1 2 3 4 5 6 7
rule test { condition: ( uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550 or uint32(0) == 0x464c457f and uint16(0) != 0 ) }