impl<'a> CC<'a> {
fn eval(&self, src: &mut ByteReader) -> bool {
match *self {
- CC::Or (ref a, ref b) => { a.eval(src) || b.eval(src) },
+ CC::Or(a, b) => { a.eval(src) || b.eval(src) },
CC::Eq(ref arg) => { arg.eq(src) },
CC::In(ref a, ref b) => { a.ge(src) && b.le(src) },
CC::Lt(ref arg) => { arg.lt(src) },
CC::Le(ref arg) => { arg.le(src) },
CC::Gt(ref arg) => { arg.gt(src) },
CC::Ge(ref arg) => { arg.ge(src) },
- CC::Str(str) => {
- let mut val: Vec<u8> = vec![0; str.len()];
+ CC::Str(strng) => {
+ let mut val: Vec<u8> = vec![0; strng.len()];
let res = src.peek_buf(val.as_mut_slice());
if res.is_err() { return false; }
- val == str
+ val == strng
}
}
}
&CC::Str(b"moov")),
&CC::Str(b"ftyp")) }],
},
+ DetectConditions {
+ demux_name: "gif",
+ extensions: ".gif",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Or(&CC::Str(b"GIF87a"),
+ &CC::Str(b"GIF89a")) }],
+ },
DetectConditions {
demux_name: "mov",
extensions: ".mov",
&CC::Str(b"moov")),
&CC::Str(b"ftyp")) }],
},
+ DetectConditions {
+ demux_name: "mov-macbin",
+ extensions: ".mov,.bin",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Eq(Arg::Byte(0))},
+ CheckItem{offs: 0x41, cond: &CC::Str(b"MooV")},
+ CheckItem{offs: 0x7A, cond: &CC::Eq(Arg::Byte(0x81))},
+ CheckItem{offs: 0x7B, cond: &CC::Eq(Arg::Byte(0x81))},
+ CheckItem{offs: 0x84, cond: &CC::Str(b"mdat")}],
+ },
+ DetectConditions {
+ demux_name: "yuv4mpeg",
+ extensions: ".y4m",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Str(b"YUV4MPEG2 ") }],
+ },
+ DetectConditions {
+ demux_name: "armovie",
+ extensions: ".rpl",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Str(b"ARMovie\n") }],
+ },
+ DetectConditions {
+ demux_name: "flv",
+ extensions: ".flv",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Str(b"FLV") },
+ CheckItem{offs: 3, cond: &CC::Le(Arg::Byte(1)) }],
+ },
+ DetectConditions {
+ demux_name: "ivf",
+ extensions: ".ivf",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Str(&[0x50, 0xEF, 0x81, 0x19, 0xB3, 0xBD, 0xD0, 0x11, 0xA3, 0xE5, 0x00, 0xA0, 0xC9, 0x24, 0x44])},
+ CheckItem{offs: 15, cond: &CC::Or(&CC::Eq(Arg::Byte(0x36)), &CC::Eq(Arg::Byte(0x37)))}],
+ },
+ DetectConditions {
+ demux_name: "dkivf",
+ extensions: ".ivf",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Str(b"DKIF\x00\x00")},
+ CheckItem{offs: 6, cond: &CC::Ge(Arg::U16LE(32))}],
+ },
+ DetectConditions {
+ demux_name: "arxel-cnm",
+ extensions: ".cnm",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Str(b"CNM UNR\x00")}],
+ },
DetectConditions {
demux_name: "fcmp",
extensions: ".cmp",
conditions: &[CheckItem{offs: 0, cond: &CC::Str(b"IMAX") },
CheckItem{offs: 10, cond: &CC::Eq(Arg::U16LE(0x102)) }],
},
+ DetectConditions {
+ demux_name: "hl-fmv",
+ extensions: ".fmv",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Str(b"FMV*") },
+ CheckItem{offs: 4, cond: &CC::Eq(Arg::U32LE(0)) }],
+ },
DetectConditions {
demux_name: "legend-q",
extensions: ".q",
conditions: &[CheckItem{offs: 0, cond: &CC::Eq(Arg::U16LE(0x6839))},
- CheckItem{offs: 2, cond: &CC::In(Arg::Byte(3), Arg::Byte(5))}],
+ CheckItem{offs: 2, cond: &CC::In(Arg::Byte(3), Arg::Byte(7))}],
+ },
+ DetectConditions {
+ demux_name: "siff",
+ extensions: ".vb,.vbc,.fcp,.son",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Str(b"SIFF")},
+ CheckItem{offs: 4, cond: &CC::Or(
+ &CC::Or(
+ &CC::Str(b"VBV1VBHD"),
+ &CC::Str(b"SOUNSHDR")),
+ &CC::Str(b"FCPKFCHD"))}],
+ },
+ DetectConditions {
+ demux_name: "smush",
+ extensions: ".san",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Str(b"ANIM")},
+ CheckItem{offs: 8, cond: &CC::Str(b"AHDR")}],
+ },
+ DetectConditions {
+ demux_name: "smush-mcmp",
+ extensions: ".imc",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Str(b"MCMP")},
+ CheckItem{offs: 6, cond: &CC::Eq(Arg::Byte(0))},
+ CheckItem{offs: 7, cond: &CC::Eq(Arg::Byte(0))}],
+ },
+ DetectConditions {
+ demux_name: "smush",
+ extensions: ".snm",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Str(b"SANM")},
+ CheckItem{offs: 8, cond: &CC::Str(b"SHDR")}],
},
DetectConditions {
demux_name: "realaudio",
conditions: &[CheckItem{offs: 0, cond: &CC::Str(b"BMVi") },
CheckItem{offs: 32, cond: &CC::Str(b"DATA")}],
},
+ DetectConditions {
+ demux_name: "sga",
+ extensions: ".dtv,.avc",
+ conditions: &[],
+ },
+ DetectConditions {
+ demux_name: "sierra-rbt",
+ extensions: ".rbt",
+ conditions: &[CheckItem{offs: 0, cond: &CC::Eq(Arg::Byte(0x16)) },
+ CheckItem{offs: 2, cond: &CC::Str(b"SOL\0")},
+ CheckItem{offs: 6, cond: &CC::In(Arg::U16LE(4), Arg::U16LE(6))}],
+ },
+ DetectConditions {
+ demux_name: "sierra-seq",
+ extensions: ".seq",
+ conditions: &[],
+ },
DetectConditions {
demux_name: "vmd",
extensions: ".vmd",