yara-x 1.16.0

A pure Rust implementation of YARA.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

RULE test_1
  15: WITH -- hash: 0x26996efd3ba8f777
    14: FIELD_ACCESS -- hash: 0x54b6d37d2b917356
      2: SYMBOL Field { index: 0, is_root: true, type_value: struct, acl: None, deprecation_notice: None }
      3: SYMBOL Field { index: 49, is_root: false, type_value: array, acl: None, deprecation_notice: None }
    13: FOR_IN -- hash: 0xd8cf702c9fb77c65
          n: Var { frame_id: 1, ty: integer, index: 1 }
          i: Var { frame_id: 1, ty: integer, index: 2 }
          max_count: Var { frame_id: 1, ty: integer, index: 3 }
          count: Var { frame_id: 1, ty: integer, index: 4 }
          item: Var { frame_id: 1, ty: unknown, index: 5 }
      0: CONST integer(0)
      1: CONST integer(1)
      12: EQ -- hash: 0xd80669f7f1fbbe8
        10: FIELD_ACCESS -- hash: 0x269db08d3f80f808
          6: LOOKUP -- hash: 0xbc92506a3c451e95
            4: SYMBOL Var { var: Var { frame_id: 0, ty: array, index: 0 }, type_value: array }
            5: SYMBOL Var { var: Var { frame_id: 1, ty: integer, index: 6 }, type_value: integer(unknown) }
          9: LOOKUP -- hash: 0x1bd1e557c8168259
            7: SYMBOL Field { index: 6, is_root: false, type_value: array, acl: None, deprecation_notice: None }
            8: CONST integer(0)
        11: CONST integer(0)

RULE test_2
  7: DEFINED -- hash: 0xcf8d327a66b02ccd
    9: WITH -- hash: 0xaeb8e5d7e9b9a04f
      8: FN_CALL test_proto2.undef_i64@@iu -- hash: 0xc0206489d8f27bee
      11: WITH -- hash: 0x3696d4a61d1b6729
        10: EQ -- hash: 0xca17973246e0efca
          3: SYMBOL Var { var: Var { frame_id: 0, ty: integer, index: 0 }, type_value: integer(unknown) }
          4: CONST integer(0)
        6: FOR_IN -- hash: 0x5aa37f3747d0aa75
              n: Var { frame_id: 1, ty: integer, index: 2 }
              i: Var { frame_id: 1, ty: integer, index: 3 }
              max_count: Var { frame_id: 1, ty: integer, index: 4 }
              count: Var { frame_id: 1, ty: integer, index: 5 }
              item: Var { frame_id: 1, ty: unknown, index: 6 }
          0: CONST integer(0)
          1: CONST integer(10)
          5: SYMBOL Var { var: Var { frame_id: 0, ty: boolean, index: 1 }, type_value: boolean(unknown) }

RULE test_3
  18: OR -- hash: 0xc03b2943bc74ac56
    5: CONTAINS -- hash: 0x9b34a06a5c144733
      3: FIELD_ACCESS -- hash: 0xa68ef47d7e9f1bf3
        0: SYMBOL Field { index: 0, is_root: true, type_value: struct, acl: None, deprecation_notice: None }
        1: SYMBOL Field { index: 44, is_root: false, type_value: struct, acl: None, deprecation_notice: None }
        2: SYMBOL Field { index: 5, is_root: false, type_value: string(unknown), acl: None, deprecation_notice: None }
      4: CONST string("foo")
    11: CONTAINS -- hash: 0x9b34a06a5c144733
      9: FIELD_ACCESS -- hash: 0xa68ef47d7e9f1bf3
        6: SYMBOL Field { index: 0, is_root: true, type_value: struct, acl: None, deprecation_notice: None }
        7: SYMBOL Field { index: 44, is_root: false, type_value: struct, acl: None, deprecation_notice: None }
        8: SYMBOL Field { index: 5, is_root: false, type_value: string(unknown), acl: None, deprecation_notice: None }
      10: CONST string("foo")
    17: CONTAINS -- hash: 0xbab99c5006e37037
      15: FIELD_ACCESS -- hash: 0xa68ef47d7e9f1bf3
        12: SYMBOL Field { index: 0, is_root: true, type_value: struct, acl: None, deprecation_notice: None }
        13: SYMBOL Field { index: 44, is_root: false, type_value: struct, acl: None, deprecation_notice: None }
        14: SYMBOL Field { index: 5, is_root: false, type_value: string(unknown), acl: None, deprecation_notice: None }
      16: CONST string("bar")