It seems capture groups in regular expressions are not supported. A quick look at re_grammar.y in the repository suggests that parentheses surrounding sub-expressions are recognized by the parser, but are ignored.
How much work would it be to add support for capture groups / named capture groups? I imagine that the YR_MATCH structure for each YR_STRING would have an array of YR_CAPTURE structures which give the data extracted from the regex match. Named capture groups would be a bonus. Regards, Richard -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
