[Forensics-changes] [yara] 128/160: Add more architectures to support

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:29:25 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.4.0
in repository yara.

commit 5215859ced4f34176a877d93b4648a47e01a1f5c
Author: nyx0 <nyx0 at users.noreply.github.com>
Date:   Wed May 13 16:27:11 2015 -0400

    Add more architectures to support
---
 docs/modules/elf.rst       |  7 +++++--
 libyara/include/yara/elf.h | 26 +++++++++++++++-----------
 libyara/modules/elf.c      | 14 +++++++++++---
 3 files changed, 31 insertions(+), 16 deletions(-)

diff --git a/docs/modules/elf.rst b/docs/modules/elf.rst
index d79be86..53d1668 100644
--- a/docs/modules/elf.rst
+++ b/docs/modules/elf.rst
@@ -65,9 +65,12 @@ Reference
     .. c:type:: EM_88K
     .. c:type:: EM_860
     .. c:type:: EM_MIPS
-    .. c:type:: EM_ARM"
-    .. c:type:: EM_MIPS
+    .. c:type:: EM_MIPS_RS3_LE
+    .. c:type:: EM_PPC
+    .. c:type:: EM_PPC64
+    .. c:type:: EM_ARM
     .. c:type:: EM_X86_64
+    .. c:type:: EM_AARCH64
 
     *Example: elf.machine == elf.EM_X86_64*
 
diff --git a/libyara/include/yara/elf.h b/libyara/include/yara/elf.h
index 7a0201b..78d063b 100644
--- a/libyara/include/yara/elf.h
+++ b/libyara/include/yara/elf.h
@@ -45,16 +45,20 @@ typedef uint64_t elf64_xword_t;
 #define ELF_ET_LOPROC   0xFF00  // Processor-specific
 #define ELF_ET_HIPROC   0x00FF  // Processor-specific
 
-#define ELF_EM_NONE     0x0000  // no type
-#define ELF_EM_M32      0x0001  // AT&T WE 32100
-#define ELF_EM_SPARC    0x0002  // SPARC
-#define ELF_EM_386      0x0003  // Intel 80386
-#define ELF_EM_68K      0x0004  // Motorola 68000
-#define ELF_EM_88K      0x0005  // Motorola 88000
-#define ELF_EM_860      0x0007  // Intel 80860
-#define ELF_EM_MIPS     0x0008  // MIPS RS3000
-#define ELF_EM_ARM      0x0028  // ARM
-#define ELF_EM_X86_64   0x003E  // AMD/Intel x86_64
+#define ELF_EM_NONE         0x0000  // no type
+#define ELF_EM_M32          0x0001  // AT&T WE 32100
+#define ELF_EM_SPARC        0x0002  // SPARC
+#define ELF_EM_386          0x0003  // Intel 80386
+#define ELF_EM_68K          0x0004  // Motorola 68000
+#define ELF_EM_88K          0x0005  // Motorola 88000
+#define ELF_EM_860          0x0007  // Intel 80860
+#define ELF_EM_MIPS         0x0008  // MIPS I Architecture
+#define ELF_EM_MIPS_RS3_LE  0x000A  // MIPS RS3000 Little-endian
+#define ELF_EM_PPC          0x0014  // PowerPC
+#define ELF_EM_PPC64        0x0015  // 64-bit PowerPC
+#define ELF_EM_ARM          0x0028  // ARM
+#define ELF_EM_X86_64       0x003E  // AMD/Intel x86_64
+#define ELF_EM_AARCH64      0x00B7  // 64-bit ARM
 
 #define ELF_CLASS_NONE  0x0000
 #define ELF_CLASS_32    0x0001  // 32bit file
@@ -214,4 +218,4 @@ typedef struct
 
 #pragma pack(pop)
 
-#endif
+#endif
\ No newline at end of file
diff --git a/libyara/modules/elf.c b/libyara/modules/elf.c
index 2b8310d..8576f0b 100644
--- a/libyara/modules/elf.c
+++ b/libyara/modules/elf.c
@@ -199,9 +199,13 @@ begin_declarations;
   declare_integer("EM_68K");
   declare_integer("EM_88K");
   declare_integer("EM_860");
-  declare_integer("EM_ARM");
   declare_integer("EM_MIPS");
+  declare_integer("EM_MIPS_RS3_LE");
+  declare_integer("EM_PPC");
+  declare_integer("EM_PPC64");
+  declare_integer("EM_ARM");
   declare_integer("EM_X86_64");
+  declare_integer("EM_AARCH64");
 
   declare_integer("SHT_NULL");
   declare_integer("SHT_PROGBITS");
@@ -307,9 +311,13 @@ int module_load(
   set_integer(ELF_EM_68K, module_object, "EM_68K");
   set_integer(ELF_EM_88K, module_object, "EM_88K");
   set_integer(ELF_EM_860, module_object, "EM_860");
-  set_integer(ELF_EM_ARM, module_object, "EM_ARM");
   set_integer(ELF_EM_MIPS, module_object, "EM_MIPS");
+  set_integer(ELF_EM_MIPS_RS3_LE, module_object, "EM_MIPS_RS3_LE");
+  set_integer(ELF_EM_PPC, module_object, "EM_PPC");
+  set_integer(ELF_EM_PPC64, module_object, "EM_PPC64");
+  set_integer(ELF_EM_ARM, module_object, "EM_ARM");
   set_integer(ELF_EM_X86_64, module_object, "EM_X86_64");
+  set_integer(ELF_EM_AARCH64, module_object, "EM_AARCH64");
 
   set_integer(ELF_SHT_NULL, module_object, "SHT_NULL");
   set_integer(ELF_SHT_PROGBITS, module_object, "SHT_PROGBITS");
@@ -396,4 +404,4 @@ int module_load(
 int module_unload(YR_OBJECT* module_object)
 {
   return ERROR_SUCCESS;
-}
+}
\ No newline at end of file

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list