adding hex string to rule

[bufu1003]

Is there a workaround at the moment for adding a string of bytes to a rule in Yara's format? Looked around in documentation/examples and I haven't found anything.

• Eg:

  my_string = " 80 42 00 8b 4d 08 ba 01 00 00 00 ff d0 81 c4 00 01 00 00 5"

  Then programmatically build the rule such that I end up with:

  `$a = {80 42 00 8b 4d 08 ba 01 00 00 00 ff d0 81 c4 00 01 00 00 5}`
  

Thank you for help!

[matonis]

I'm sorry for the delay a bit of a hectic summer. I believe rule.add_binary_as_string should work for you. Let me know if it doesn't.

rule.add_binary_as_string(data="4d5a9000??000000??000000ffff0000")