc.c:1661 */
break;
- case 110:
-#line 1738 "grammar.y"
+ case 111:
- #line 2169 "grammar.y" /* yacc.c:1661 */
++#line 2172 "grammar.y" /* yacc.c:1661 */
{
- CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, ">>");
- CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, ">>");
+ CHECK_TYPE((yyvsp[-2].expression), EXPRESSION_TYPE_INTEGER, ">>");
+ CHECK_TYPE((yyvsp[0].expression), EXPRESSION_TYPE_INTEGER, ">>");
yr_parser_emit(yyscanner, OP_SHR, NULL);
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
- (yyval.expression).value.integer = OPERATION(>>, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
+ (yyval.expression).value.integer = OPERATION(>>, (yyvsp[-2].expression).value.integer, (yyvsp[0].expression).value.integer);
}
- #line 3880 "grammar.c" /* yacc.c:1661 */
++#line 3883 "grammar.c" /* yacc.c:1661 */
break;
- case 111:
-#line 1748 "grammar.y"
+ case 112:
- #line 2179 "grammar.y" /* yacc.c:1661 */
++#line 2182 "grammar.y" /* yacc.c:1661 */
{
- (yyval.expression) = (yyvsp[(1) - (1)].expression);
+ (yyval.expression) = (yyvsp[0].expression);
}
- #line 3888 "grammar.c" /* yacc.c:1661 */
++#line 3891 "grammar.c" /* yacc.c:1661 */
break;
- #line 3892 "grammar.c" /* yacc.c:1661 */
-/* Line 1267 of yacc.c. */
-#line 3505 "grammar.c"
++#line 3895 "grammar.c" /* yacc.c:1661 */
default: break;
}
+ /* User semantic actions sometimes alter yychar, and that requires
+ that yytoken be updated with the new translation. We take the
+ approach of translating immediately before every use of yytoken.
+ One alternative is translating here after every semantic action,
+ but that translation would be missed if the semantic action invokes
+ YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or
+ if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an
+ incorrect destructor might then be invoked immediately. In the
+ case of YYERROR or YYBACKUP, subsequent parser actions might lead
+ to an incorrect destructor call or verbose syntax error message
+ before the lookahead is translated. */
YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
YYPOPSTACK (yylen);
@@@ -4114,7 -3710,11 +4117,7 @@@ yyreturn
if (yymsg != yymsgbuf)
YYSTACK_FREE (yymsg);
#endif
- /* Make sure YYID is used. */
- return YYID (yyresult);
+ return yyresult;
}
- #line 2184 "grammar.y" /* yacc.c:1906 */
-
-
-#line 1753 "grammar.y"
-
++#line 2187 "grammar.y" /* yacc.c:1906 */
diff --cc libyara/modules/pe.c
index f6eb1f6,bbcf501..d9e7fd4
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@@ -521,101 -508,80 +521,102 @@@ void pe_parse_version_info
size_t version_info_offset;
- if (rsrc_type == RESOURCE_TYPE_VERSION)
- {
- version_info_offset = pe_rva_to_offset(pe, rsrc_data->OffsetToData);
+ version_info_offset = pe_rva_to_offset(pe, rsrc_data->OffsetToData);
- if (version_info_offset == 0)
- return RESOURCE_CALLBACK_CONTINUE;
+ if (version_info_offset == 0)
+ return;
- version_info = (PVERSION_INFO) (pe->data + version_info_offset);
+ version_info = (PVERSION_INFO) (pe->data + version_info_offset);
- if (!struct_fits_in_pe(pe, version_info, VERSION_INFO))
- return RESOURCE_CALLBACK_CONTINUE;
+ if (!struct_fits_in_pe(pe, version_info, VERSION_INFO))
+ return;
- if (!fits_in_pe(pe, version_info, sizeof("VS_VERSION_INFO")))
- return RESOURCE_CALLBACK_CONTINUE;
+ if (!fits_in_pe(pe, version_info, sizeof("VS_VERSION_INFO")))
+ return;
- if (strcmp_w(version_info->Key, "VS_VERSION_INFO") != 0)
- return RESOURCE_CALLBACK_CONTINUE;
+ if (strcmp_w(version_info->Key, "VS_VERSION_INFO") != 0)
+ return;
- string_file_info = ADD_OFFSET(version_info, sizeof(VERSION_INFO) + 86);
+ string_file_info = ADD_OFFSET(version_info, sizeof(VERSION_INFO) + 86);
- if (!struct_fits_in_pe(pe, string_file_info, VERSION_INFO))
- return RESOURCE_CALLBACK_CONTINUE;
+ if (!struct_fits_in_pe(pe, string_file_info, VERSION_INFO))
+ return;
- if (!fits_in_pe(pe, string_file_info, sizeof("StringFileInfo")))
- return RESOURCE_CALLBACK_CONTINUE;
+ if (!fits_in_pe(pe, string_file_info, sizeof("StringFileInfo")))
+ return;
+
+ while(strcmp_w(string_file_info->Key, "StringFileInfo") == 0)
+ {
+ PVERSION_INFO string_table = ADD_OFFSET(
+ string_file_info,
+ sizeof(VERSION_INFO) + 30);
- while(strcmp_w(string_file_info->Key, "StringFileInfo") == 0)
+ string_file_info = ADD_OFFSET(
+ string_file_info,
+ string_file_info->Length);
+
+ while (string_table < string_file_info)
{
- PVERSION_INFO string_table = ADD_OFFSET(
- string_file_info,
- sizeof(VERSION_INFO) + 30);
+ PVERSION_INFO string = ADD_OFFSET(
+ string_table,
+ sizeof(VERSION_INFO) + 2 * (strlen_w(string_table->Key) + 1));
- string_file_info = ADD_OFFSET(
- string_file_info,
- string_file_info->Length);
+ string_table = ADD_OFFSET(
+ string_table,
+ string_table->Length);
- while (string_table < string_file_info)
+ while (string < string_table)
{
- PVERSION_INFO string = ADD_OFFSET(
- string_table,
- sizeof(VERSION_INFO) + 2 * (strlen_w(string_table->Key) + 1));
+ char* string_value = (char*) ADD_OFFSET(
+ string,
+ sizeof(VERSION_INFO) + 2 * (strlen_w(string->Key) + 1));
- string_table = ADD_OFFSET(
- string_table,
- string_table->Length);
+ strlcpy_w(key, string->Key, sizeof(key));
+ strlcpy_w(value, string_value, sizeof(value));
- while (struct_fits_in_pe(pe, string, VERSION_INFO) &&
- string < string_table)
- {
- char* string_value = (char*) ADD_OFFSET(
- string,
- sizeof(VERSION_INFO) + 2 * (strlen_w(string->Key) + 1));
+ set_string(value, pe->object, "version_info[%s]", key);
- strlcpy_w(key, string->Key, sizeof(key));
- strlcpy_w(value, string_value, sizeof(value));
+ if (string->Length == 0)
+ break;
- set_string(value, pe->object, "version_info[%s]", key);
+ string = ADD_OFFSET(string, string->Length);
+ }
- if (string_table->Length == 0)
- if (string->Length == 0)
- break;
++ if (!struct_fits_in_pe(pe, string_table, VERSION_INFO) ||
++ string_table->Length == 0)
+ break;
+ }
+ }
+}
- string = ADD_OFFSET(string, string->Length);
- }
- if (!struct_fits_in_pe(pe, string_table, VERSION_INFO) ||
- string_table->Length == 0)
- break;
- }
- }
+int pe_collect_resources(
+ PIMAGE_RESOURCE_DATA_ENTRY rsrc_data,
+ int rsrc_type,
+ int rsrc_id,
+ int rsrc_language,
+ PE* pe)
+{
+ size_t offset = pe_rva_to_offset(pe, rsrc_data->OffsetToData);
+ if (offset == 0 || !fits_in_pe(pe, offset, rsrc_data->Size))
+ return RESOURCE_CALLBACK_CONTINUE;
- return RESOURCE_CALLBACK_ABORT;
- }
+ set_integer(rsrc_type, pe->object, "resources[%i].type", pe->resources);
+ set_integer(rsrc_id, pe->object, "resources[%i].id", pe->resources);
+ set_integer(
+ rsrc_language, pe->object, "resources[%i].language", pe->resources);
+ set_integer(
+ rsrc_data->Size, pe->object, "resources[%i].size", pe->resources);
+ set_sized_string(
+ (char*) (pe->data + offset), rsrc_data->Size, pe->object,
+ "resources[%i].data", pe->resources);
+
+ // Resources we do extra parsing on
+ if (rsrc_type == RESOURCE_TYPE_VERSION)
+ pe_parse_version_info(rsrc_data, pe);
- return RESOURCE_CALLBACK_CONTINUE;
+ pe->resources += 1;
+ return RESOURCE_CALLBACK_CONTINUE;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list