yara-x 1.16.0

A pure Rust implementation of YARA.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

RULE test_1
  13: FOR_IN -- hash: 0x759f60f5a7f015eb
        n: Var { frame_id: 1, ty: integer, index: 0 }
        i: Var { frame_id: 1, ty: integer, index: 1 }
        max_count: Var { frame_id: 1, ty: integer, index: 2 }
        count: Var { frame_id: 1, ty: integer, index: 3 }
        item: Var { frame_id: 1, ty: unknown, index: 4 }
    0: CONST integer(0)
    1: CONST integer(1)
    12: EQ -- hash: 0x5c8fc30a843d9a50
      10: FIELD_ACCESS -- hash: 0x3ec51a750647f9a8
        6: LOOKUP -- hash: 0x491138f2e72b9f66
          4: FIELD_ACCESS -- hash: 0x54b6d37d2b917356
            2: SYMBOL Field { index: 0, is_root: true, type_value: struct, acl: None, deprecation_notice: None }
            3: SYMBOL Field { index: 49, is_root: false, type_value: array, acl: None, deprecation_notice: None }
          5: SYMBOL Var { var: Var { frame_id: 1, ty: integer, index: 5 }, type_value: integer(unknown) }
        9: LOOKUP -- hash: 0x1bd1e557c8168259
          7: SYMBOL Field { index: 6, is_root: false, type_value: array, acl: None, deprecation_notice: None }
          8: CONST integer(0)
      11: CONST integer(0)

RULE test_2
  7: DEFINED -- hash: 0x1d49f5b40894ff06
    6: FOR_IN -- hash: 0xd90605d04c83c3bc
          n: Var { frame_id: 1, ty: integer, index: 0 }
          i: Var { frame_id: 1, ty: integer, index: 1 }
          max_count: Var { frame_id: 1, ty: integer, index: 2 }
          count: Var { frame_id: 1, ty: integer, index: 3 }
          item: Var { frame_id: 1, ty: unknown, index: 4 }
      0: CONST integer(0)
      1: CONST integer(10)
      5: EQ -- hash: 0x73a8684f978b75a
        3: FN_CALL test_proto2.undef_i64@@iu -- hash: 0xc0206489d8f27bee
        4: CONST integer(0)

RULE test_3
  18: OR -- hash: 0xc03b2943bc74ac56
    5: CONTAINS -- hash: 0x9b34a06a5c144733
      3: FIELD_ACCESS -- hash: 0xa68ef47d7e9f1bf3
        0: SYMBOL Field { index: 0, is_root: true, type_value: struct, acl: None, deprecation_notice: None }
        1: SYMBOL Field { index: 44, is_root: false, type_value: struct, acl: None, deprecation_notice: None }
        2: SYMBOL Field { index: 5, is_root: false, type_value: string(unknown), acl: None, deprecation_notice: None }
      4: CONST string("foo")
    11: CONTAINS -- hash: 0x9b34a06a5c144733
      9: FIELD_ACCESS -- hash: 0xa68ef47d7e9f1bf3
        6: SYMBOL Field { index: 0, is_root: true, type_value: struct, acl: None, deprecation_notice: None }
        7: SYMBOL Field { index: 44, is_root: false, type_value: struct, acl: None, deprecation_notice: None }
        8: SYMBOL Field { index: 5, is_root: false, type_value: string(unknown), acl: None, deprecation_notice: None }
      10: CONST string("foo")
    17: CONTAINS -- hash: 0xbab99c5006e37037
      15: FIELD_ACCESS -- hash: 0xa68ef47d7e9f1bf3
        12: SYMBOL Field { index: 0, is_root: true, type_value: struct, acl: None, deprecation_notice: None }
        13: SYMBOL Field { index: 44, is_root: false, type_value: struct, acl: None, deprecation_notice: None }
        14: SYMBOL Field { index: 5, is_root: false, type_value: string(unknown), acl: None, deprecation_notice: None }
      16: CONST string("bar")