[Forensics-changes] [yara] 125/368: Implemented new callback for when module was successfully imported.

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:30:19 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.5.0
in repository yara.

commit acd7bfe25eaf61dd1aaf7531209487089d05895b
Author: Mario Suvajac <msuvajac at gmail.com>
Date:   Tue Dec 1 15:02:42 2015 +0100

    Implemented new callback for when module was successfully imported.
---
 libyara/include/yara/modules.h |  5 -----
 libyara/include/yara/rules.h   |  2 +-
 libyara/include/yara/scan.h    |  1 -
 libyara/modules.c              | 27 +++++----------------------
 libyara/rules.c                |  3 ---
 yara.c                         | 22 ++++++++--------------
 6 files changed, 14 insertions(+), 46 deletions(-)

diff --git a/libyara/include/yara/modules.h b/libyara/include/yara/modules.h
index 7351e27..8be1529 100644
--- a/libyara/include/yara/modules.h
+++ b/libyara/include/yara/modules.h
@@ -431,9 +431,4 @@ int yr_modules_load(
 int yr_modules_unload_all(
     YR_SCAN_CONTEXT* context);
 
-
-void yr_modules_print_data(
-    YR_SCAN_CONTEXT* context,
-    YR_CALLBACK_FUNC callback,
-    void* user_data);
 #endif
diff --git a/libyara/include/yara/rules.h b/libyara/include/yara/rules.h
index a3b081c..153ce43 100644
--- a/libyara/include/yara/rules.h
+++ b/libyara/include/yara/rules.h
@@ -26,7 +26,7 @@ limitations under the License.
 #define CALLBACK_MSG_RULE_NOT_MATCHING          2
 #define CALLBACK_MSG_SCAN_FINISHED              3
 #define CALLBACK_MSG_IMPORT_MODULE              4
-#define CALLBACK_MSG_MODULE_DATA                5
+#define CALLBACK_MSG_MODULE_IMPORTED            5
 
 #define CALLBACK_CONTINUE   0
 #define CALLBACK_ABORT      1
diff --git a/libyara/include/yara/scan.h b/libyara/include/yara/scan.h
index ef85a16..ff58c39 100644
--- a/libyara/include/yara/scan.h
+++ b/libyara/include/yara/scan.h
@@ -22,7 +22,6 @@ limitations under the License.
 // Bitmasks for flags.
 #define SCAN_FLAGS_FAST_MODE         1
 #define SCAN_FLAGS_PROCESS_MEMORY    2
-#define SCAN_FLAGS_SHOW_MODULE_DATA  4
 
 
 int yr_scan_verify_match(
diff --git a/libyara/modules.c b/libyara/modules.c
index 0e90431..a6b691a 100644
--- a/libyara/modules.c
+++ b/libyara/modules.c
@@ -169,6 +169,11 @@ int yr_modules_load(
     }
   }
 
+  result = context->callback(
+      CALLBACK_MSG_MODULE_IMPORTED,
+      module_structure,
+      context->user_data);
+
   return ERROR_SUCCESS;
 }
 
@@ -191,25 +196,3 @@ int yr_modules_unload_all(
 
   return ERROR_SUCCESS;
 }
-
-
-void yr_modules_print_data(
-    YR_SCAN_CONTEXT* context,
-    YR_CALLBACK_FUNC callback,
-    void* user_data)
-{
-  int i;
-
-  for (i = 0; i < sizeof(yr_modules_table) / sizeof(YR_MODULE); i++)
-  {
-    YR_OBJECT* module_structure = (YR_OBJECT*) yr_hash_table_lookup(
-        context->objects_table,
-        yr_modules_table[i].name,
-        NULL);
-
-    if (module_structure != NULL)
-    {
-      callback(CALLBACK_MSG_MODULE_DATA, module_structure, user_data);
-    }
-  }
-}
diff --git a/libyara/rules.c b/libyara/rules.c
index dbae41d..7961cd2 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -491,9 +491,6 @@ _exit:
 
   _yr_rules_clean_matches(rules, &context);
 
-  if (flags & SCAN_FLAGS_SHOW_MODULE_DATA)
-    yr_modules_print_data(&context, callback, user_data);
-
   yr_modules_unload_all(&context);
 
   if (context.matches_arena != NULL)
diff --git a/yara.c b/yara.c
index 9caff68..3d8e871 100644
--- a/yara.c
+++ b/yara.c
@@ -648,12 +648,15 @@ int handle_message(int message, YR_RULE* rule, void* data)
 
 int handle_module_data(YR_OBJECT* object)
 {
-  mutex_lock(&output_mutex);
+  if (show_module_data)
+  {
+    mutex_lock(&output_mutex);
 
-  yr_object_print_data(object, 0, 1);
-  printf("\n");
+    yr_object_print_data(object, 0, 1);
+    printf("\n");
 
-  mutex_unlock(&output_mutex);
+    mutex_unlock(&output_mutex);
+  }
 
   return CALLBACK_CONTINUE;
 }
@@ -688,7 +691,7 @@ int callback(int message, void* message_data, void* user_data)
 
       return CALLBACK_CONTINUE;
 
-    case CALLBACK_MSG_MODULE_DATA:
+    case CALLBACK_MSG_MODULE_IMPORTED:
       return handle_module_data((YR_OBJECT*) message_data);
   }
 
@@ -710,9 +713,6 @@ void* scanning_thread(void* param)
   if (fast_scan)
     flags |= SCAN_FLAGS_FAST_MODE;
 
-  if (show_module_data)
-    flags |= SCAN_FLAGS_SHOW_MODULE_DATA;
-
   while (file_path != NULL)
   {
     int elapsed_time = (int) difftime(time(NULL), args->start_time);
@@ -1067,9 +1067,6 @@ int main(
     if (fast_scan)
       flags |= SCAN_FLAGS_FAST_MODE;
 
-    if (show_module_data)
-      flags |= SCAN_FLAGS_SHOW_MODULE_DATA;
-
     result = yr_rules_scan_proc(
         rules,
         pid,
@@ -1131,9 +1128,6 @@ int main(
     if (fast_scan)
       flags |= SCAN_FLAGS_FAST_MODE;
 
-    if (show_module_data)
-      flags |= SCAN_FLAGS_SHOW_MODULE_DATA;
-
     result = yr_rules_scan_file(
         rules,
         argv[1],

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list