[Forensics-changes] [yara] 120/192: Added command line argument for printing match lenght (#566)

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:31:55 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.6.0
in repository yara.

commit e6c5fcd6a1b420dafa2f15cca37e67f92bc18d6b
Author: CaldurG <rastislav.masaryk at gmail.com>
Date:   Thu Mar 16 11:06:52 2017 +0100

    Added command line argument for printing match lenght (#566)
---
 docs/commandline.rst |  4 ++++
 yara.c               | 25 +++++++++++++++++--------
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/docs/commandline.rst b/docs/commandline.rst
index 759df10..072ed60 100644
--- a/docs/commandline.rst
+++ b/docs/commandline.rst
@@ -54,6 +54,10 @@ Available options are:
 
   Print matching strings.
 
+.. option:: -L --print-string-length
+
+  Print length of matching strings.
+
 .. option:: -e --print-namespace
 
   Print rules' namespace.
diff --git a/yara.c b/yara.c
index 0313dd8..e0e0266 100644
--- a/yara.c
+++ b/yara.c
@@ -134,6 +134,7 @@ int limit = 0;
 int timeout = 1000000;
 int stack_size = DEFAULT_STACK_SIZE;
 int threads = 8;
+int show_str_len = FALSE;
 int fail_on_warnings = FALSE;
 
 
@@ -203,6 +204,8 @@ args_option_t options[] =
   OPT_BOOLEAN('h', "help", &show_help,
       "show this help and exit"),
 
+  OPT_BOOLEAN('L', "print-string-length", &show_str_len, "print length of matched strings"),
+
   OPT_END()
 };
 
@@ -659,7 +662,7 @@ int handle_message(
 
     // Show matched strings.
 
-    if (show_strings)
+    if (show_strings || show_str_len)
     {
       YR_STRING* string;
 
@@ -669,14 +672,20 @@ int handle_message(
 
         yr_string_matches_foreach(string, match)
         {
-          printf("0x%" PRIx64 ":%s: ",
-              match->base + match->offset,
-              string->identifier);
-
-          if (STRING_IS_HEX(string))
-            print_hex_string(match->data, match->data_length);
+          if (show_str_len)
+            printf("0x%" PRIx64 ":%d:%s", match->base + match->offset, match->data_length, string->identifier);
+          else
+            printf("0x%" PRIx64 ":%s", match->base + match->offset, string->identifier);
+
+          if (show_strings) {
+            printf(": ");
+            if (STRING_IS_HEX(string))
+              print_hex_string(match->data, match->data_length);
+            else
+              print_string(match->data, match->data_length);
+          }
           else
-            print_string(match->data, match->data_length);
+            printf("\n");
         }
       }
     }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list