wxsBSD/gist:2e9b270552122cd865cdafe01989fdca

## gistfile1.md

      
    Raw
  

              gistfile1.md
            
          
    import platform
import yara

print(f"Platform version: {platform.version()}")
print(f"Python version: {platform.python_version()}")
print(f"YARA version: {yara.YARA_VERSION}")


r = """
rule a { strings: $a = "foo" fullword condition: $a }
rule b { strings: $b = /\Wfoo/ condition: $b }
"""
rules = yara.compile(source=r)
for c in range(256):
    print(f"0x{c:02x}: ", end="")
    print(rules.match(data=bytes((c,)) + b"foo"))

Platform version: Darwin Kernel Version 20.6.0: Wed Jun 23 00:26:27 PDT 2021; root:xnu-7195.141.2~5/RELEASE_ARM64_T8101
Python version: 3.8.2
YARA version: 4.1.0
0x00: [a, b]
0x01: [a, b]
0x02: [a, b]
0x03: [a, b]
0x04: [a, b]
0x05: [a, b]
0x06: [a, b]
0x07: [a, b]
0x08: [a, b]
0x09: [a, b]
0x0a: [a, b]
0x0b: [a, b]
0x0c: [a, b]
0x0d: [a, b]
0x0e: [a, b]
0x0f: [a, b]
0x10: [a, b]
0x11: [a, b]
0x12: [a, b]
0x13: [a, b]
0x14: [a, b]
0x15: [a, b]
0x16: [a, b]
0x17: [a, b]
0x18: [a, b]
0x19: [a, b]
0x1a: [a, b]
0x1b: [a, b]
0x1c: [a, b]
0x1d: [a, b]
0x1e: [a, b]
0x1f: [a, b]
0x20: [a, b]
0x21: [a, b]
0x22: [a, b]
0x23: [a, b]
0x24: [a, b]
0x25: [a, b]
0x26: [a, b]
0x27: [a, b]
0x28: [a, b]
0x29: [a, b]
0x2a: [a, b]
0x2b: [a, b]
0x2c: [a, b]
0x2d: [a, b]
0x2e: [a, b]
0x2f: [a, b]
0x30: []
0x31: []
0x32: []
0x33: []
0x34: []
0x35: []
0x36: []
0x37: []
0x38: []
0x39: []
0x3a: [a, b]
0x3b: [a, b]
0x3c: [a, b]
0x3d: [a, b]
0x3e: [a, b]
0x3f: [a, b]
0x40: [a, b]
0x41: []
0x42: []
0x43: []
0x44: []
0x45: []
0x46: []
0x47: []
0x48: []
0x49: []
0x4a: []
0x4b: []
0x4c: []
0x4d: []
0x4e: []
0x4f: []
0x50: []
0x51: []
0x52: []
0x53: []
0x54: []
0x55: []
0x56: []
0x57: []
0x58: []
0x59: []
0x5a: []
0x5b: [a, b]
0x5c: [a, b]
0x5d: [a, b]
0x5e: [a, b]
0x5f: [a]
0x60: [a, b]
0x61: []
0x62: []
0x63: []
0x64: []
0x65: []
0x66: []
0x67: []
0x68: []
0x69: []
0x6a: []
0x6b: []
0x6c: []
0x6d: []
0x6e: []
0x6f: []
0x70: []
0x71: []
0x72: []
0x73: []
0x74: []
0x75: []
0x76: []
0x77: []
0x78: []
0x79: []
0x7a: []
0x7b: [a, b]
0x7c: [a, b]
0x7d: [a, b]
0x7e: [a, b]
0x7f: [a, b]
0x80: [a, b]
0x81: [a, b]
0x82: [a, b]
0x83: [a, b]
0x84: [a, b]
0x85: [a, b]
0x86: [a, b]
0x87: [a, b]
0x88: [a, b]
0x89: [a, b]
0x8a: [a, b]
0x8b: [a, b]
0x8c: [a, b]
0x8d: [a, b]
0x8e: [a, b]
0x8f: [a, b]
0x90: [a, b]
0x91: [a, b]
0x92: [a, b]
0x93: [a, b]
0x94: [a, b]
0x95: [a, b]
0x96: [a, b]
0x97: [a, b]
0x98: [a, b]
0x99: [a, b]
0x9a: [a, b]
0x9b: [a, b]
0x9c: [a, b]
0x9d: [a, b]
0x9e: [a, b]
0x9f: [a, b]
0xa0: [a, b]
0xa1: [a, b]
0xa2: [a, b]
0xa3: [a, b]
0xa4: [a, b]
0xa5: [a, b]
0xa6: [a, b]
0xa7: [a, b]
0xa8: [a, b]
0xa9: [a, b]
0xaa: [a, b]
0xab: [a, b]
0xac: [a, b]
0xad: [a, b]
0xae: [a, b]
0xaf: [a, b]
0xb0: [a, b]
0xb1: [a, b]
0xb2: [a, b]
0xb3: [a, b]
0xb4: [a, b]
0xb5: [a, b]
0xb6: [a, b]
0xb7: [a, b]
0xb8: [a, b]
0xb9: [a, b]
0xba: [a, b]
0xbb: [a, b]
0xbc: [a, b]
0xbd: [a, b]
0xbe: [a, b]
0xbf: [a, b]
0xc0: [a, b]
0xc1: [a, b]
0xc2: [a, b]
0xc3: [a, b]
0xc4: [a, b]
0xc5: [a, b]
0xc6: [a, b]
0xc7: [a, b]
0xc8: [a, b]
0xc9: [a, b]
0xca: [a, b]
0xcb: [a, b]
0xcc: [a, b]
0xcd: [a, b]
0xce: [a, b]
0xcf: [a, b]
0xd0: [a, b]
0xd1: [a, b]
0xd2: [a, b]
0xd3: [a, b]
0xd4: [a, b]
0xd5: [a, b]
0xd6: [a, b]
0xd7: [a, b]
0xd8: [a, b]
0xd9: [a, b]
0xda: [a, b]
0xdb: [a, b]
0xdc: [a, b]
0xdd: [a, b]
0xde: [a, b]
0xdf: [a, b]
0xe0: [a, b]
0xe1: [a, b]
0xe2: [a, b]
0xe3: [a, b]
0xe4: [a, b]
0xe5: [a, b]
0xe6: [a, b]
0xe7: [a, b]
0xe8: [a, b]
0xe9: [a, b]
0xea: [a, b]
0xeb: [a, b]
0xec: [a, b]
0xed: [a, b]
0xee: [a, b]
0xef: [a, b]
0xf0: [a, b]
0xf1: [a, b]
0xf2: [a, b]
0xf3: [a, b]
0xf4: [a, b]
0xf5: [a, b]
0xf6: [a, b]
0xf7: [a, b]
0xf8: [a, b]
0xf9: [a, b]
0xfa: [a, b]
0xfb: [a, b]
0xfc: [a, b]
0xfd: [a, b]
0xfe: [a, b]
0xff: [a, b]