Releases: VirusTotal/yara-x
Releases · VirusTotal/yara-x
v0.12.0
- The
macho
module now parses and exposesLC_LINKER_OPTION
commands (#256). - Raise warning with some patterns that have too many 2-byte atoms and are potentially slow (#264).
- Extract more information from the
SpcSpOpusInfo
structure contained in PE signatures (50180d8). - BUGFIX: add missing
MEAN_BYTES
constant tomath
module (888c77e). - BUGFIX: panic when calling
dylib_hash
in some corrupted Mach-O files (c014a26).
Contributors: @latonis
v0.11.1
v0.11.0
- Added JSON as a new output format (#239).
- Added the
--profiling
option to thescan
command (d3df07d). - Implement loop-invariant code motion (hoisting) (#246).
- Implement
sym_hash()
function formacho
module (#248). - Allow larger jumps in hex patterns (1e6b6c7).
- BUGFIX: issue with undefined expression in
with
statements (5e2355a).
v0.10.0
- Add type information for the Python library (#215).
- Reduce errors due large regexps (#221).
- More improvements to
fmt
command (#224, 4352ddc). - Improved formatting for
pe
&dotnet
modules (#226). - Raise warning when a hex pattern can be expressed as text (15db4b1).
- Implement
--recursive
option (6f45b2f). - BUGFIX: Print paths relative to the target path for consistency with YARA (#212).
- BUGFIX: Issues with
--print-strings
option (#213, #214).
v0.9.0
- Implement the
with
statement (#197). - The
fmt
command is now customizable (#205). - Serialize compiled rules in platform-independent way (#202).
- Allow to specify namespaces for input rule files in the CLI (aa25903).
- Mach-O import parsing and import hash function by @latonis in #135
- Refactor the deserialization API in Golang (e8bf6ed).
- Redesign C API using callbacks (#198).
- Implement APIs in C and Golang for accessing the individual rules contained in a
Rules
object (ef03252). - BUGFIX: issue with some comments inside hex patterns (e7f6363).
- BUGFIX: bug while parsing regexp
/\\/
(09e823a). - BUGFIX: panic when map, array or regexp is used as a boolean expression (5fb2057).
- BUGFIX: multiple issues in the parser with invalid rules (9c4231d, 699bf51, 28bf377, d19a323, 7e26d31, ba2059d, a2b7394).
- BUGFIX: bug while using
--compiled-rules
without namespaces (#201).
Contributors: @chudicek @TommYDeeee @latonis @wxsBSD
v0.8.0
- Implement command
fmt
for automatic YARA code formatting. - Add
--module-data
option toscan
command (#183). - Add
--ignore-module
option toscan
andcompile
commands (0536024). - Implement
cuckoo
module for backward compatibility with YARA (#191). - More warnings for potentially slow rules (38ddfb1, 1db2190).
v0.7.0
- Better representation of flags in YAML output (aff398b).
- Accept comparisons between boolean expression and integer constant (1dd3ade).
- Add
--print-meta
option toscan
command (#170). - Add
--tag
and--print-tags
options toscan
command for tag filtering and printing (#171). - Add
--count
option toscan
command (#174). - Allow to specify the source's origin in the Golang, Python and C APIs.
- API redesigned to expose more details about compiler errors and warnings.
- BUGFIX: OOM errors while scanning some corrupted PE files (258e090).
- BUGFIX: panics while scanning some corrupted PE files (5a6b944, 3f011ee, b82c930).
Contributors: @wxsBSD
v0.6.0
v0.5.0
- Parse Mach-O exports and add
export_hash
function tomacho
module (#132) - Add
--disable-warnings
option. Specific warnings can be disabled by using warning identifiers likeslow_patterns
,duplicate_import
,unsatisfiable_expr
, etc (#140). - Raise warning when a boolean expression is always
true
orfalse
(5f6a1d7). - BUGFIX: fix multiple crashes in
macho
module. - BUGFIX: fix multiple crashes in
pe
module.
Contributors: @latonis
v0.4.0
- Implement the
--scan-list
option for thescan
command (21e8481). - Implement the
--output
option for thecompile
command (c7759f8). - Allow using non-global rules from global rules (865db1d).
- Implement APIs for accessing rule metadata (9f90eaa, 1e816a7, 3508d53, 9ddbbbe).
- Implement dylib and entitlement hashing in
macho
module (#93). - Allow multi-line string literals in rule metadata (#121 ).
- BUGFIX: Fix stack overflow when rules have a lot of patterns and use the
x of them
statement (b134252).