wxsBSD
commented
1 year ago The compiler needs whatever the equivalent of -DBUCKETS_128=1 and -DCHECKSUM_1B=1 is on windows. These are required to work with the TLSH and authenticode parser that Avast contributed.
This PR consolidates #217 (add a modules list to the yara object) and #210 (support xor_value in returned strings), to make merging them easier. The xor_value work is going to break a lot of existing scripts using yara-python as string matches are no longer returned as a tuple but instead have their own object. I think this is worth doing as it allows for better extensibility in the future.
It also updates the yara submodule to 65feb41d, which is the latest in master as of this writing.
I also fixed up a test that was broken after a change to non-ascii bytes in regex in yara.