Browse code
work in progress: support more yara parser functionality.
Steven Morgan authored on 2014/12/10 23:49:22Showing 5 changed files
- libclamav/readdb.c
- libclamav/yara_clam.h
- libclamav/yara_grammar.y
- libclamav/yara_lexer.l
- libclamav/yara_parser.c
| ... | ... |
@@ -2632,7 +2632,7 @@ static int cli_loadyara(FILE *fs, const char *dbname, struct cl_engine *engine, |
| 2632 | 2632 |
uint32_t line = 0; |
| 2633 | 2633 |
uint8_t is_comment; |
| 2634 | 2634 |
uint8_t rule_state; |
| 2635 |
- YR_COMPILER compiler; |
|
| 2635 |
+ YR_COMPILER compiler = {0};
|
|
| 2636 | 2636 |
YR_RULE * rule; |
| 2637 | 2637 |
YR_STRING * string; |
| 2638 | 2638 |
|
| ... | ... |
@@ -2641,7 +2641,7 @@ static int cli_loadyara(FILE *fs, const char *dbname, struct cl_engine *engine, |
| 2641 | 2641 |
STAILQ_INIT(&compiler.current_rule_strings); |
| 2642 | 2642 |
|
| 2643 | 2643 |
// cli_errmsg("Loading yara signatures\n");
|
| 2644 |
-#if 0 /* for compilation */ |
|
| 2644 |
+#if 1 /* for compilation */ |
|
| 2645 | 2645 |
yr_lex_parse_rules_file(fs, &compiler); |
| 2646 | 2646 |
#endif |
| 2647 | 2647 |
while (!STAILQ_EMPTY(&compiler.rules)) {
|
| ... | ... |
@@ -41,20 +41,15 @@ limitations under the License. |
| 41 | 41 |
#define _YARA_CLAM_H_ |
| 42 | 42 |
|
| 43 | 43 |
#include "shared/queue.h" |
| 44 |
- |
|
| 45 |
-#define LEX_BUF_SIZE 1024 |
|
| 46 | 44 |
|
| 47 |
-#define EXTERNAL_VARIABLE_TYPE_NULL 0 |
|
| 48 |
-#define EXTERNAL_VARIABLE_TYPE_ANY 1 |
|
| 49 |
-#define EXTERNAL_VARIABLE_TYPE_INTEGER 2 |
|
| 50 |
-#define EXTERNAL_VARIABLE_TYPE_BOOLEAN 3 |
|
| 51 |
-#define EXTERNAL_VARIABLE_TYPE_FIXED_STRING 4 |
|
| 52 |
-#define EXTERNAL_VARIABLE_TYPE_MALLOC_STRING 5 |
|
| 53 |
- |
|
| 54 |
-#define EXTERNAL_VARIABLE_IS_NULL(x) \ |
|
| 55 |
- ((x) != NULL ? (x)->type == EXTERNAL_VARIABLE_TYPE_NULL : TRUE) |
|
| 45 |
+/* From libyara/include/yara/types.h */ |
|
| 46 |
+#define DECLARE_REFERENCE(type, name) \ |
|
| 47 |
+ union { type name; int64_t name##_; }
|
|
| 56 | 48 |
|
| 57 |
-#define STRING_TFLAGS_FOUND 0x01 |
|
| 49 |
+#define META_TYPE_NULL 0 |
|
| 50 |
+#define META_TYPE_INTEGER 1 |
|
| 51 |
+#define META_TYPE_STRING 2 |
|
| 52 |
+#define META_TYPE_BOOLEAN 3 |
|
| 58 | 53 |
|
| 59 | 54 |
#define STRING_GFLAGS_REFERENCED 0x01 |
| 60 | 55 |
#define STRING_GFLAGS_HEXADECIMAL 0x02 |
| ... | ... |
@@ -145,10 +140,43 @@ limitations under the License. |
| 145 | 145 |
#define RULE_MATCHES(x) \ |
| 146 | 146 |
((x)->t_flags[yr_get_tidx()] & RULE_TFLAGS_MATCH) |
| 147 | 147 |
|
| 148 |
+#define EXTERNAL_VARIABLE_TYPE_NULL 0 |
|
| 149 |
+#define EXTERNAL_VARIABLE_TYPE_ANY 1 |
|
| 150 |
+#define EXTERNAL_VARIABLE_TYPE_INTEGER 2 |
|
| 151 |
+#define EXTERNAL_VARIABLE_TYPE_BOOLEAN 3 |
|
| 152 |
+#define EXTERNAL_VARIABLE_TYPE_FIXED_STRING 4 |
|
| 153 |
+#define EXTERNAL_VARIABLE_TYPE_MALLOC_STRING 5 |
|
| 148 | 154 |
|
| 149 |
-#define DECLARE_REFERENCE(type, name) \ |
|
| 150 |
- union { type name; int64_t name##_; }
|
|
| 155 |
+#define EXTERNAL_VARIABLE_IS_NULL(x) \ |
|
| 156 |
+ ((x) != NULL ? (x)->type == EXTERNAL_VARIABLE_TYPE_NULL : TRUE) |
|
| 151 | 157 |
|
| 158 |
+#define OBJECT_COMMON_FIELDS \ |
|
| 159 |
+ int8_t type; \ |
|
| 160 |
+ const char* identifier; \ |
|
| 161 |
+ void* data; \ |
|
| 162 |
+ struct _YR_OBJECT* parent; |
|
| 163 |
+ |
|
| 164 |
+ |
|
| 165 |
+typedef struct _YR_OBJECT |
|
| 166 |
+{
|
|
| 167 |
+ OBJECT_COMMON_FIELDS |
|
| 168 |
+ |
|
| 169 |
+} YR_OBJECT; |
|
| 170 |
+ |
|
| 171 |
+typedef struct _YR_OBJECT_FUNCTION |
|
| 172 |
+{
|
|
| 173 |
+ OBJECT_COMMON_FIELDS |
|
| 174 |
+ |
|
| 175 |
+ const char* arguments_fmt; |
|
| 176 |
+ |
|
| 177 |
+ YR_OBJECT* return_obj; |
|
| 178 |
+#if REAL_YARA |
|
| 179 |
+ YR_MODULE_FUNC code; |
|
| 180 |
+#endif |
|
| 181 |
+ |
|
| 182 |
+} YR_OBJECT_FUNCTION; |
|
| 183 |
+ |
|
| 184 |
+/* From libyara/include/yara/sizedstr.h */ |
|
| 152 | 185 |
#define SIZED_STRING_FLAGS_NO_CASE 1 |
| 153 | 186 |
#define SIZED_STRING_FLAGS_DOT_ALL 2 |
| 154 | 187 |
|
| ... | ... |
@@ -216,6 +244,68 @@ typedef struct _SIZED_STRING |
| 216 | 216 |
#define RE_FLAGS_DOT_ALL 0x80 |
| 217 | 217 |
#define RE_FLAGS_NOT_AT_START 0x100 |
| 218 | 218 |
|
| 219 |
+/* From libyara/include/yara/exec.h */ |
|
| 220 |
+ |
|
| 221 |
+#define UNDEFINED 0xFFFABADAFABADAFFLL |
|
| 222 |
+#define IS_UNDEFINED(x) ((x) == UNDEFINED) |
|
| 223 |
+ |
|
| 224 |
+#define OP_HALT 255 |
|
| 225 |
+ |
|
| 226 |
+#define OP_AND 1 |
|
| 227 |
+#define OP_OR 2 |
|
| 228 |
+#define OP_XOR 3 |
|
| 229 |
+#define OP_NOT 4 |
|
| 230 |
+#define OP_LT 5 |
|
| 231 |
+#define OP_GT 6 |
|
| 232 |
+#define OP_LE 7 |
|
| 233 |
+#define OP_GE 8 |
|
| 234 |
+#define OP_EQ 9 |
|
| 235 |
+#define OP_NEQ 10 |
|
| 236 |
+#define OP_SZ_EQ 11 |
|
| 237 |
+#define OP_SZ_NEQ 12 |
|
| 238 |
+#define OP_SZ_TO_BOOL 13 |
|
| 239 |
+#define OP_ADD 14 |
|
| 240 |
+#define OP_SUB 15 |
|
| 241 |
+#define OP_MUL 16 |
|
| 242 |
+#define OP_DIV 17 |
|
| 243 |
+#define OP_MOD 18 |
|
| 244 |
+#define OP_NEG 19 |
|
| 245 |
+#define OP_SHL 20 |
|
| 246 |
+#define OP_SHR 21 |
|
| 247 |
+#define OP_PUSH 22 |
|
| 248 |
+#define OP_POP 23 |
|
| 249 |
+#define OP_CALL 24 |
|
| 250 |
+#define OP_OBJ_LOAD 25 |
|
| 251 |
+#define OP_OBJ_VALUE 26 |
|
| 252 |
+#define OP_OBJ_FIELD 27 |
|
| 253 |
+#define OP_INDEX_ARRAY 28 |
|
| 254 |
+#define OP_STR_COUNT 29 |
|
| 255 |
+#define OP_STR_FOUND 30 |
|
| 256 |
+#define OP_STR_FOUND_AT 31 |
|
| 257 |
+#define OP_STR_FOUND_IN 32 |
|
| 258 |
+#define OP_STR_OFFSET 33 |
|
| 259 |
+#define OP_OF 34 |
|
| 260 |
+#define OP_PUSH_RULE 35 |
|
| 261 |
+#define OP_MATCH_RULE 36 |
|
| 262 |
+#define OP_INCR_M 37 |
|
| 263 |
+#define OP_CLEAR_M 38 |
|
| 264 |
+#define OP_ADD_M 39 |
|
| 265 |
+#define OP_POP_M 40 |
|
| 266 |
+#define OP_PUSH_M 41 |
|
| 267 |
+#define OP_SWAPUNDEF 42 |
|
| 268 |
+#define OP_JNUNDEF 43 |
|
| 269 |
+#define OP_JLE 44 |
|
| 270 |
+#define OP_FILESIZE 45 |
|
| 271 |
+#define OP_ENTRYPOINT 46 |
|
| 272 |
+#define OP_INT8 47 |
|
| 273 |
+#define OP_INT16 48 |
|
| 274 |
+#define OP_INT32 49 |
|
| 275 |
+#define OP_UINT8 50 |
|
| 276 |
+#define OP_UINT16 51 |
|
| 277 |
+#define OP_UINT32 52 |
|
| 278 |
+#define OP_CONTAINS 53 |
|
| 279 |
+#define OP_MATCHES 54 |
|
| 280 |
+#define OP_IMPORT 55 |
|
| 219 | 281 |
|
| 220 | 282 |
/* |
| 221 | 283 |
typedef struct _YR_MATCH |
| ... | ... |
@@ -283,8 +373,7 @@ typedef struct _YR_EXTERNAL_VARIABLE |
| 283 | 283 |
} YR_EXTERNAL_VARIABLE; |
| 284 | 284 |
|
| 285 | 285 |
|
| 286 |
-//from re.h: |
|
| 287 |
- |
|
| 286 |
+/* From libyara/include/yara/exec.h */ |
|
| 288 | 287 |
typedef struct RE RE; |
| 289 | 288 |
typedef struct RE_NODE RE_NODE; |
| 290 | 289 |
|
| ... | ... |
@@ -324,14 +413,44 @@ struct RE {
|
| 324 | 324 |
int error_code; |
| 325 | 325 |
}; |
| 326 | 326 |
|
| 327 |
-//misc |
|
| 328 | 327 |
|
| 328 |
+/* From libyara/include/yara/compiler.h */ |
|
| 329 |
+#define yr_compiler_set_error_extra_info(compiler, info) \ |
|
| 330 |
+ strlcpy( \ |
|
| 331 |
+ compiler->last_error_extra_info, \ |
|
| 332 |
+ info, \ |
|
| 333 |
+ sizeof(compiler->last_error_extra_info)); |
|
| 334 |
+ |
|
| 335 |
+/* From libyara/include/yara/limits.h */ |
|
| 336 |
+#define MAX_COMPILER_ERROR_EXTRA_INFO 256 |
|
| 337 |
+#define MAX_FUNCTION_ARGS 128 |
|
| 338 |
+#define LOOP_LOCAL_VARS 4 |
|
| 339 |
+#define LEX_BUF_SIZE 1024 |
|
| 340 |
+ |
|
| 341 |
+ |
|
| 342 |
+/* From libyara/include/yara/object.h */ |
|
| 343 |
+#define OBJECT_TYPE_INTEGER 1 |
|
| 344 |
+#define OBJECT_TYPE_STRING 2 |
|
| 345 |
+#define OBJECT_TYPE_STRUCTURE 3 |
|
| 346 |
+#define OBJECT_TYPE_ARRAY 4 |
|
| 347 |
+#define OBJECT_TYPE_FUNCTION 5 |
|
| 348 |
+#define OBJECT_TYPE_REGEXP 6 |
|
| 349 |
+ |
|
| 350 |
+/* From libyara/include/yara/utils.h */ |
|
| 351 |
+#define PTR_TO_UINT64(x) ((uint64_t) (size_t) x) |
|
| 352 |
+ |
|
| 353 |
+/* YARA to ClamAV function mappings */ |
|
| 329 | 354 |
#define yr_strdup cli_strdup |
| 330 | 355 |
#define yr_malloc cli_malloc |
| 331 | 356 |
#define yr_free free |
| 332 | 357 |
#define xtoi cli_hex2num |
| 333 | 358 |
#define strlcpy cli_strlcpy |
| 359 |
+#ifndef HAVE_STRLCAT |
|
| 360 |
+/* below is danger-defeats the purpose of strlcat. we need a cli_strlcat for this ... */ |
|
| 361 |
+#define strlcat(d, s, l) strcat((d), (s)) |
|
| 362 |
+#endif |
|
| 334 | 363 |
|
| 364 |
+/* YARA-defined structure replacements for ClamAV */ |
|
| 335 | 365 |
struct _yc_rule {
|
| 336 | 366 |
STAILQ_ENTRY(_yc_rule) link; |
| 337 | 367 |
STAILQ_HEAD(sq, _yc_string) strings; |
| ... | ... |
@@ -349,12 +468,17 @@ typedef struct _yc_string {
|
| 349 | 349 |
} yc_string; |
| 350 | 350 |
|
| 351 | 351 |
typedef struct _yc_compiler {
|
| 352 |
- char lex_buf[LEX_BUF_SIZE]; |
|
| 353 |
- char* lex_buf_ptr; |
|
| 354 |
- unsigned short lex_buf_len; |
|
| 355 |
- int last_result; |
|
| 356 |
- STAILQ_HEAD(rq, _yc_rule) rules; |
|
| 357 |
- STAILQ_HEAD(cs, _yc_string) current_rule_strings; |
|
| 352 |
+ char lex_buf[LEX_BUF_SIZE]; |
|
| 353 |
+ char* lex_buf_ptr; |
|
| 354 |
+ unsigned short lex_buf_len; |
|
| 355 |
+ int last_result; |
|
| 356 |
+ char last_error_extra_info[MAX_COMPILER_ERROR_EXTRA_INFO]; |
|
| 357 |
+ |
|
| 358 |
+ int loop_depth; |
|
| 359 |
+ |
|
| 360 |
+ char * error_msg; |
|
| 361 |
+ STAILQ_HEAD(rq, _yc_rule) rules; |
|
| 362 |
+ STAILQ_HEAD(cs, _yc_string) current_rule_strings; |
|
| 358 | 363 |
} yc_compiler; |
| 359 | 364 |
|
| 360 | 365 |
typedef yc_compiler YR_COMPILER; |
| ... | ... |
@@ -82,7 +82,6 @@ limitations under the License. |
| 82 | 82 |
YYERROR; \ |
| 83 | 83 |
} \ |
| 84 | 84 |
|
| 85 |
- |
|
| 86 | 85 |
#define CHECK_TYPE_WITH_CLEANUP(actual_type, expected_type, op, cleanup) \ |
| 87 | 86 |
if (actual_type != expected_type) \ |
| 88 | 87 |
{ \
|
| ... | ... |
@@ -218,7 +217,7 @@ limitations under the License. |
| 218 | 218 |
int64_t integer; |
| 219 | 219 |
YR_STRING* string; |
| 220 | 220 |
YR_META* meta; |
| 221 |
- // YR_OBJECT* object; |
|
| 221 |
+ YR_OBJECT* object; |
|
| 222 | 222 |
} |
| 223 | 223 |
|
| 224 | 224 |
|
| ... | ... |
@@ -236,13 +235,11 @@ rules |
| 236 | 236 |
import |
| 237 | 237 |
: _IMPORT_ _TEXT_STRING_ |
| 238 | 238 |
{
|
| 239 |
-#ifdef REAL_YARA |
|
| 240 | 239 |
int result = yr_parser_reduce_import(yyscanner, $2); |
| 241 | 240 |
|
| 242 | 241 |
yr_free($2); |
| 243 | 242 |
|
| 244 | 243 |
ERROR_IF(result != ERROR_SUCCESS); |
| 245 |
-#endif |
|
| 246 | 244 |
} |
| 247 | 245 |
; |
| 248 | 246 |
|
| ... | ... |
@@ -290,10 +287,10 @@ meta |
| 290 | 290 |
sizeof(YR_META), |
| 291 | 291 |
NULL); |
| 292 | 292 |
|
| 293 |
+#endif |
|
| 293 | 294 |
$$ = $3; |
| 294 | 295 |
|
| 295 | 296 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 296 |
-#endif |
|
| 297 | 297 |
} |
| 298 | 298 |
; |
| 299 | 299 |
|
| ... | ... |
@@ -301,8 +298,8 @@ meta |
| 301 | 301 |
strings |
| 302 | 302 |
: /* empty */ |
| 303 | 303 |
{
|
| 304 |
-#ifdef REAL_YARA |
|
| 305 | 304 |
$$ = NULL; |
| 305 |
+#ifdef REAL_YARA |
|
| 306 | 306 |
compiler->current_rule_strings = $$; |
| 307 | 307 |
#endif |
| 308 | 308 |
} |
| ... | ... |
@@ -329,8 +326,8 @@ strings |
| 329 | 329 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 330 | 330 |
|
| 331 | 331 |
compiler->current_rule_strings = $3; |
| 332 |
- $$ = $3; |
|
| 333 | 332 |
#endif |
| 333 |
+ $$ = $3; |
|
| 334 | 334 |
} |
| 335 | 335 |
; |
| 336 | 336 |
|
| ... | ... |
@@ -355,9 +352,7 @@ rule_modifier |
| 355 | 355 |
tags |
| 356 | 356 |
: /* empty */ |
| 357 | 357 |
{
|
| 358 |
-#ifdef REAL_YARA |
|
| 359 | 358 |
$$ = NULL; |
| 360 |
-#endif |
|
| 361 | 359 |
} |
| 362 | 360 |
| ':' tag_list |
| 363 | 361 |
{
|
| ... | ... |
@@ -371,9 +366,9 @@ tags |
| 371 | 371 |
yyget_extra(yyscanner)->sz_arena, "", NULL); |
| 372 | 372 |
|
| 373 | 373 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 374 |
+#endif |
|
| 374 | 375 |
|
| 375 | 376 |
$$ = $2; |
| 376 |
-#endif |
|
| 377 | 377 |
} |
| 378 | 378 |
; |
| 379 | 379 |
|
| ... | ... |
@@ -387,10 +382,12 @@ tag_list |
| 387 | 387 |
compiler->last_result = yr_arena_write_string( |
| 388 | 388 |
yyget_extra(yyscanner)->sz_arena, $1, &identifier); |
| 389 | 389 |
|
| 390 |
+#endif |
|
| 390 | 391 |
yr_free($1); |
| 391 | 392 |
|
| 392 | 393 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 393 | 394 |
|
| 395 |
+#ifdef REAL_YARA |
|
| 394 | 396 |
$$ = identifier; |
| 395 | 397 |
#endif |
| 396 | 398 |
} |
| ... | ... |
@@ -421,12 +418,12 @@ tag_list |
| 421 | 421 |
compiler->last_result = yr_arena_write_string( |
| 422 | 422 |
yyget_extra(yyscanner)->sz_arena, $2, NULL); |
| 423 | 423 |
|
| 424 |
+#endif |
|
| 424 | 425 |
yr_free($2); |
| 425 | 426 |
|
| 426 | 427 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 427 | 428 |
|
| 428 | 429 |
$$ = $1; |
| 429 |
-#endif |
|
| 430 | 430 |
} |
| 431 | 431 |
; |
| 432 | 432 |
|
| ... | ... |
@@ -441,7 +438,6 @@ meta_declarations |
| 441 | 441 |
meta_declaration |
| 442 | 442 |
: _IDENTIFIER_ '=' _TEXT_STRING_ |
| 443 | 443 |
{
|
| 444 |
-#ifdef REAL_YARA |
|
| 445 | 444 |
SIZED_STRING* sized_string = $3; |
| 446 | 445 |
|
| 447 | 446 |
$$ = yr_parser_reduce_meta_declaration( |
| ... | ... |
@@ -455,11 +451,9 @@ meta_declaration |
| 455 | 455 |
yr_free($3); |
| 456 | 456 |
|
| 457 | 457 |
ERROR_IF($$ == NULL); |
| 458 |
-#endif |
|
| 459 | 458 |
} |
| 460 | 459 |
| _IDENTIFIER_ '=' _NUMBER_ |
| 461 | 460 |
{
|
| 462 |
-#ifdef REAL_YARA |
|
| 463 | 461 |
$$ = yr_parser_reduce_meta_declaration( |
| 464 | 462 |
yyscanner, |
| 465 | 463 |
META_TYPE_INTEGER, |
| ... | ... |
@@ -470,11 +464,9 @@ meta_declaration |
| 470 | 470 |
yr_free($1); |
| 471 | 471 |
|
| 472 | 472 |
ERROR_IF($$ == NULL); |
| 473 |
-#endif |
|
| 474 | 473 |
} |
| 475 | 474 |
| _IDENTIFIER_ '=' _TRUE_ |
| 476 | 475 |
{
|
| 477 |
-#ifdef REAL_YARA |
|
| 478 | 476 |
$$ = yr_parser_reduce_meta_declaration( |
| 479 | 477 |
yyscanner, |
| 480 | 478 |
META_TYPE_BOOLEAN, |
| ... | ... |
@@ -485,11 +477,9 @@ meta_declaration |
| 485 | 485 |
yr_free($1); |
| 486 | 486 |
|
| 487 | 487 |
ERROR_IF($$ == NULL); |
| 488 |
-#endif |
|
| 489 | 488 |
} |
| 490 | 489 |
| _IDENTIFIER_ '=' _FALSE_ |
| 491 | 490 |
{
|
| 492 |
-#ifdef REAL_YARA |
|
| 493 | 491 |
$$ = yr_parser_reduce_meta_declaration( |
| 494 | 492 |
yyscanner, |
| 495 | 493 |
META_TYPE_BOOLEAN, |
| ... | ... |
@@ -500,7 +490,6 @@ meta_declaration |
| 500 | 500 |
yr_free($1); |
| 501 | 501 |
|
| 502 | 502 |
ERROR_IF($$ == NULL); |
| 503 |
-#endif |
|
| 504 | 503 |
} |
| 505 | 504 |
; |
| 506 | 505 |
|
| ... | ... |
@@ -577,7 +566,7 @@ string_modifier |
| 577 | 577 |
identifier |
| 578 | 578 |
: _IDENTIFIER_ |
| 579 | 579 |
{
|
| 580 |
-#ifdef REAL_YARA |
|
| 580 |
+ //#ifdef REAL_YARA |
|
| 581 | 581 |
YR_OBJECT* object = NULL; |
| 582 | 582 |
YR_RULE* rule; |
| 583 | 583 |
|
| ... | ... |
@@ -602,25 +591,28 @@ identifier |
| 602 | 602 |
{
|
| 603 | 603 |
// Search for identifier within the global namespace, where the |
| 604 | 604 |
// externals variables reside. |
| 605 |
- |
|
| 605 |
+#if REAL_YARA |
|
| 606 | 606 |
object = (YR_OBJECT*) yr_hash_table_lookup( |
| 607 | 607 |
compiler->objects_table, |
| 608 | 608 |
$1, |
| 609 | 609 |
NULL); |
| 610 |
- |
|
| 610 |
+#endif |
|
| 611 | 611 |
if (object == NULL) |
| 612 | 612 |
{
|
| 613 | 613 |
// If not found, search within the current namespace. |
| 614 | 614 |
|
| 615 |
+#if REAL_YARA |
|
| 615 | 616 |
ns = compiler->current_namespace->name; |
| 616 | 617 |
object = (YR_OBJECT*) yr_hash_table_lookup( |
| 617 | 618 |
compiler->objects_table, |
| 618 | 619 |
$1, |
| 619 | 620 |
ns); |
| 621 |
+#endif |
|
| 620 | 622 |
} |
| 621 | 623 |
|
| 622 | 624 |
if (object != NULL) |
| 623 | 625 |
{
|
| 626 |
+#if REAL_YARA |
|
| 624 | 627 |
compiler->last_result = yr_arena_write_string( |
| 625 | 628 |
compiler->sz_arena, |
| 626 | 629 |
$1, |
| ... | ... |
@@ -632,12 +624,14 @@ identifier |
| 632 | 632 |
OP_OBJ_LOAD, |
| 633 | 633 |
PTR_TO_UINT64(id), |
| 634 | 634 |
NULL); |
| 635 |
+#endif |
|
| 635 | 636 |
|
| 636 | 637 |
$$ = object; |
| 637 | 638 |
} |
| 638 | 639 |
else |
| 639 | 640 |
{
|
| 640 |
- rule = (YR_RULE*) yr_hash_table_lookup( |
|
| 641 |
+ #if REAL_YARA |
|
| 642 |
+ rule = (YR_RULE*) yr_hash_table_lookup( |
|
| 641 | 643 |
compiler->rules_table, |
| 642 | 644 |
$1, |
| 643 | 645 |
compiler->current_namespace->name); |
| ... | ... |
@@ -655,6 +649,7 @@ identifier |
| 655 | 655 |
yr_compiler_set_error_extra_info(compiler, $1); |
| 656 | 656 |
compiler->last_result = ERROR_UNDEFINED_IDENTIFIER; |
| 657 | 657 |
} |
| 658 |
+#endif |
|
| 658 | 659 |
|
| 659 | 660 |
$$ = (YR_OBJECT*) -2; |
| 660 | 661 |
} |
| ... | ... |
@@ -663,7 +658,7 @@ identifier |
| 663 | 663 |
yr_free($1); |
| 664 | 664 |
|
| 665 | 665 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 666 |
-#endif |
|
| 666 |
+ //#endif |
|
| 667 | 667 |
} |
| 668 | 668 |
| identifier '.' _IDENTIFIER_ |
| 669 | 669 |
{
|
| ... | ... |
@@ -784,13 +779,10 @@ identifier |
| 784 | 784 |
arguments_list |
| 785 | 785 |
: /* empty */ |
| 786 | 786 |
{
|
| 787 |
-#ifdef REAL_YARA |
|
| 788 | 787 |
$$ = yr_strdup("");
|
| 789 |
-#endif |
|
| 790 | 788 |
} |
| 791 | 789 |
| expression |
| 792 | 790 |
{
|
| 793 |
-#ifdef REAL_YARA |
|
| 794 | 791 |
$$ = yr_malloc(MAX_FUNCTION_ARGS + 1); |
| 795 | 792 |
|
| 796 | 793 |
switch($1) |
| ... | ... |
@@ -810,11 +802,9 @@ arguments_list |
| 810 | 810 |
} |
| 811 | 811 |
|
| 812 | 812 |
ERROR_IF($$ == NULL); |
| 813 |
-#endif |
|
| 814 | 813 |
} |
| 815 | 814 |
| arguments_list ',' expression |
| 816 | 815 |
{
|
| 817 |
-#ifdef REAL_YARA |
|
| 818 | 816 |
if (strlen($1) == MAX_FUNCTION_ARGS) |
| 819 | 817 |
{
|
| 820 | 818 |
compiler->last_result = ERROR_TOO_MANY_ARGUMENTS; |
| ... | ... |
@@ -841,7 +831,6 @@ arguments_list |
| 841 | 841 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 842 | 842 |
|
| 843 | 843 |
$$ = $1; |
| 844 |
-#endif |
|
| 845 | 844 |
} |
| 846 | 845 |
; |
| 847 | 846 |
|
| ... | ... |
@@ -886,9 +875,9 @@ regexp |
| 886 | 886 |
yr_re_destroy(re); |
| 887 | 887 |
|
| 888 | 888 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 889 |
+#endif |
|
| 889 | 890 |
|
| 890 | 891 |
$$ = EXPRESSION_TYPE_REGEXP; |
| 891 |
-#endif |
|
| 892 | 892 |
} |
| 893 | 893 |
; |
| 894 | 894 |
|
| ... | ... |
@@ -896,7 +885,6 @@ regexp |
| 896 | 896 |
boolean_expression |
| 897 | 897 |
: expression |
| 898 | 898 |
{
|
| 899 |
-#ifdef REAL_YARA |
|
| 900 | 899 |
if ($1 == EXPRESSION_TYPE_STRING) |
| 901 | 900 |
{
|
| 902 | 901 |
compiler->last_result = yr_parser_emit( |
| ... | ... |
@@ -909,36 +897,30 @@ boolean_expression |
| 909 | 909 |
|
| 910 | 910 |
|
| 911 | 911 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 912 |
-#endif |
|
| 913 | 912 |
} |
| 914 | 913 |
; |
| 915 | 914 |
|
| 916 | 915 |
expression |
| 917 | 916 |
: _TRUE_ |
| 918 | 917 |
{
|
| 919 |
-#ifdef REAL_YARA |
|
| 920 | 918 |
compiler->last_result = yr_parser_emit_with_arg( |
| 921 | 919 |
yyscanner, OP_PUSH, 1, NULL); |
| 922 | 920 |
|
| 923 | 921 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 924 | 922 |
|
| 925 | 923 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 926 |
-#endif |
|
| 927 | 924 |
} |
| 928 | 925 |
| _FALSE_ |
| 929 | 926 |
{
|
| 930 |
-#ifdef REAL_YARA |
|
| 931 | 927 |
compiler->last_result = yr_parser_emit_with_arg( |
| 932 | 928 |
yyscanner, OP_PUSH, 0, NULL); |
| 933 | 929 |
|
| 934 | 930 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 935 | 931 |
|
| 936 | 932 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 937 |
-#endif |
|
| 938 | 933 |
} |
| 939 | 934 |
| primary_expression _MATCHES_ regexp |
| 940 | 935 |
{
|
| 941 |
-#ifdef REAL_YARA |
|
| 942 | 936 |
CHECK_TYPE($1, EXPRESSION_TYPE_STRING, "matches"); |
| 943 | 937 |
CHECK_TYPE($3, EXPRESSION_TYPE_REGEXP, "matches"); |
| 944 | 938 |
|
| ... | ... |
@@ -951,11 +933,9 @@ expression |
| 951 | 951 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 952 | 952 |
|
| 953 | 953 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 954 |
-#endif |
|
| 955 | 954 |
} |
| 956 | 955 |
| primary_expression _CONTAINS_ primary_expression |
| 957 | 956 |
{
|
| 958 |
-#ifdef REAL_YARA |
|
| 959 | 957 |
CHECK_TYPE($1, EXPRESSION_TYPE_STRING, "contains"); |
| 960 | 958 |
CHECK_TYPE($3, EXPRESSION_TYPE_STRING, "contains"); |
| 961 | 959 |
|
| ... | ... |
@@ -967,11 +947,9 @@ expression |
| 967 | 967 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 968 | 968 |
|
| 969 | 969 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 970 |
-#endif |
|
| 971 | 970 |
} |
| 972 | 971 |
| _STRING_IDENTIFIER_ |
| 973 | 972 |
{
|
| 974 |
-#ifdef REAL_YARA |
|
| 975 | 973 |
int result = yr_parser_reduce_string_identifier( |
| 976 | 974 |
yyscanner, |
| 977 | 975 |
$1, |
| ... | ... |
@@ -982,11 +960,9 @@ expression |
| 982 | 982 |
ERROR_IF(result != ERROR_SUCCESS); |
| 983 | 983 |
|
| 984 | 984 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 985 |
-#endif |
|
| 986 | 985 |
} |
| 987 | 986 |
| _STRING_IDENTIFIER_ _AT_ primary_expression |
| 988 | 987 |
{
|
| 989 |
-#ifdef REAL_YARA |
|
| 990 | 988 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "at"); |
| 991 | 989 |
|
| 992 | 990 |
compiler->last_result = yr_parser_reduce_string_identifier( |
| ... | ... |
@@ -999,11 +975,9 @@ expression |
| 999 | 999 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1000 | 1000 |
|
| 1001 | 1001 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1002 |
-#endif |
|
| 1003 | 1002 |
} |
| 1004 | 1003 |
| _STRING_IDENTIFIER_ _IN_ range |
| 1005 | 1004 |
{
|
| 1006 |
-#ifdef REAL_YARA |
|
| 1007 | 1005 |
compiler->last_result = yr_parser_reduce_string_identifier( |
| 1008 | 1006 |
yyscanner, |
| 1009 | 1007 |
$1, |
| ... | ... |
@@ -1014,7 +988,6 @@ expression |
| 1014 | 1014 |
ERROR_IF(compiler->last_result!= ERROR_SUCCESS); |
| 1015 | 1015 |
|
| 1016 | 1016 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1017 |
-#endif |
|
| 1018 | 1017 |
} |
| 1019 | 1018 |
| _FOR_ for_expression _IDENTIFIER_ _IN_ |
| 1020 | 1019 |
{
|
| ... | ... |
@@ -1040,7 +1013,7 @@ expression |
| 1040 | 1040 |
compiler->last_result = \ |
| 1041 | 1041 |
ERROR_DUPLICATE_LOOP_IDENTIFIER; |
| 1042 | 1042 |
} |
| 1043 |
- |
|
| 1043 |
+#endif |
|
| 1044 | 1044 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1045 | 1045 |
|
| 1046 | 1046 |
// Push end-of-list marker |
| ... | ... |
@@ -1055,6 +1028,7 @@ expression |
| 1055 | 1055 |
integer_set ':' |
| 1056 | 1056 |
{
|
| 1057 | 1057 |
int mem_offset = LOOP_LOCAL_VARS * compiler->loop_depth; |
| 1058 |
+ |
|
| 1058 | 1059 |
int8_t* addr; |
| 1059 | 1060 |
|
| 1060 | 1061 |
// Clear counter for number of expressions evaluating |
| ... | ... |
@@ -1082,10 +1056,11 @@ expression |
| 1082 | 1082 |
yr_parser_emit_with_arg( |
| 1083 | 1083 |
yyscanner, OP_POP_M, mem_offset, NULL); |
| 1084 | 1084 |
} |
| 1085 |
- |
|
| 1085 |
+#ifdef REAL_YARA |
|
| 1086 | 1086 |
compiler->loop_address[compiler->loop_depth] = addr; |
| 1087 | 1087 |
compiler->loop_identifier[compiler->loop_depth] = $3; |
| 1088 | 1088 |
compiler->loop_depth++; |
| 1089 |
+#endif |
|
| 1089 | 1090 |
} |
| 1090 | 1091 |
'(' boolean_expression ')'
|
| 1091 | 1092 |
{
|
| ... | ... |
@@ -1110,8 +1085,12 @@ expression |
| 1110 | 1110 |
yr_parser_emit_with_arg_reloc( |
| 1111 | 1111 |
yyscanner, |
| 1112 | 1112 |
OP_JNUNDEF, |
| 1113 |
+#ifdef REAL_YARA |
|
| 1113 | 1114 |
PTR_TO_UINT64( |
| 1114 | 1115 |
compiler->loop_address[compiler->loop_depth]), |
| 1116 |
+#else |
|
| 1117 |
+ 0, |
|
| 1118 |
+#endif |
|
| 1115 | 1119 |
NULL); |
| 1116 | 1120 |
} |
| 1117 | 1121 |
else // INTEGER_SET_RANGE |
| ... | ... |
@@ -1128,6 +1107,7 @@ expression |
| 1128 | 1128 |
yr_parser_emit_with_arg( |
| 1129 | 1129 |
yyscanner, OP_PUSH_M, mem_offset + 3, NULL); |
| 1130 | 1130 |
|
| 1131 |
+#ifdef REAL_YARA |
|
| 1131 | 1132 |
// Compare higher bound with lower bound, do loop again |
| 1132 | 1133 |
// if lower bound is still lower or equal than higher bound |
| 1133 | 1134 |
yr_parser_emit_with_arg_reloc( |
| ... | ... |
@@ -1136,6 +1116,7 @@ expression |
| 1136 | 1136 |
PTR_TO_UINT64( |
| 1137 | 1137 |
compiler->loop_address[compiler->loop_depth]), |
| 1138 | 1138 |
NULL); |
| 1139 |
+#endif |
|
| 1139 | 1140 |
|
| 1140 | 1141 |
yr_parser_emit(yyscanner, OP_POP, NULL); |
| 1141 | 1142 |
yr_parser_emit(yyscanner, OP_POP, NULL); |
| ... | ... |
@@ -1158,11 +1139,12 @@ expression |
| 1158 | 1158 |
|
| 1159 | 1159 |
yr_parser_emit(yyscanner, OP_LE, NULL); |
| 1160 | 1160 |
|
| 1161 |
+#ifdef REAL_YARA |
|
| 1161 | 1162 |
compiler->loop_identifier[compiler->loop_depth] = NULL; |
| 1163 |
+#endif |
|
| 1162 | 1164 |
yr_free($3); |
| 1163 | 1165 |
|
| 1164 | 1166 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1165 |
-#endif |
|
| 1166 | 1167 |
} |
| 1167 | 1168 |
| _FOR_ for_expression _OF_ string_set ':' |
| 1168 | 1169 |
{
|
| ... | ... |
@@ -1240,92 +1222,74 @@ expression |
| 1240 | 1240 |
yyscanner, OP_PUSH_M, mem_offset + 1, NULL); |
| 1241 | 1241 |
|
| 1242 | 1242 |
yr_parser_emit(yyscanner, OP_LE, NULL); |
| 1243 |
- |
|
| 1243 |
+#endif |
|
| 1244 | 1244 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1245 | 1245 |
|
| 1246 |
-#endif |
|
| 1247 | 1246 |
} |
| 1248 | 1247 |
| for_expression _OF_ string_set |
| 1249 | 1248 |
{
|
| 1250 |
-#ifdef REAL_YARA |
|
| 1251 | 1249 |
yr_parser_emit(yyscanner, OP_OF, NULL); |
| 1252 | 1250 |
|
| 1253 | 1251 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1254 |
-#endif |
|
| 1255 | 1252 |
} |
| 1256 | 1253 |
| _NOT_ boolean_expression |
| 1257 | 1254 |
{
|
| 1258 |
-#ifdef REAL_YARA |
|
| 1259 | 1255 |
yr_parser_emit(yyscanner, OP_NOT, NULL); |
| 1260 | 1256 |
|
| 1261 | 1257 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1262 |
-#endif |
|
| 1263 | 1258 |
} |
| 1264 | 1259 |
| boolean_expression _AND_ boolean_expression |
| 1265 | 1260 |
{
|
| 1266 |
-#ifdef REAL_YARA |
|
| 1267 | 1261 |
yr_parser_emit(yyscanner, OP_AND, NULL); |
| 1268 | 1262 |
|
| 1269 | 1263 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1270 |
-#endif |
|
| 1271 | 1264 |
} |
| 1272 | 1265 |
| boolean_expression _OR_ boolean_expression |
| 1273 | 1266 |
{
|
| 1274 |
-#ifdef REAL_YARA |
|
| 1275 | 1267 |
CHECK_TYPE($1, EXPRESSION_TYPE_BOOLEAN, "or"); |
| 1276 | 1268 |
|
| 1277 | 1269 |
yr_parser_emit(yyscanner, OP_OR, NULL); |
| 1278 | 1270 |
|
| 1279 | 1271 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1280 |
-#endif |
|
| 1281 | 1272 |
} |
| 1282 | 1273 |
| primary_expression _LT_ primary_expression |
| 1283 | 1274 |
{
|
| 1284 |
-#ifdef REAL_YARA |
|
| 1285 | 1275 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "<"); |
| 1286 | 1276 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "<"); |
| 1287 | 1277 |
|
| 1288 | 1278 |
yr_parser_emit(yyscanner, OP_LT, NULL); |
| 1289 | 1279 |
|
| 1290 | 1280 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1291 |
-#endif |
|
| 1292 | 1281 |
} |
| 1293 | 1282 |
| primary_expression _GT_ primary_expression |
| 1294 | 1283 |
{
|
| 1295 |
-#ifdef REAL_YARA |
|
| 1296 | 1284 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, ">"); |
| 1297 | 1285 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, ">"); |
| 1298 | 1286 |
|
| 1299 | 1287 |
yr_parser_emit(yyscanner, OP_GT, NULL); |
| 1300 | 1288 |
|
| 1301 | 1289 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1302 |
-#endif |
|
| 1303 | 1290 |
} |
| 1304 | 1291 |
| primary_expression _LE_ primary_expression |
| 1305 | 1292 |
{
|
| 1306 |
-#ifdef REAL_YARA |
|
| 1307 | 1293 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "<="); |
| 1308 | 1294 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "<="); |
| 1309 | 1295 |
|
| 1310 | 1296 |
yr_parser_emit(yyscanner, OP_LE, NULL); |
| 1311 | 1297 |
|
| 1312 | 1298 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1313 |
-#endif |
|
| 1314 | 1299 |
} |
| 1315 | 1300 |
| primary_expression _GE_ primary_expression |
| 1316 | 1301 |
{
|
| 1317 |
-#ifdef REAL_YARA |
|
| 1318 | 1302 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, ">="); |
| 1319 | 1303 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, ">="); |
| 1320 | 1304 |
|
| 1321 | 1305 |
yr_parser_emit(yyscanner, OP_GE, NULL); |
| 1322 | 1306 |
|
| 1323 | 1307 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1324 |
-#endif |
|
| 1325 | 1308 |
} |
| 1326 | 1309 |
| primary_expression _EQ_ primary_expression |
| 1327 | 1310 |
{
|
| 1328 |
-#ifdef REAL_YARA |
|
| 1329 | 1311 |
if ($1 != $3) |
| 1330 | 1312 |
{
|
| 1331 | 1313 |
yr_compiler_set_error_extra_info( |
| ... | ... |
@@ -1350,11 +1314,9 @@ expression |
| 1350 | 1350 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1351 | 1351 |
|
| 1352 | 1352 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1353 |
-#endif |
|
| 1354 | 1353 |
} |
| 1355 | 1354 |
| primary_expression _IS_ primary_expression |
| 1356 | 1355 |
{
|
| 1357 |
-#ifdef REAL_YARA |
|
| 1358 | 1356 |
if ($1 != $3) |
| 1359 | 1357 |
{
|
| 1360 | 1358 |
yr_compiler_set_error_extra_info( |
| ... | ... |
@@ -1379,11 +1341,9 @@ expression |
| 1379 | 1379 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1380 | 1380 |
|
| 1381 | 1381 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1382 |
-#endif |
|
| 1383 | 1382 |
} |
| 1384 | 1383 |
| primary_expression _NEQ_ primary_expression |
| 1385 | 1384 |
{
|
| 1386 |
-#ifdef REAL_YARA |
|
| 1387 | 1385 |
if ($1 != $3) |
| 1388 | 1386 |
{
|
| 1389 | 1387 |
yr_compiler_set_error_extra_info( |
| ... | ... |
@@ -1408,19 +1368,14 @@ expression |
| 1408 | 1408 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1409 | 1409 |
|
| 1410 | 1410 |
$$ = EXPRESSION_TYPE_BOOLEAN; |
| 1411 |
-#endif |
|
| 1412 | 1411 |
} |
| 1413 | 1412 |
| primary_expression |
| 1414 | 1413 |
{
|
| 1415 |
-#ifdef REAL_YARA |
|
| 1416 | 1414 |
$$ = $1; |
| 1417 |
-#endif |
|
| 1418 | 1415 |
} |
| 1419 | 1416 |
|'(' expression ')'
|
| 1420 | 1417 |
{
|
| 1421 |
-#ifdef REAL_YARA |
|
| 1422 | 1418 |
$$ = $2; |
| 1423 |
-#endif |
|
| 1424 | 1419 |
} |
| 1425 | 1420 |
; |
| 1426 | 1421 |
|
| ... | ... |
@@ -1434,7 +1389,6 @@ integer_set |
| 1434 | 1434 |
range |
| 1435 | 1435 |
: '(' primary_expression '.' '.' primary_expression ')'
|
| 1436 | 1436 |
{
|
| 1437 |
-#ifdef REAL_YARA |
|
| 1438 | 1437 |
if ($2 != EXPRESSION_TYPE_INTEGER) |
| 1439 | 1438 |
{
|
| 1440 | 1439 |
yr_compiler_set_error_extra_info( |
| ... | ... |
@@ -1450,7 +1404,6 @@ range |
| 1450 | 1450 |
} |
| 1451 | 1451 |
|
| 1452 | 1452 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1453 |
-#endif |
|
| 1454 | 1453 |
} |
| 1455 | 1454 |
; |
| 1456 | 1455 |
|
| ... | ... |
@@ -1458,7 +1411,6 @@ range |
| 1458 | 1458 |
integer_enumeration |
| 1459 | 1459 |
: primary_expression |
| 1460 | 1460 |
{
|
| 1461 |
-#ifdef REAL_YARA |
|
| 1462 | 1461 |
if ($1 != EXPRESSION_TYPE_INTEGER) |
| 1463 | 1462 |
{
|
| 1464 | 1463 |
yr_compiler_set_error_extra_info( |
| ... | ... |
@@ -1468,11 +1420,9 @@ integer_enumeration |
| 1468 | 1468 |
} |
| 1469 | 1469 |
|
| 1470 | 1470 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1471 |
-#endif |
|
| 1472 | 1471 |
} |
| 1473 | 1472 |
| integer_enumeration ',' primary_expression |
| 1474 | 1473 |
{
|
| 1475 |
-#ifdef REAL_YARA |
|
| 1476 | 1474 |
if ($3 != EXPRESSION_TYPE_INTEGER) |
| 1477 | 1475 |
{
|
| 1478 | 1476 |
yr_compiler_set_error_extra_info( |
| ... | ... |
@@ -1481,7 +1431,6 @@ integer_enumeration |
| 1481 | 1481 |
} |
| 1482 | 1482 |
|
| 1483 | 1483 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1484 |
-#endif |
|
| 1485 | 1484 |
} |
| 1486 | 1485 |
; |
| 1487 | 1486 |
|
| ... | ... |
@@ -1489,18 +1438,14 @@ integer_enumeration |
| 1489 | 1489 |
string_set |
| 1490 | 1490 |
: '('
|
| 1491 | 1491 |
{
|
| 1492 |
-#ifdef REAL_YARA |
|
| 1493 | 1492 |
// Push end-of-list marker |
| 1494 | 1493 |
yr_parser_emit_with_arg(yyscanner, OP_PUSH, UNDEFINED, NULL); |
| 1495 |
-#endif |
|
| 1496 | 1494 |
} |
| 1497 | 1495 |
string_enumeration ')' |
| 1498 | 1496 |
| _THEM_ |
| 1499 | 1497 |
{
|
| 1500 |
-#ifdef REAL_YARA |
|
| 1501 | 1498 |
yr_parser_emit_with_arg(yyscanner, OP_PUSH, UNDEFINED, NULL); |
| 1502 | 1499 |
yr_parser_emit_pushes_for_strings(yyscanner, "$*"); |
| 1503 |
-#endif |
|
| 1504 | 1500 |
} |
| 1505 | 1501 |
; |
| 1506 | 1502 |
|
| ... | ... |
@@ -1514,17 +1459,13 @@ string_enumeration |
| 1514 | 1514 |
string_enumeration_item |
| 1515 | 1515 |
: _STRING_IDENTIFIER_ |
| 1516 | 1516 |
{
|
| 1517 |
-#ifdef REAL_YARA |
|
| 1518 | 1517 |
yr_parser_emit_pushes_for_strings(yyscanner, $1); |
| 1519 | 1518 |
yr_free($1); |
| 1520 |
-#endif |
|
| 1521 | 1519 |
} |
| 1522 | 1520 |
| _STRING_IDENTIFIER_WITH_WILDCARD_ |
| 1523 | 1521 |
{
|
| 1524 |
-#ifdef REAL_YARA |
|
| 1525 | 1522 |
yr_parser_emit_pushes_for_strings(yyscanner, $1); |
| 1526 | 1523 |
yr_free($1); |
| 1527 |
-#endif |
|
| 1528 | 1524 |
} |
| 1529 | 1525 |
; |
| 1530 | 1526 |
|
| ... | ... |
@@ -1533,15 +1474,11 @@ for_expression |
| 1533 | 1533 |
: primary_expression |
| 1534 | 1534 |
| _ALL_ |
| 1535 | 1535 |
{
|
| 1536 |
-#ifdef REAL_YARA |
|
| 1537 | 1536 |
yr_parser_emit_with_arg(yyscanner, OP_PUSH, UNDEFINED, NULL); |
| 1538 |
-#endif |
|
| 1539 | 1537 |
} |
| 1540 | 1538 |
| _ANY_ |
| 1541 | 1539 |
{
|
| 1542 |
-#ifdef REAL_YARA |
|
| 1543 | 1540 |
yr_parser_emit_with_arg(yyscanner, OP_PUSH, 1, NULL); |
| 1544 |
-#endif |
|
| 1545 | 1541 |
} |
| 1546 | 1542 |
; |
| 1547 | 1543 |
|
| ... | ... |
@@ -1549,24 +1486,19 @@ for_expression |
| 1549 | 1549 |
primary_expression |
| 1550 | 1550 |
: '(' primary_expression ')'
|
| 1551 | 1551 |
{
|
| 1552 |
-#ifdef REAL_YARA |
|
| 1553 | 1552 |
$$ = $2; |
| 1554 |
-#endif |
|
| 1555 | 1553 |
} |
| 1556 | 1554 |
| _FILESIZE_ |
| 1557 | 1555 |
{
|
| 1558 |
-#ifdef REAL_YARA |
|
| 1559 | 1556 |
compiler->last_result = yr_parser_emit( |
| 1560 | 1557 |
yyscanner, OP_FILESIZE, NULL); |
| 1561 | 1558 |
|
| 1562 | 1559 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1563 | 1560 |
|
| 1564 | 1561 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1565 |
-#endif |
|
| 1566 | 1562 |
} |
| 1567 | 1563 |
| _ENTRYPOINT_ |
| 1568 | 1564 |
{
|
| 1569 |
-#ifdef REAL_YARA |
|
| 1570 | 1565 |
yywarning(yyscanner, |
| 1571 | 1566 |
"Using deprecated \"entrypoint\" keyword. Use the \"entry_point\" " "function from PE module instead."); |
| 1572 | 1567 |
|
| ... | ... |
@@ -1576,11 +1508,9 @@ primary_expression |
| 1576 | 1576 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1577 | 1577 |
|
| 1578 | 1578 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1579 |
-#endif |
|
| 1580 | 1579 |
} |
| 1581 | 1580 |
| _INT8_ '(' primary_expression ')'
|
| 1582 | 1581 |
{
|
| 1583 |
-#ifdef REAL_YARA |
|
| 1584 | 1582 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "int8"); |
| 1585 | 1583 |
|
| 1586 | 1584 |
compiler->last_result = yr_parser_emit( |
| ... | ... |
@@ -1589,11 +1519,9 @@ primary_expression |
| 1589 | 1589 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1590 | 1590 |
|
| 1591 | 1591 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1592 |
-#endif |
|
| 1593 | 1592 |
} |
| 1594 | 1593 |
| _INT16_ '(' primary_expression ')'
|
| 1595 | 1594 |
{
|
| 1596 |
-#ifdef REAL_YARA |
|
| 1597 | 1595 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "int16"); |
| 1598 | 1596 |
|
| 1599 | 1597 |
compiler->last_result = yr_parser_emit( |
| ... | ... |
@@ -1602,11 +1530,9 @@ primary_expression |
| 1602 | 1602 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1603 | 1603 |
|
| 1604 | 1604 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1605 |
-#endif |
|
| 1606 | 1605 |
} |
| 1607 | 1606 |
| _INT32_ '(' primary_expression ')'
|
| 1608 | 1607 |
{
|
| 1609 |
-#ifdef REAL_YARA |
|
| 1610 | 1608 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "int32"); |
| 1611 | 1609 |
|
| 1612 | 1610 |
compiler->last_result = yr_parser_emit( |
| ... | ... |
@@ -1615,11 +1541,9 @@ primary_expression |
| 1615 | 1615 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1616 | 1616 |
|
| 1617 | 1617 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1618 |
-#endif |
|
| 1619 | 1618 |
} |
| 1620 | 1619 |
| _UINT8_ '(' primary_expression ')'
|
| 1621 | 1620 |
{
|
| 1622 |
-#ifdef REAL_YARA |
|
| 1623 | 1621 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "uint8"); |
| 1624 | 1622 |
|
| 1625 | 1623 |
compiler->last_result = yr_parser_emit( |
| ... | ... |
@@ -1628,11 +1552,9 @@ primary_expression |
| 1628 | 1628 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1629 | 1629 |
|
| 1630 | 1630 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1631 |
-#endif |
|
| 1632 | 1631 |
} |
| 1633 | 1632 |
| _UINT16_ '(' primary_expression ')'
|
| 1634 | 1633 |
{
|
| 1635 |
-#ifdef REAL_YARA |
|
| 1636 | 1634 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "uint16"); |
| 1637 | 1635 |
|
| 1638 | 1636 |
compiler->last_result = yr_parser_emit( |
| ... | ... |
@@ -1641,11 +1563,9 @@ primary_expression |
| 1641 | 1641 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1642 | 1642 |
|
| 1643 | 1643 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1644 |
-#endif |
|
| 1645 | 1644 |
} |
| 1646 | 1645 |
| _UINT32_ '(' primary_expression ')'
|
| 1647 | 1646 |
{
|
| 1648 |
-#ifdef REAL_YARA |
|
| 1649 | 1647 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "uint32"); |
| 1650 | 1648 |
|
| 1651 | 1649 |
compiler->last_result = yr_parser_emit( |
| ... | ... |
@@ -1654,29 +1574,27 @@ primary_expression |
| 1654 | 1654 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1655 | 1655 |
|
| 1656 | 1656 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1657 |
-#endif |
|
| 1658 | 1657 |
} |
| 1659 | 1658 |
| _NUMBER_ |
| 1660 | 1659 |
{
|
| 1661 |
-#ifdef REAL_YARA |
|
| 1662 | 1660 |
compiler->last_result = yr_parser_emit_with_arg( |
| 1663 | 1661 |
yyscanner, OP_PUSH, $1, NULL); |
| 1664 | 1662 |
|
| 1665 | 1663 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1666 | 1664 |
|
| 1667 | 1665 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1668 |
-#endif |
|
| 1669 | 1666 |
} |
| 1670 | 1667 |
| _TEXT_STRING_ |
| 1671 | 1668 |
{
|
| 1672 |
-#ifdef REAL_YARA |
|
| 1673 | 1669 |
SIZED_STRING* sized_string = $1; |
| 1674 | 1670 |
char* string; |
| 1675 | 1671 |
|
| 1672 |
+#if REAL_YARA |
|
| 1676 | 1673 |
compiler->last_result = yr_arena_write_string( |
| 1677 | 1674 |
compiler->sz_arena, |
| 1678 | 1675 |
sized_string->c_string, |
| 1679 | 1676 |
&string); |
| 1677 |
+#endif |
|
| 1680 | 1678 |
|
| 1681 | 1679 |
yr_free($1); |
| 1682 | 1680 |
|
| ... | ... |
@@ -1690,11 +1608,9 @@ primary_expression |
| 1690 | 1690 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1691 | 1691 |
|
| 1692 | 1692 |
$$ = EXPRESSION_TYPE_STRING; |
| 1693 |
-#endif |
|
| 1694 | 1693 |
} |
| 1695 | 1694 |
| _STRING_COUNT_ |
| 1696 | 1695 |
{
|
| 1697 |
-#ifdef REAL_YARA |
|
| 1698 | 1696 |
compiler->last_result = yr_parser_reduce_string_identifier( |
| 1699 | 1697 |
yyscanner, |
| 1700 | 1698 |
$1, |
| ... | ... |
@@ -1705,11 +1621,9 @@ primary_expression |
| 1705 | 1705 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1706 | 1706 |
|
| 1707 | 1707 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1708 |
-#endif |
|
| 1709 | 1708 |
} |
| 1710 | 1709 |
| _STRING_OFFSET_ '[' primary_expression ']' |
| 1711 | 1710 |
{
|
| 1712 |
-#ifdef REAL_YARA |
|
| 1713 | 1711 |
compiler->last_result = yr_parser_reduce_string_identifier( |
| 1714 | 1712 |
yyscanner, |
| 1715 | 1713 |
$1, |
| ... | ... |
@@ -1720,11 +1634,9 @@ primary_expression |
| 1720 | 1720 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1721 | 1721 |
|
| 1722 | 1722 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1723 |
-#endif |
|
| 1724 | 1723 |
} |
| 1725 | 1724 |
| _STRING_OFFSET_ |
| 1726 | 1725 |
{
|
| 1727 |
-#ifdef REAL_YARA |
|
| 1728 | 1726 |
compiler->last_result = yr_parser_emit_with_arg( |
| 1729 | 1727 |
yyscanner, |
| 1730 | 1728 |
OP_PUSH, |
| ... | ... |
@@ -1742,11 +1654,9 @@ primary_expression |
| 1742 | 1742 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1743 | 1743 |
|
| 1744 | 1744 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1745 |
-#endif |
|
| 1746 | 1745 |
} |
| 1747 | 1746 |
| identifier |
| 1748 | 1747 |
{
|
| 1749 |
-#ifdef REAL_YARA |
|
| 1750 | 1748 |
if ($1 == (YR_OBJECT*) -1) // loop identifier |
| 1751 | 1749 |
{
|
| 1752 | 1750 |
$$ = EXPRESSION_TYPE_INTEGER; |
| ... | ... |
@@ -1779,133 +1689,108 @@ primary_expression |
| 1779 | 1779 |
} |
| 1780 | 1780 |
|
| 1781 | 1781 |
ERROR_IF(compiler->last_result != ERROR_SUCCESS); |
| 1782 |
-#endif |
|
| 1783 | 1782 |
} |
| 1784 | 1783 |
| primary_expression '+' primary_expression |
| 1785 | 1784 |
{
|
| 1786 |
-#ifdef REAL_YARA |
|
| 1787 | 1785 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "+"); |
| 1788 | 1786 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "+"); |
| 1789 | 1787 |
|
| 1790 | 1788 |
yr_parser_emit(yyscanner, OP_ADD, NULL); |
| 1791 | 1789 |
|
| 1792 | 1790 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1793 |
-#endif |
|
| 1794 | 1791 |
} |
| 1795 | 1792 |
| primary_expression '-' primary_expression |
| 1796 | 1793 |
{
|
| 1797 |
-#ifdef REAL_YARA |
|
| 1798 | 1794 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "-"); |
| 1799 | 1795 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "-"); |
| 1800 | 1796 |
|
| 1801 | 1797 |
yr_parser_emit(yyscanner, OP_SUB, NULL); |
| 1802 | 1798 |
|
| 1803 | 1799 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1804 |
-#endif |
|
| 1805 | 1800 |
} |
| 1806 | 1801 |
| primary_expression '*' primary_expression |
| 1807 | 1802 |
{
|
| 1808 |
-#ifdef REAL_YARA |
|
| 1809 | 1803 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "*"); |
| 1810 | 1804 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "*"); |
| 1811 | 1805 |
|
| 1812 | 1806 |
yr_parser_emit(yyscanner, OP_MUL, NULL); |
| 1813 | 1807 |
|
| 1814 | 1808 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1815 |
-#endif |
|
| 1816 | 1809 |
} |
| 1817 | 1810 |
| primary_expression '\\' primary_expression |
| 1818 | 1811 |
{
|
| 1819 |
-#ifdef REAL_YARA |
|
| 1820 | 1812 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "\\"); |
| 1821 | 1813 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "\\"); |
| 1822 | 1814 |
|
| 1823 | 1815 |
yr_parser_emit(yyscanner, OP_DIV, NULL); |
| 1824 | 1816 |
|
| 1825 | 1817 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1826 |
-#endif |
|
| 1827 | 1818 |
} |
| 1828 | 1819 |
| primary_expression '%' primary_expression |
| 1829 | 1820 |
{
|
| 1830 |
-#ifdef REAL_YARA |
|
| 1831 | 1821 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "%"); |
| 1832 | 1822 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "%"); |
| 1833 | 1823 |
|
| 1834 | 1824 |
yr_parser_emit(yyscanner, OP_MOD, NULL); |
| 1835 | 1825 |
|
| 1836 | 1826 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1837 |
-#endif |
|
| 1838 | 1827 |
} |
| 1839 | 1828 |
| primary_expression '^' primary_expression |
| 1840 | 1829 |
{
|
| 1841 |
-#ifdef REAL_YARA |
|
| 1842 | 1830 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "^"); |
| 1843 | 1831 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "^"); |
| 1844 | 1832 |
|
| 1845 | 1833 |
yr_parser_emit(yyscanner, OP_XOR, NULL); |
| 1846 | 1834 |
|
| 1847 | 1835 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1848 |
-#endif |
|
| 1849 | 1836 |
} |
| 1850 | 1837 |
| primary_expression '&' primary_expression |
| 1851 | 1838 |
{
|
| 1852 |
-#ifdef REAL_YARA |
|
| 1853 | 1839 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "^"); |
| 1854 | 1840 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "^"); |
| 1855 | 1841 |
|
| 1856 | 1842 |
yr_parser_emit(yyscanner, OP_AND, NULL); |
| 1857 | 1843 |
|
| 1858 | 1844 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1859 |
-#endif |
|
| 1860 | 1845 |
} |
| 1861 | 1846 |
| primary_expression '|' primary_expression |
| 1862 | 1847 |
{
|
| 1863 |
-#ifdef REAL_YARA |
|
| 1864 | 1848 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "|"); |
| 1865 | 1849 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "|"); |
| 1866 | 1850 |
|
| 1867 | 1851 |
yr_parser_emit(yyscanner, OP_OR, NULL); |
| 1868 | 1852 |
|
| 1869 | 1853 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1870 |
-#endif |
|
| 1871 | 1854 |
} |
| 1872 | 1855 |
| '~' primary_expression |
| 1873 | 1856 |
{
|
| 1874 |
-#ifdef REAL_YARA |
|
| 1875 | 1857 |
CHECK_TYPE($2, EXPRESSION_TYPE_INTEGER, "~"); |
| 1876 | 1858 |
|
| 1877 | 1859 |
yr_parser_emit(yyscanner, OP_NEG, NULL); |
| 1878 | 1860 |
|
| 1879 | 1861 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1880 |
-#endif |
|
| 1881 | 1862 |
} |
| 1882 | 1863 |
| primary_expression _SHIFT_LEFT_ primary_expression |
| 1883 | 1864 |
{
|
| 1884 |
-#ifdef REAL_YARA |
|
| 1885 | 1865 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "<<"); |
| 1886 | 1866 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "<<"); |
| 1887 | 1867 |
|
| 1888 | 1868 |
yr_parser_emit(yyscanner, OP_SHL, NULL); |
| 1889 | 1869 |
|
| 1890 | 1870 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1891 |
-#endif |
|
| 1892 | 1871 |
} |
| 1893 | 1872 |
| primary_expression _SHIFT_RIGHT_ primary_expression |
| 1894 | 1873 |
{
|
| 1895 |
-#ifdef REAL_YARA |
|
| 1896 | 1874 |
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, ">>"); |
| 1897 | 1875 |
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, ">>"); |
| 1898 | 1876 |
|
| 1899 | 1877 |
yr_parser_emit(yyscanner, OP_SHR, NULL); |
| 1900 | 1878 |
|
| 1901 | 1879 |
$$ = EXPRESSION_TYPE_INTEGER; |
| 1902 |
-#endif |
|
| 1903 | 1880 |
} |
| 1904 | 1881 |
| regexp |
| 1905 | 1882 |
{
|
| 1906 |
-#ifdef REAL_YARA |
|
| 1907 | 1883 |
$$ = $1; |
| 1908 |
-#endif |
|
| 1909 | 1884 |
} |
| 1910 | 1885 |
; |
| 1911 | 1886 |
|
| ... | ... |
@@ -705,8 +705,15 @@ void yyerror( |
| 705 | 705 |
#else |
| 706 | 706 |
if (error_message != NULL) |
| 707 | 707 |
cli_errmsg("yara_lexer:yyerror() %s\n", error_message);
|
| 708 |
+ else if (compiler->error_msg != NULL) |
|
| 709 |
+ cli_errmsg("yara_lexer:yyerror() %s\n", compiler->error_msg);
|
|
| 710 |
+ else if (compiler->last_error_extra_info[0] != (char) 0) |
|
| 711 |
+ cli_errmsg("yara_lexer:yyerror() %s\n", compiler->last_error_extra_info);
|
|
| 708 | 712 |
else |
| 709 | 713 |
cli_errmsg("yara_lexer:yyerror() error unknown\n");
|
| 714 |
+ compiler->last_error_extra_info[0] = (char) 0; |
|
| 715 |
+ compiler->error_msg = NULL; |
|
| 716 |
+ compiler->last_result = ERROR_SUCCESS; |
|
| 710 | 717 |
#endif |
| 711 | 718 |
} |
| 712 | 719 |
|
| ... | ... |
@@ -63,17 +63,20 @@ limitations under the License. |
| 63 | 63 |
((uint8_t) (x - '0')) |
| 64 | 64 |
|
| 65 | 65 |
|
| 66 |
-#ifdef REAL_YARA |
|
| 67 | 66 |
int yr_parser_emit( |
| 68 | 67 |
yyscan_t yyscanner, |
| 69 | 68 |
int8_t instruction, |
| 70 | 69 |
int8_t** instruction_address) |
| 71 | 70 |
{
|
| 71 |
+#ifdef REAL_YARA |
|
| 72 | 72 |
return yr_arena_write_data( |
| 73 | 73 |
yyget_extra(yyscanner)->code_arena, |
| 74 | 74 |
&instruction, |
| 75 | 75 |
sizeof(int8_t), |
| 76 | 76 |
(void**) instruction_address); |
| 77 |
+#else |
|
| 78 |
+ return ERROR_SUCCESS; |
|
| 79 |
+#endif |
|
| 77 | 80 |
} |
| 78 | 81 |
|
| 79 | 82 |
|
| ... | ... |
@@ -83,6 +86,7 @@ int yr_parser_emit_with_arg( |
| 83 | 83 |
int64_t argument, |
| 84 | 84 |
int8_t** instruction_address) |
| 85 | 85 |
{
|
| 86 |
+#ifdef REAL_YARA |
|
| 86 | 87 |
int result = yr_arena_write_data( |
| 87 | 88 |
yyget_extra(yyscanner)->code_arena, |
| 88 | 89 |
&instruction, |
| ... | ... |
@@ -97,6 +101,9 @@ int yr_parser_emit_with_arg( |
| 97 | 97 |
NULL); |
| 98 | 98 |
|
| 99 | 99 |
return result; |
| 100 |
+#else |
|
| 101 |
+ return ERROR_SUCCESS; |
|
| 102 |
+#endif |
|
| 100 | 103 |
} |
| 101 | 104 |
|
| 102 | 105 |
|
| ... | ... |
@@ -108,6 +115,7 @@ int yr_parser_emit_with_arg_reloc( |
| 108 | 108 |
{
|
| 109 | 109 |
void* ptr; |
| 110 | 110 |
|
| 111 |
+#ifdef REAL_YARA |
|
| 111 | 112 |
int result = yr_arena_write_data( |
| 112 | 113 |
yyget_extra(yyscanner)->code_arena, |
| 113 | 114 |
&instruction, |
| ... | ... |
@@ -129,6 +137,9 @@ int yr_parser_emit_with_arg_reloc( |
| 129 | 129 |
EOL); |
| 130 | 130 |
|
| 131 | 131 |
return result; |
| 132 |
+#else |
|
| 133 |
+ return ERROR_SUCCESS; |
|
| 134 |
+#endif |
|
| 132 | 135 |
} |
| 133 | 136 |
|
| 134 | 137 |
|
| ... | ... |
@@ -137,6 +148,7 @@ int yr_parser_emit_pushes_for_strings( |
| 137 | 137 |
const char* identifier) |
| 138 | 138 |
{
|
| 139 | 139 |
YR_COMPILER* compiler = yyget_extra(yyscanner); |
| 140 |
+#ifdef REAL_YARA |
|
| 140 | 141 |
YR_STRING* string = compiler->current_rule_strings; |
| 141 | 142 |
|
| 142 | 143 |
const char* string_identifier; |
| ... | ... |
@@ -189,6 +201,9 @@ int yr_parser_emit_pushes_for_strings( |
| 189 | 189 |
} |
| 190 | 190 |
|
| 191 | 191 |
return compiler->last_result; |
| 192 |
+#else |
|
| 193 |
+ return ERROR_SUCCESS; |
|
| 194 |
+#endif |
|
| 192 | 195 |
} |
| 193 | 196 |
|
| 194 | 197 |
|
| ... | ... |
@@ -200,6 +215,7 @@ int yr_parser_check_types( |
| 200 | 200 |
int i; |
| 201 | 201 |
|
| 202 | 202 |
char message[MAX_COMPILER_ERROR_EXTRA_INFO]; |
| 203 |
+#ifdef REAL_YARA |
|
| 203 | 204 |
|
| 204 | 205 |
const char* expected = function->arguments_fmt; |
| 205 | 206 |
const char* actual = actual_args_fmt; |
| ... | ... |
@@ -243,6 +259,9 @@ int yr_parser_check_types( |
| 243 | 243 |
} |
| 244 | 244 |
|
| 245 | 245 |
return compiler->last_result; |
| 246 |
+#else |
|
| 247 |
+ return ERROR_SUCCESS; |
|
| 248 |
+#endif |
|
| 246 | 249 |
} |
| 247 | 250 |
|
| 248 | 251 |
|
| ... | ... |
@@ -253,6 +272,7 @@ YR_STRING* yr_parser_lookup_string( |
| 253 | 253 |
YR_STRING* string; |
| 254 | 254 |
YR_COMPILER* compiler = yyget_extra(yyscanner); |
| 255 | 255 |
|
| 256 |
+#ifdef REAL_YARA |
|
| 256 | 257 |
string = compiler->current_rule_strings; |
| 257 | 258 |
|
| 258 | 259 |
while(!STRING_IS_NULL(string)) |
| ... | ... |
@@ -278,6 +298,9 @@ YR_STRING* yr_parser_lookup_string( |
| 278 | 278 |
compiler->last_result = ERROR_UNDEFINED_STRING; |
| 279 | 279 |
|
| 280 | 280 |
return NULL; |
| 281 |
+#else |
|
| 282 |
+ return ERROR_SUCCESS; |
|
| 283 |
+#endif |
|
| 281 | 284 |
} |
| 282 | 285 |
|
| 283 | 286 |
|
| ... | ... |
@@ -288,6 +311,7 @@ int yr_parser_lookup_loop_variable( |
| 288 | 288 |
YR_COMPILER* compiler = yyget_extra(yyscanner); |
| 289 | 289 |
int i; |
| 290 | 290 |
|
| 291 |
+#ifdef REAL_YARA |
|
| 291 | 292 |
for (i = 0; i < compiler->loop_depth; i++) |
| 292 | 293 |
{
|
| 293 | 294 |
if (compiler->loop_identifier[i] != NULL && |
| ... | ... |
@@ -296,6 +320,9 @@ int yr_parser_lookup_loop_variable( |
| 296 | 296 |
} |
| 297 | 297 |
|
| 298 | 298 |
return -1; |
| 299 |
+#else |
|
| 300 |
+ return ERROR_SUCCESS; |
|
| 301 |
+#endif |
|
| 299 | 302 |
} |
| 300 | 303 |
|
| 301 | 304 |
|
| ... | ... |
@@ -308,6 +335,7 @@ int _yr_parser_write_string( |
| 308 | 308 |
YR_STRING** string, |
| 309 | 309 |
int* min_atom_length) |
| 310 | 310 |
{
|
| 311 |
+#ifdef REAL_YARA |
|
| 311 | 312 |
SIZED_STRING* literal_string; |
| 312 | 313 |
YR_AC_MATCH* new_match; |
| 313 | 314 |
|
| ... | ... |
@@ -465,9 +493,11 @@ int _yr_parser_write_string( |
| 465 | 465 |
yr_atoms_list_destroy(atom_list); |
| 466 | 466 |
|
| 467 | 467 |
return result; |
| 468 |
+#else |
|
| 469 |
+ return ERROR_SUCCESS; |
|
| 470 |
+#endif |
|
| 468 | 471 |
} |
| 469 | 472 |
|
| 470 |
-#endif |
|
| 471 | 473 |
|
| 472 | 474 |
|
| 473 | 475 |
#include <stdint.h> |
| ... | ... |
@@ -882,7 +912,6 @@ int yr_parser_reduce_string_identifier( |
| 882 | 882 |
return compiler->last_result; |
| 883 | 883 |
} |
| 884 | 884 |
|
| 885 |
-#if 0 |
|
| 886 | 885 |
YR_META* yr_parser_reduce_meta_declaration( |
| 887 | 886 |
yyscan_t yyscanner, |
| 888 | 887 |
int32_t type, |
| ... | ... |
@@ -892,7 +921,7 @@ YR_META* yr_parser_reduce_meta_declaration( |
| 892 | 892 |
{
|
| 893 | 893 |
YR_COMPILER* compiler = yyget_extra(yyscanner); |
| 894 | 894 |
YR_META* meta; |
| 895 |
- |
|
| 895 |
+#if REAL_YARA |
|
| 896 | 896 |
compiler->last_result = yr_arena_allocate_struct( |
| 897 | 897 |
compiler->metas_arena, |
| 898 | 898 |
sizeof(YR_META), |
| ... | ... |
@@ -927,8 +956,40 @@ YR_META* yr_parser_reduce_meta_declaration( |
| 927 | 927 |
meta->type = type; |
| 928 | 928 |
|
| 929 | 929 |
return meta; |
| 930 |
-} |
|
| 930 |
+#else |
|
| 931 |
+ meta = cli_calloc(1, sizeof(YR_META)); |
|
| 932 |
+ if (meta == NULL) {
|
|
| 933 |
+ cli_errmsg("yara_parser: no mem for YR_META.\n");
|
|
| 934 |
+ compiler->last_result = CL_EMEM; |
|
| 935 |
+ return NULL; |
|
| 936 |
+ } |
|
| 931 | 937 |
|
| 938 |
+ if (identifier != NULL) {
|
|
| 939 |
+ meta->identifier = cli_strdup(identifier); |
|
| 940 |
+ if (meta->identifier == NULL) {
|
|
| 941 |
+ cli_errmsg("yara_parser: no mem for meta->identifier.\n");
|
|
| 942 |
+ compiler->last_result = CL_EMEM; |
|
| 943 |
+ return NULL; |
|
| 944 |
+ } |
|
| 945 |
+ } |
|
| 946 |
+ if (string != NULL) {
|
|
| 947 |
+ meta->string = cli_strdup(string); |
|
| 948 |
+ if (meta->string == NULL) {
|
|
| 949 |
+ cli_errmsg("yara_parser: no mem for meta->string.\n");
|
|
| 950 |
+ compiler->last_result = CL_EMEM; |
|
| 951 |
+ return NULL; |
|
| 952 |
+ } |
|
| 953 |
+ } |
|
| 954 |
+ meta->integer = integer; |
|
| 955 |
+ meta->type = type; |
|
| 956 |
+ |
|
| 957 |
+#if 0 |
|
| 958 |
+ STAILQ_INSERT_TAIL(&compiler->current_meta, meta, link); |
|
| 959 |
+#endif |
|
| 960 |
+ //compiler->error_msg = "meta not yet supported"; |
|
| 961 |
+ return meta; |
|
| 962 |
+#endif |
|
| 963 |
+} |
|
| 932 | 964 |
|
| 933 | 965 |
int yr_parser_reduce_import( |
| 934 | 966 |
yyscan_t yyscanner, |
| ... | ... |
@@ -936,6 +997,7 @@ int yr_parser_reduce_import( |
| 936 | 936 |
{
|
| 937 | 937 |
YR_COMPILER* compiler = yyget_extra(yyscanner); |
| 938 | 938 |
/// YR_OBJECT* module_structure; |
| 939 |
+#if REAL_YARA |
|
| 939 | 940 |
|
| 940 | 941 |
char* name; |
| 941 | 942 |
|
| ... | ... |
@@ -986,5 +1048,7 @@ int yr_parser_reduce_import( |
| 986 | 986 |
NULL); |
| 987 | 987 |
|
| 988 | 988 |
return compiler->last_result; |
| 989 |
-} |
|
| 989 |
+#else |
|
| 990 |
+ return ERROR_SUCCESS; |
|
| 990 | 991 |
#endif |
| 992 |
+} |