[Forensics-changes] [yara] 122/368: Minor style changes
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:30:19 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.5.0
in repository yara.
commit 32fa806362bcf04dfcafe277e29473294a3313ad
Author: Victor Manuel Alvarez <vmalvarez at virustotal.com>
Date: Tue Dec 1 13:04:50 2015 +0100
Minor style changes
---
libyara/modules/pe.c | 116 +++++++++++++++++++++++++++++++--------------------
1 file changed, 71 insertions(+), 45 deletions(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 7a07e91..ea388d1 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -1859,11 +1859,18 @@ define_function(language)
return_integer(0);
}
-static uint64_t rich_internal(YR_OBJECT* module, uint64_t version, uint64_t toolid)
+
+static uint64_t rich_internal(
+ YR_OBJECT* module,
+ uint64_t version,
+ uint64_t toolid)
{
size_t rich_len;
+
PRICH_SIGNATURE clear_rich_signature;
SIZED_STRING* rich_string;
+
+ int rich_signature_count;
int i;
// Check if the required fields are set
@@ -1878,82 +1885,97 @@ static uint64_t rich_internal(YR_OBJECT* module, uint64_t version, uint64_t tool
return UNDEFINED;
if (version == UNDEFINED && toolid == UNDEFINED)
- return 0;
+ return FALSE;
- clear_rich_signature = (PRICH_SIGNATURE)rich_string->c_string;
+ clear_rich_signature = (PRICH_SIGNATURE) rich_string->c_string;
// Loop over the versions in the rich signature
- for (i = 0;
- i < (rich_len - sizeof(RICH_SIGNATURE)) / sizeof(RICH_VERSION_INFO);
- i++)
+
+ rich_signature_count = \
+ (rich_len - sizeof(RICH_SIGNATURE)) / sizeof(RICH_VERSION_INFO);
+
+ for (i = 0; i < rich_signature_count; i++)
{
DWORD id_version = clear_rich_signature->versions[i].id_version;
- bool matchVersion = version == RICH_VERSION_VERSION(id_version);
- bool matchToolid = toolid == RICH_VERSION_ID(id_version);
- if (version != UNDEFINED && toolid != UNDEFINED) //check version and toolid
+
+ int match_version = version == RICH_VERSION_VERSION(id_version);
+ int match_toolid = toolid == RICH_VERSION_ID(id_version);
+
+ if (version != UNDEFINED && toolid != UNDEFINED)
{
- if (matchVersion && matchToolid)
- return 1;
+ // check version and toolid
+ if (match_version && match_toolid)
+ return TRUE;
}
- else if (version != UNDEFINED) //check only version
+ else if (version != UNDEFINED)
{
- if (matchVersion)
- return 1;
+ // check only version
+ if (match_version)
+ return TRUE;
}
- else if (toolid != UNDEFINED) //check only toolid
+ else if (toolid != UNDEFINED)
{
- if (matchToolid)
- return 1;
+ // check only toolid
+ if (match_toolid)
+ return TRUE;
}
}
- return 0;
+ return FALSE;
}
+
define_function(rich_version)
{
- return_integer(rich_internal(module(), integer_argument(1), UNDEFINED));
+ return_integer(
+ rich_internal(module(), integer_argument(1), UNDEFINED));
}
+
define_function(rich_version_toolid)
{
- return_integer(rich_internal(module(), integer_argument(1), integer_argument(2)));
+ return_integer(
+ rich_internal(module(), integer_argument(1), integer_argument(2)));
}
+
define_function(rich_toolid)
{
- return_integer(rich_internal(module(), UNDEFINED, integer_argument(1)));
+ return_integer(
+ rich_internal(module(), UNDEFINED, integer_argument(1)));
}
+
define_function(rich_toolid_version)
{
- return_integer(rich_internal(module(), integer_argument(2), integer_argument(1)));
+ return_integer(
+ rich_internal(module(), integer_argument(2), integer_argument(1)));
}
begin_declarations;
- declare_integer("MACHINE_UNKNOWN")
- declare_integer("MACHINE_AM33")
- declare_integer("MACHINE_AMD64")
- declare_integer("MACHINE_ARM")
- declare_integer("MACHINE_ARMNT")
- declare_integer("MACHINE_ARM64")
- declare_integer("MACHINE_EBC")
- declare_integer("MACHINE_I386")
- declare_integer("MACHINE_IA64")
- declare_integer("MACHINE_M32R")
- declare_integer("MACHINE_MIPS16")
- declare_integer("MACHINE_MIPSFPU")
- declare_integer("MACHINE_MIPSFPU16")
- declare_integer("MACHINE_POWERPC")
- declare_integer("MACHINE_POWERPCFP")
- declare_integer("MACHINE_R4000")
- declare_integer("MACHINE_SH3")
- declare_integer("MACHINE_SH3DSP")
- declare_integer("MACHINE_SH4")
- declare_integer("MACHINE_SH5")
- declare_integer("MACHINE_THUMB")
- declare_integer("MACHINE_WCEMIPSV2")
+ declare_integer("MACHINE_UNKNOWN");
+ declare_integer("MACHINE_AM33");
+ declare_integer("MACHINE_AMD64");
+ declare_integer("MACHINE_ARM");
+ declare_integer("MACHINE_ARMNT");
+ declare_integer("MACHINE_ARM64");
+ declare_integer("MACHINE_EBC");
+ declare_integer("MACHINE_I386");
+ declare_integer("MACHINE_IA64");
+ declare_integer("MACHINE_M32R");
+ declare_integer("MACHINE_MIPS16");
+ declare_integer("MACHINE_MIPSFPU");
+ declare_integer("MACHINE_MIPSFPU16");
+ declare_integer("MACHINE_POWERPC");
+ declare_integer("MACHINE_POWERPCFP");
+ declare_integer("MACHINE_R4000");
+ declare_integer("MACHINE_SH3");
+ declare_integer("MACHINE_SH3DSP");
+ declare_integer("MACHINE_SH4");
+ declare_integer("MACHINE_SH5");
+ declare_integer("MACHINE_THUMB");
+ declare_integer("MACHINE_WCEMIPSV2");
declare_integer("SUBSYSTEM_UNKNOWN");
declare_integer("SUBSYSTEM_NATIVE");
@@ -2081,11 +2103,13 @@ begin_declarations;
declare_function("locale", "i", "i", locale);
declare_function("language", "i", "i", language);
- declare_integer("resource_timestamp")
+ declare_integer("resource_timestamp");
+
begin_struct("resource_version");
declare_integer("major");
declare_integer("minor");
end_struct("resource_version");
+
begin_struct_array("resources");
declare_integer("offset");
declare_integer("length");
@@ -2096,6 +2120,7 @@ begin_declarations;
declare_string("name_string");
declare_string("language_string");
end_struct_array("resources");
+
declare_integer("number_of_resources");
#if defined(HAVE_LIBCRYPTO)
@@ -2109,6 +2134,7 @@ begin_declarations;
declare_integer("not_after");
declare_function("valid_on", "i", "i", valid_on);
end_struct_array("signatures");
+
declare_integer("number_of_signatures");
#endif
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list