[Forensics-changes] [yara] 208/368: Fix build problems on Mac

Sat Jul 1 10:30:40 UTC 2017

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.5.0
in repository yara.

commit b2531c59f9744140843b61396e37665ca327cba4
Author: Kyle Reed <kallanreed at outlook.com>
Date:   Sun Feb 28 20:44:49 2016 -0800

    Fix build problems on Mac
---
 libyara/proc.c  | 13 ++++++++-----
 libyara/rules.c |  3 +--
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/libyara/proc.c b/libyara/proc.c
index dde0acd..836117a 100644
--- a/libyara/proc.c
+++ b/libyara/proc.c
@@ -45,7 +45,6 @@ int _yr_attach_process(
         NULL,
         NULL);
   }
-  // TODO: should else be COULD NOT ATTACH?
 
   if (hToken != NULL)
     CloseHandle(hToken);
@@ -86,7 +85,7 @@ int _yr_get_process_blocks(
   while (address < si.lpMaximumApplicationAddress &&
     VirtualQueryEx(hProcess, address, &mbi, sizeof(mbi)) != 0)
   {
-    if (mbi.State == MEM_COMMIT && ((mbi.Protect & PAGE_NOACCESS) == 0)) // TODO: check for read permission?
+    if (mbi.State == MEM_COMMIT && ((mbi.Protect & PAGE_NOACCESS) == 0))
     {
       new_block = (YR_MEMORY_BLOCK*)yr_malloc(sizeof(YR_MEMORY_BLOCK));
 
@@ -187,14 +186,16 @@ int _yr_attach_process(
 {
   *context = NULL;
 
-  if (task_for_pid(mach_task_self(), pid, *context) != KERN_SUCCESS)
+  kern_return_t kr;
+
+  if ((kr = task_for_pid(mach_task_self(), pid, *context)) != KERN_SUCCESS)
     return ERROR_COULD_NOT_ATTACH_TO_PROCESS;
 
   return ERROR_SUCCESS;
 }
 
 int _yr_detach_process(
-  void* pTask)
+  void* context)
 {
   task_t task = (task_t)context;
 
@@ -280,6 +281,7 @@ int _yr_read_process_block(
       task,
       block->base,
       block->size,
+      (vm_address_t)
       buffer,
       &size) != KERN_SUCCESS)
   {
@@ -497,7 +499,7 @@ static uint8_t* _yr_fetch_block_data(
 
   _yr_free_context_data(ctx);
 
-  int result = _yr_read_process_block(
+  _yr_read_process_block(
       ctx->process_context,
       ctx->current,
       &ctx->data);
@@ -510,6 +512,7 @@ static uint8_t* _yr_fetch_block_data(
   return ctx->data;
 }
 
+
 int yr_open_process_iterator(
     int pid,
     YR_BLOCK_ITERATOR* iterator)
diff --git a/libyara/rules.c b/libyara/rules.c
index 10b92e9..cd82642 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -310,7 +310,6 @@ int _yr_rules_scan_mem_block(
 }
 
 // single block iterator impl
-// TODO: belongs in this file?
 static YR_MEMORY_BLOCK* _yr_get_first_block(
     YR_BLOCK_ITERATOR* iterator)
 {
@@ -388,7 +387,7 @@ YR_API int yr_rules_scan_mem_blocks(
   context.flags = flags;
   context.callback = callback;
   context.user_data = user_data;
-  context.file_size = block->size; // TODO: does this make sense for processes?
+  context.file_size = block->size;
   context.iterator = iterator;
   context.entry_point = UNDEFINED;
   context.objects_table = NULL;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

