Victor M. Alvarez
Victor M. Alvarez
I guess that you want to express that at least N rules from Rule1,Rule2,Rule3,Rule4 must be true. For the specific case of N=1, this can be done with `Rule1 or...
The dex module is still immature, that's the reason it is not enabled by default nor included in the documentation.
I like the idea of implementing this feature, but I'm not sure this is the more appropriate way to do it. Instead of generating VM code specifically for expressions of...
Put it on hold, I think this should be part of a larger more ambitious change that I have in mind.
I don't have the full picture yet, but the plan is generalizing your proposal to something that could accept expressions like... ``` 2 of some_module.some_array ``` ...where `some_array` is an...
The issue tracker is not the best place to put this, as this is an issue actually. Maybe somewhere in the documentation, but it's too specific I think.
It's hard to tell what may be happening without having the rules. It could be some edge case triggered by a very specific rule.
There's nothing special in YARA for computing memory consumption. You must use whatever tools you usually employ with other programs. If you can share your rules with me I can...
I more detailed explanation of your exploit would be helpful. I guess your idea is using `OP_COUNT` to read the objects canary and craft a fake object to execute arbitrary...
Very good job in finding and explaining this issue. You have done an impressive job in understanding YARA's internals. This commit should solve the problem with OP_COUNT: https://github.com/VirusTotal/yara/commit/6acc08d7329413f60e0976be017e18a581450d7a Regarding the...