Closed plusvic closed 5 months ago
In some cases hex patterns that should match are missed. The issue is related to the fast matching algorithm implemented in yr_re_fast_exec.
yr_re_fast_exec
For instance, the following rule fails to match the data below:
rule issue { strings: $a = { 81 EC 38 01 [4-25] B8 ?? ?? ?? ?? [20-21] 44 55 66 77 } condition: $a }
81 EC 38 01 00 00 00 00 B8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B8 00 00 00 00 44 55 66 77
In some cases hex patterns that should match are missed. The issue is related to the fast matching algorithm implemented in
yr_re_fast_exec.For instance, the following rule fails to match the data below: