int callback(RULE* rule, void* data) { TAG* tag; STRING* string; META* meta; MATCH* match; int rule_match; int string_found; int show = TRUE; int show_tags = TRUE; int show_meta = TRUE; int show_strings = TRUE; rule_match = (rule->flags & RULE_FLAGS_MATCH); if (show) { printf("%s ", rule->identifier); printf(" flags: %x ", rule->flags); if (show_tags) { tag = rule->tag_list_head; printf("tag: ["); while(tag != NULL) { if (tag->next == NULL) { printf("%s", tag->identifier); } else { printf("%s,", tag->identifier); } tag = tag->next; } printf("] "); } if (show_meta) { meta = rule->meta_list_head; printf("meta: ["); while(meta != NULL) { if (meta->type == META_TYPE_INTEGER) { printf("%s=%lu", meta->identifier, meta->integer); } else if (meta->type == META_TYPE_BOOLEAN) { printf("%s=%s", meta->identifier, (meta->boolean)?("true"):("false")); } else { printf("%s=\"%s\"", meta->identifier, meta->string); } if (meta->next != NULL) printf(","); meta = meta->next; } printf("] "); } /* show matched strings */ if (show_strings) { string = rule->string_list_head; while (string != NULL) { string_found = string->flags & STRING_FLAGS_FOUND; if (string_found) { match = string->matches_head; while (match != NULL) { printf("0x%lx:%s: ", match->offset, string->identifier); if (IS_HEX(string)) { print_hex_string(match->data, match->length); } else if (IS_WIDE(string)) { print_string(match->data, match->length, TRUE); } else { print_string(match->data, match->length, FALSE); } match = match->next; } } string = string->next; } } } printf("\n"); return CALLBACK_CONTINUE; }
int callback(RULE* rule, void* data) { TAG* tag; IDENTIFIER* identifier; STRING* string; META* meta; MATCH* match; int rule_match; int string_found; int show = TRUE; if (show_specified_tags) { show = FALSE; tag = specified_tags_list; while (tag != NULL) { if (lookup_tag(rule->tag_list_head, tag->identifier) != NULL) { show = TRUE; break; } tag = tag->next; } } if (show_specified_rules) { show = FALSE; identifier = specified_rules_list; while (identifier != NULL) { if (strcmp(identifier->name, rule->identifier) == 0) { show = TRUE; break; } identifier = identifier->next; } } rule_match = (rule->flags & RULE_FLAGS_MATCH); show = show && ((!negate && rule_match) || (negate && !rule_match)); if (show) { printf("%s ", rule->identifier); if (show_tags) { tag = rule->tag_list_head; printf("["); while(tag != NULL) { if (tag->next == NULL) { printf("%s", tag->identifier); } else { printf("%s,", tag->identifier); } tag = tag->next; } printf("] "); } if (show_meta) { meta = rule->meta_list_head; printf("["); while(meta != NULL) { if (meta->type == META_TYPE_INTEGER) { printf("%s=%lu", meta->identifier, meta->integer); } else if (meta->type == META_TYPE_BOOLEAN) { printf("%s=%s", meta->identifier, (meta->boolean)?("true"):("false")); } else { printf("%s=\"%s\"", meta->identifier, meta->string); } if (meta->next != NULL) printf(","); meta = meta->next; } printf("] "); } printf("%s\n", (char*) data); /* show matched strings */ if (show_strings) { string = rule->string_list_head; while (string != NULL) { string_found = string->flags & STRING_FLAGS_FOUND; if (string_found) { match = string->matches_head; while (match != NULL) { printf("0x%lx:%s: ", match->offset, string->identifier); if (IS_HEX(string)) { print_hex_string(match->data, match->length); } else if (IS_WIDE(string)) { print_string(match->data, match->length, TRUE); } else { print_string(match->data, match->length, FALSE); } match = match->next; } } string = string->next; } } } if (rule_match) count++; if (limit != 0 && count >= limit) return CALLBACK_ABORT; return CALLBACK_CONTINUE; }