[Forensics-changes] [yara] 45/160: Fix minor style issues
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:29:16 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.4.0
in repository yara.
commit 0f9d8a0789792cfbdf35e0dfc9bcd14e68a8877f
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Fri Mar 13 11:33:50 2015 +0100
Fix minor style issues
---
libyara/modules/pe.c | 76 +++++++++++++++++++++++-----------------------------
1 file changed, 34 insertions(+), 42 deletions(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 6280956..879de78 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -370,16 +370,12 @@ uint64_t pe_rva_to_offset(
PE* pe,
uint64_t rva)
{
- PIMAGE_SECTION_HEADER section;
- DWORD section_rva;
- DWORD section_offset;
+ PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(pe->header);
+ DWORD section_rva = 0;
+ DWORD section_offset = 0;
int i = 0;
- section = IMAGE_FIRST_SECTION(pe->header);
- section_rva = 0;
- section_offset = 0;
-
while(i < min(pe->header->FileHeader.NumberOfSections, MAX_PE_SECTIONS))
{
if ((uint8_t*) section - \
@@ -565,6 +561,7 @@ int pe_iterate_resources(
int type = -1;
int id = -1;
int language = -1;
+
uint8_t* type_string = NULL;
uint8_t* name_string = NULL;
uint8_t* lang_string = NULL;
@@ -627,20 +624,12 @@ void pe_parse_version_info(
PIMAGE_RESOURCE_DATA_ENTRY rsrc_data,
PE* pe)
{
- PVERSION_INFO version_info;
- PVERSION_INFO string_file_info;
-
- char key[64];
- char value[256];
-
- size_t version_info_offset;
-
- version_info_offset = pe_rva_to_offset(pe, rsrc_data->OffsetToData);
+ size_t version_info_offset = pe_rva_to_offset(pe, rsrc_data->OffsetToData);
if (version_info_offset == 0)
return;
- version_info = (PVERSION_INFO) (pe->data + version_info_offset);
+ PVERSION_INFO version_info = (PVERSION_INFO) (pe->data + version_info_offset);
if (!fits_in_pe(pe, version_info->Key, sizeof("VS_VERSION_INFO") * 2))
return;
@@ -648,7 +637,8 @@ void pe_parse_version_info(
if (strcmp_w(version_info->Key, "VS_VERSION_INFO") != 0)
return;
- string_file_info = ADD_OFFSET(version_info, sizeof(VERSION_INFO) + 86);
+ PVERSION_INFO string_file_info = ADD_OFFSET(
+ version_info, sizeof(VERSION_INFO) + 86);
while(fits_in_pe(pe, string_file_info->Key, sizeof("StringFileInfo") * 2) &&
strcmp_w(string_file_info->Key, "StringFileInfo") == 0 &&
@@ -687,6 +677,9 @@ void pe_parse_version_info(
if (wide_string_fits_in_pe(pe, string_value))
{
+ char key[64];
+ char value[256];
+
strlcpy_w(key, string->Key, sizeof(key));
strlcpy_w(value, string_value, sizeof(value));
@@ -759,10 +752,10 @@ int pe_collect_resources(
else
{
set_integer(
- rsrc_id,
- pe->object,
- "resources[%i].id",
- pe->resources);
+ rsrc_id,
+ pe->object,
+ "resources[%i].id",
+ pe->resources);
}
if (lang_string)
@@ -777,10 +770,10 @@ int pe_collect_resources(
else
{
set_integer(
- rsrc_language,
- pe->object,
- "resources[%i].language",
- pe->resources);
+ rsrc_language,
+ pe->object,
+ "resources[%i].language",
+ pe->resources);
}
// Resources we do extra parsing on
@@ -1317,6 +1310,7 @@ define_function(section_index_addr)
{
YR_OBJECT* module = module();
YR_SCAN_CONTEXT* context = scan_context();
+
int64_t offset;
int64_t size;
@@ -1435,9 +1429,6 @@ define_function(exports)
define_function(imphash)
{
YR_OBJECT* module = module();
- IMPORTED_DLL* dll = NULL;
- IMPORTED_FUNCTION* func = NULL;
-
MD5_CTX ctx;
unsigned char digest[MD5_DIGEST_LENGTH];
@@ -1453,7 +1444,7 @@ define_function(imphash)
MD5_Init(&ctx);
- dll = pe->imported_dlls;
+ IMPORTED_DLL* dll = pe->imported_dlls;
while (dll)
{
@@ -1477,12 +1468,13 @@ define_function(imphash)
// Allocate a new string to hold the dll name.
char* dll_name = (char *) yr_malloc(dll_name_len + 1);
- if (! dll_name)
+
+ if (!dll_name)
return ERROR_INSUFICIENT_MEMORY;
strlcpy(dll_name, dll->name, dll_name_len + 1);
- func = dll->functions;
+ IMPORTED_FUNCTION* func = dll->functions;
while (func)
{
@@ -1494,10 +1486,10 @@ define_function(imphash)
char* final_name = (char*) yr_malloc(final_name_len + 1);
if (final_name == NULL)
- {
- yr_free(dll_name);
- break;
- }
+ {
+ yr_free(dll_name);
+ break;
+ }
sprintf(final_name, first ? "%s.%s": ",%s.%s", dll_name, func->name);
@@ -1544,19 +1536,16 @@ define_function(imports)
YR_OBJECT* module = module();
PE* pe = (PE*) module->data;
- IMPORTED_DLL* imported_dll = NULL;
- IMPORTED_FUNCTION* imported_func = NULL;
-
if (!pe)
return_integer(UNDEFINED);
- imported_dll = pe->imported_dlls;
+ IMPORTED_DLL* imported_dll = pe->imported_dlls;
while (imported_dll != NULL)
{
if (strcasecmp(imported_dll->name, dll_name) == 0)
{
- imported_func = imported_dll->functions;
+ IMPORTED_FUNCTION* imported_func = imported_dll->functions;
while (imported_func != NULL)
{
@@ -2114,7 +2103,8 @@ int module_load(
}
-int module_unload(YR_OBJECT* module_object)
+int module_unload(
+ YR_OBJECT* module_object)
{
IMPORTED_DLL* dll = NULL;
IMPORTED_DLL* next_dll = NULL;
@@ -2132,12 +2122,14 @@ int module_unload(YR_OBJECT* module_object)
{
if (dll->name)
yr_free(dll->name);
+
func = dll->functions;
while (func)
{
if (func->name)
yr_free(func->name);
+
next_func = func->next;
yr_free(func);
func = next_func;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list