[Forensics-changes] [yara] 336/407: No need to add image_base.
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:28:42 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.3.0
in repository yara.
commit f4b4ad1a6c3331dfd89b8f7cb1e360d38478d077
Author: Wesley Shields <wxs at atarininja.org>
Date: Fri Jan 9 21:47:46 2015 -0500
No need to add image_base.
The entry_point is already calculated relative to image_base.
---
libyara/modules/pe.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 67663d2..e1c95c8 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -1171,12 +1171,6 @@ define_function(section_index_addr)
int64_t addr = integer_argument(1);
int64_t n = get_integer(module, "number_of_sections");
- if (context->flags & SCAN_FLAGS_PROCESS_MEMORY)
- {
- int64_t base_address = get_integer(module, "image_base");
- addr += base_address;
- }
-
for (int64_t i = 0; i < n; i++)
{
int64_t offset = get_integer(module, "sections[%i].raw_data_offset", i);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list