[Forensics-changes] [yara] 73/160: Print non-printable characters in hex.
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:29:19 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.4.0
in repository yara.
commit a6f609f217e3e037abf18c4169816d9f2f7e85df
Author: Wesley Shields <wxs at atarininja.org>
Date: Mon Mar 30 23:39:59 2015 -0400
Print non-printable characters in hex.
When using PRINT_MODULE_DATA and processing a YR_OBJECT_STRING walk each
character in the string and print it in hex if it is not printable.
---
libyara/object.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/libyara/object.c b/libyara/object.c
index 90fee2e..9066917 100644
--- a/libyara/object.c
+++ b/libyara/object.c
@@ -1095,11 +1095,22 @@ void yr_object_print_data(
case OBJECT_TYPE_STRING:
if (((YR_OBJECT_STRING*) object)->value != NULL)
+ {
printf(
- "%s%s = \"%s\"\n",
+ "%s%s = \"",
indent_spaces,
- object->identifier,
- ((YR_OBJECT_STRING*) object)->value->c_string);
+ object->identifier);
+ for (int i = 0; i < ((YR_OBJECT_STRING*) object)->value->length; i++)
+ {
+ if (isprint(((YR_OBJECT_STRING*) object)->value->c_string[i]))
+ printf("%c",
+ ((YR_OBJECT_STRING*) object)->value->c_string[i]);
+ else
+ printf("\\x%02x",
+ (unsigned char) ((YR_OBJECT_STRING*) object)->value->c_string[i]);
+ }
+ printf("\"\n");
+ }
break;
case OBJECT_TYPE_STRUCTURE:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list