Victor M. Alvarez

icon indicating a website link www.virustotal.com icon indicating an email [email protected]

icon company Google icon location Bilbao, Spain icon location Senior Staff Software Engineer at @VirusTotal @google. Author of virustotal.github.io/yara-x

Results 206 comments of Victor M. Alvarez

Check for impossible conditions when using uint() operators.

Related: https://github.com/VirusTotal/yara-x/issues/23

Warn on always false integer reads and comparisons.

Do we really need `EXPRESSION_TYPE_INTEGER_FUNCTION`? I mean, as long as every `EXPRESSION_TYPE_INTEGER` has an associated field `width` indicating the number of bits in that integer we can check that operations...

feat: memory module

I see the utility of this new module, but I'm worried about its maintenance and testability. One of the problem with process memory scanning in general is that it's poorly...

Maximum offset distance in condition - perhaps `strings` module idea?

This request is interesting because it exposes the current limitations in the language. I agree @wxsBSD's comment, in order to implement this (and more powerful features in the feature) we...

Maximum offset distance in condition - perhaps `strings` module idea?

For the time being I would put each RFC as in independent discussion.

Get help with cuckoo module

What version of cuckoo are you using? The `cuckoo` module works with very old versions and haven't been updated in a long time. If you are using a recent version...

Create devcontainer.json

@mhmh261 can you provide more context about this? What's the intention for this change?

Grammar railroad diagram

This is really nice!

Wrong assumption while parsing rich header

@j-t-1 yes, the file `043066108b68b30fc2c475eae8edfafc080be7d451600eaa283d2c750bddbceb` is WIMA_SFX.EXE.

Wrong assumption while parsing rich header

I think #402 is ok.