I'm writing a rule where I want to match on one hundred and twenty eight
consecutive NULL bytes. And I don't want to have to write it like this:
rule too_long {
strings:
$a = { 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 etc. etc. etc.
If I could just write something like:
$a = { 00 } x 128
or...
$a = { 00 } repeat 128
or...
$a = { 00 {128} }
... or whatever. And I know this can be done with a regular expression, but
those are really slow for some reason I haven't determined yet...
Being able to repeat up to 1024 times would be nice.
Anyway, if you want to get really fancy, you can do it for more than just
single byte sequences, like this example of how Perl does things:
perl -e 'print "AB"x10'
ABABABABABABABABABAB
Original issue reported on code.google.com by juliavi...@gmail.com on 25 Apr 2012 at 6:58
Original issue reported on code.google.com by
juliavi...@gmail.comon 25 Apr 2012 at 6:58