yara-x 1.16.0

A pure Rust implementation of YARA.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

RULE test
  44: WITH -- hash: 0xfd51d86833944c9b
    43: PATTERN_COUNT PatternIdx(1) -- hash: 0x7699aa02ceb56d76
    46: WITH -- hash: 0xf99994e9c3a68cb3
      45: FIELD_ACCESS -- hash: 0x22bd483d721ed399
        4: SYMBOL Field { index: 0, is_root: true, type_value: struct, acl: None, deprecation_notice: None }
        5: SYMBOL Field { index: 19, is_root: false, type_value: array, acl: None, deprecation_notice: None }
      42: FOR_IN -- hash: 0xe8e057517cf5bf22
            n: Var { frame_id: 1, ty: integer, index: 2 }
            i: Var { frame_id: 1, ty: integer, index: 3 }
            max_count: Var { frame_id: 1, ty: integer, index: 4 }
            count: Var { frame_id: 1, ty: integer, index: 5 }
            item: Var { frame_id: 1, ty: unknown, index: 6 }
        0: CONST integer(0)
        1: PATTERN_COUNT PatternIdx(0) -- hash: 0xc1bc033c6a64ce89
        48: WITH -- hash: 0x669c16b485984c27
          47: PATTERN_OFFSET PatternIdx(0) INDEX -- hash: 0xce29f774b8692af2
            10: SYMBOL Var { var: Var { frame_id: 1, ty: integer, index: 7 }, type_value: integer(unknown) }
          50: WITH -- hash: 0xab9765e6b9c23851
            49: PATTERN_OFFSET PatternIdx(0) INDEX -- hash: 0xce29f774b8692af2
              13: SYMBOL Var { var: Var { frame_id: 1, ty: integer, index: 7 }, type_value: integer(unknown) }
            41: FOR_IN -- hash: 0xe5518f0bdf2d8333
                  n: Var { frame_id: 2, ty: integer, index: 11 }
                  i: Var { frame_id: 2, ty: integer, index: 12 }
                  max_count: Var { frame_id: 2, ty: integer, index: 13 }
                  count: Var { frame_id: 2, ty: integer, index: 14 }
                  item: Var { frame_id: 2, ty: unknown, index: 15 }
              2: CONST integer(0)
              3: SYMBOL Var { var: Var { frame_id: 0, ty: integer, index: 0 }, type_value: integer(unknown) }
              52: WITH -- hash: 0x3666334f99c17954
                51: PATTERN_OFFSET PatternIdx(1) INDEX -- hash: 0x49dc6121174a8d53
                  26: SYMBOL Var { var: Var { frame_id: 2, ty: integer, index: 16 }, type_value: integer(unknown) }
                54: WITH -- hash: 0xd26c3fe7d117b926
                  53: PATTERN_OFFSET PatternIdx(1) INDEX -- hash: 0x49dc6121174a8d53
                    29: SYMBOL Var { var: Var { frame_id: 2, ty: integer, index: 16 }, type_value: integer(unknown) }
                  40: FOR_IN -- hash: 0x92c95e15a9d08618
                        n: Var { frame_id: 3, ty: integer, index: 20 }
                        i: Var { frame_id: 3, ty: integer, index: 21 }
                        max_count: Var { frame_id: 3, ty: integer, index: 22 }
                        count: Var { frame_id: 3, ty: integer, index: 23 }
                        item: Var { frame_id: 3, ty: array, index: 24 }
                    6: SYMBOL Var { var: Var { frame_id: 0, ty: array, index: 1 }, type_value: array }
                    39: AND -- hash: 0xfd9ea211fc88a365
                      12: LE -- hash: 0xaae2bff322aa8faf
                        9: FIELD_ACCESS -- hash: 0x2cfd8c09c7bab762
                          7: SYMBOL Var { var: Var { frame_id: 3, ty: struct, index: 25 }, type_value: struct }
                          8: SYMBOL Field { index: 0, is_root: false, type_value: integer(unknown), acl: None, deprecation_notice: None }
                        11: SYMBOL Var { var: Var { frame_id: 0, ty: integer, index: 9 }, type_value: integer(unknown) }
                      22: LE -- hash: 0x644c1cef0467915f
                        14: SYMBOL Var { var: Var { frame_id: 0, ty: integer, index: 10 }, type_value: integer(unknown) }
                        21: ADD -- hash: 0x108f040ec6b473d7
                          17: FIELD_ACCESS -- hash: 0x2cfd8c09c7bab762
                            15: SYMBOL Var { var: Var { frame_id: 3, ty: struct, index: 25 }, type_value: struct }
                            16: SYMBOL Field { index: 0, is_root: false, type_value: integer(unknown), acl: None, deprecation_notice: None }
                          20: FIELD_ACCESS -- hash: 0xe1db32d0280b564e
                            18: SYMBOL Var { var: Var { frame_id: 3, ty: struct, index: 25 }, type_value: struct }
                            19: SYMBOL Field { index: 1, is_root: false, type_value: integer(unknown), acl: None, deprecation_notice: None }
                      28: LE -- hash: 0x99689fd2d49614f8
                        25: FIELD_ACCESS -- hash: 0x2cfd8c09c7bab762
                          23: SYMBOL Var { var: Var { frame_id: 3, ty: struct, index: 25 }, type_value: struct }
                          24: SYMBOL Field { index: 0, is_root: false, type_value: integer(unknown), acl: None, deprecation_notice: None }
                        27: SYMBOL Var { var: Var { frame_id: 0, ty: integer, index: 18 }, type_value: integer(unknown) }
                      38: LE -- hash: 0xb8db6ae5493ebfc8
                        30: SYMBOL Var { var: Var { frame_id: 0, ty: integer, index: 19 }, type_value: integer(unknown) }
                        37: ADD -- hash: 0x108f040ec6b473d7
                          33: FIELD_ACCESS -- hash: 0x2cfd8c09c7bab762
                            31: SYMBOL Var { var: Var { frame_id: 3, ty: struct, index: 25 }, type_value: struct }
                            32: SYMBOL Field { index: 0, is_root: false, type_value: integer(unknown), acl: None, deprecation_notice: None }
                          36: FIELD_ACCESS -- hash: 0xe1db32d0280b564e
                            34: SYMBOL Var { var: Var { frame_id: 3, ty: struct, index: 25 }, type_value: struct }
                            35: SYMBOL Field { index: 1, is_root: false, type_value: integer(unknown), acl: None, deprecation_notice: None }