This should show you what is going on:
>>> f = open('/bin/ls')
>>> data = f.read()
>>> f.close()
>>> import yara
>>> rules = yara.compile(source='import "pe" rule a { condition: false }')
>>> def foo(data):
... global resources
... resources = data.get('number_of_resources')
...
>>> resources = 0
>>> rules.match(data=data, modules_callback=foo)
[]
>>> print resources
None
>>> f = open('/Users/wxs/malware/test.exe')
>>> data = f.read()
>>> f.close()
>>> rules.match(data=data, modules_callback=foo)
[]
>>> print resources
23
>>>
When I feed it a file that is not a PE file the number_of_resources key in the
data dictionary doesn't exist so attempting to call .get() on it returns None.
-- WXS
> On Mar 13, 2018, at 4:00 PM, Matan Bachar <[email protected]> wrote:
>
> Hello everyone
> I am doing a yara-python project and Im using this technique to getting
> information about PE files:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> My problem is when im using more than one time with this technique and its
> not working. Its just return 'None' instead of the value it should return
> Every time Im use this technique only one time its working no matter what...
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "YARA" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
