Expanding support for global variable objects. #114
Labels
enhancement
New feature or request
Comments
|
This is something that I have in mind for future releases. I'm currently focused in releasing a version that has feature parity with |
|
Excellent! Amazing job as usual @plusvic ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is something which was lacking in the C version, according to the current documentation yara-x only supports "global external variable" but not "external object" which would include arrays and structures for richer data enrichment.
This could be really great for modules that would want to keep the same name convention of VirusTotal live hunting to make rules interoperable for example variables like
vt.behaviour.command_executionsorvt.behaviour.modules_loadedwhich are only accessible as an array via theforloop keyword. But also variables under specific structures such asvt.behaviour.More information about existing issues which were not addressable in the current C version of yara:
Support for EXTERNAL OBJECT_TYPE_ARRAY and OBJECT_TYPE_STRUCTURE
Exporting yr_object_create() to enable custom structures?
The text was updated successfully, but these errors were encountered: