mianskulls / yara-project

Automatically exported from code.google.com/p/yara-project
Apache License 2.0
0 stars 1 forks source link

Grouping support in YARA signatures (like RegEx's) #49

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Hi,

Would it be possible to implement some kind of grouping into YARA signatures 
like RegEx groups

Sample:

rule Sample
{
    strings:
        $SampleSig = { 6A 0A 8D 4? ?? 5? (?<Target> 68 [2] 00 00) E8 [4] 8D 4? ?? 83 C4 0C } 
    condition:
        $SampleSig
}

This kind of grouping would made data extraction even easier then it is already.
Access to the result would be like:  
$SampleSig[Target] (or whatever is easy to implement) and would return the 68 
XX XX 00 00 value only accept of the whole match

Thanks in advance!

Original issue reported on code.google.com by Maarten....@gmail.com on 16 May 2012 at 11:54

GoogleCodeExporter commented 8 years ago
Sorry issue type should have been "Enhancement"

Original comment by Maarten....@gmail.com on 16 May 2012 at 12:03