Skip to content

Support YARA Format Jumps in Search #6600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
utkonos opened this issue Apr 8, 2025 · 1 comment
Open

Support YARA Format Jumps in Search #6600

utkonos opened this issue Apr 8, 2025 · 1 comment
Labels
Component: Core Issue needs changes to the core Effort: Medium Issue should take < 1 month Impact: Low Issue is a papercut or has a good, supported workaround

Comments

@utkonos
Copy link
Contributor

utkonos commented Apr 8, 2025

What is the feature you'd like to have?
The current implementation of search supports ?? wildcards, but it is also common in YARA to use jumps instead of long stretches of wildcards:
6a40 6800100000 a1[4] 50 6a00 ff15[4] 8945e0
rather than
6a40 6800100000 a1???????? 50 6a00 ff15???????? 8945e0

Is your feature request related to a problem?
This will help with cut and paste from YARA rule strings to binary ninja's search.
@utkonos
Copy link
Contributor Author

utkonos commented Apr 8, 2025

YARA Jumps

@xusheng6 xusheng6 added Component: Core Issue needs changes to the core Impact: Low Issue is a papercut or has a good, supported workaround Effort: Medium Issue should take < 1 month labels Apr 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: Core Issue needs changes to the core Effort: Medium Issue should take < 1 month Impact: Low Issue is a papercut or has a good, supported workaround
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@utkonos @xusheng6