Victor M. Alvarez

This should be fixed after https://github.com/VirusTotal/yara/pull/1491. Could try with the latest version in the master branch and let me know if it works fine?

No, version 4.1.1 is a minor update, including only bug fixes. The unicode support will be released in version 4.2.0.

Sorry for the delayed response. I didn't managed to spend time in reviewing this issue until now. The work you had done is very interesting and I think it can...

I also like your approach of implementing a `yr_process_fetch_primary_module_base` for finding the base address for the main module. Currently YARA enumerates the memory blocks and it considers that the first...

Thank you for the very detailed explanation, everything is more clear to me now. It looks like you know a lot about the internal working of the Windows loader, so...

We can start working on merging this into master. I wouldn't release it in version 4.2.0, as the first release candidate is already out and I'm only introducing bug fixes...

It's a a linking problem: ``` libyara64.lib(windows.obj) : error LNK2019: unresolved external symbol NtQueryInformationProcess referenced in function yr_process_fetch_primary_module_base [C:\projects\yara\windows\vs2015\yara\yara.vcxproj] C:\projects\yara\windows\vs2015\Debug\yara64.exe : fatal error LNK1120: 1 unresolved externals [C:\projects\yara\windows\vs2015\yara\yara.vcxproj] ``` You...

`pe_mingw` is a simple "Hello world!" program that does nothing, but it seems that some antiviruses decided to detect it for some reason. This file was added relatively recently as...

I'm afraid the only options here are creating a new file that can be used with the test case (and hope that this time antiviruses don't detect it) or removing...

The last time I tried to enable the "macho" module by default both Coverity and ASAN found issues that original author never got fixed. For that reason this module is...