[Forensics-changes] [yara] 363/368: Changes to make math and pe modules C89 compatible. (#479)
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:31:00 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.5.0
in repository yara.
commit bfda09be1cd8ea2505c0e6e5791dc517d0f9ab5a
Author: Joachim Metz <joachim.metz at gmail.com>
Date: Mon Jul 18 09:40:04 2016 +0200
Changes to make math and pe modules C89 compatible. (#479)
---
libyara/modules/math.c | 10 +++++++---
libyara/modules/pe.c | 17 +++++++++++------
2 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/libyara/modules/math.c b/libyara/modules/math.c
index 0a5638c..d216936 100644
--- a/libyara/modules/math.c
+++ b/libyara/modules/math.c
@@ -197,6 +197,10 @@ define_function(data_deviation)
size_t total_len = 0;
size_t i;
+ size_t data_offset = 0;
+ size_t data_len = 0;
+ uint8_t* block_data = NULL;
+
YR_SCAN_CONTEXT* context = scan_context();
YR_MEMORY_BLOCK* block = first_memory_block(context);
YR_MEMORY_BLOCK_ITERATOR* iterator = context->iterator;
@@ -209,10 +213,10 @@ define_function(data_deviation)
if (offset >= block->base &&
offset < block->base + block->size)
{
- size_t data_offset = (size_t)(offset - block->base);
- size_t data_len = (size_t)yr_min(
+ data_offset = (size_t)(offset - block->base);
+ data_len = (size_t)yr_min(
length, (size_t)(block->size - data_offset));
- uint8_t* block_data = block->fetch_data(block);
+ block_data = block->fetch_data(block);
if (block_data == NULL)
return_float(UNDEFINED);
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 1797007..1af5562 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -408,6 +408,9 @@ int64_t pe_rva_to_offset(
int i = 0;
+ int alignment = 0;
+ int rest = 0;
+
while(i < yr_min(pe->header->FileHeader.NumberOfSections, MAX_PE_SECTIONS))
{
if (struct_fits_in_pe(pe, section, IMAGE_SECTION_HEADER))
@@ -431,7 +434,7 @@ int64_t pe_rva_to_offset(
// If FileAlignment is >= 0x200, it is apparently ignored (see
// Ero Carreras's pefile.py, PE.adjust_FileAlignment).
- int alignment = yr_min(OptionalHeader(pe, FileAlignment), 0x200);
+ alignment = yr_min(OptionalHeader(pe, FileAlignment), 0x200);
section_rva = section->VirtualAddress;
section_offset = section->PointerToRawData;
@@ -439,7 +442,7 @@ int64_t pe_rva_to_offset(
if (alignment)
{
- int rest = section_offset % alignment;
+ rest = section_offset % alignment;
if (rest)
section_offset -= rest;
@@ -2276,6 +2279,10 @@ int module_load(
YR_MEMORY_BLOCK* block;
YR_MEMORY_BLOCK_ITERATOR* iterator = context->iterator;
+ PIMAGE_NT_HEADERS32 pe_header;
+ uint8_t* block_data = NULL;
+ PE* pe = NULL;
+
set_integer(
IMAGE_FILE_MACHINE_UNKNOWN, module_object,
"MACHINE_UNKNOWN");
@@ -2517,9 +2524,7 @@ int module_load(
foreach_memory_block(iterator, block)
{
- PIMAGE_NT_HEADERS32 pe_header;
-
- uint8_t* block_data = block->fetch_data(block);
+ block_data = block->fetch_data(block);
if (block_data == NULL)
continue;
@@ -2533,7 +2538,7 @@ int module_load(
if (!(context->flags & SCAN_FLAGS_PROCESS_MEMORY) ||
!(pe_header->FileHeader.Characteristics & IMAGE_FILE_DLL))
{
- PE* pe = (PE*) yr_malloc(sizeof(PE));
+ pe = (PE*) yr_malloc(sizeof(PE));
if (pe == NULL)
return ERROR_INSUFICIENT_MEMORY;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list