hash data with CRC32

rule:
  meta:
    name: hash data with CRC32
    namespace: data-manipulation/checksum/crc32
    authors:
      - moritz.raabe@mandiant.com
    scopes:
      static: function
      dynamic: unsupported  # requires operand[1].number, characteristic, bytes, mnemonic features
    mbc:
      - Data::Checksum::CRC32 [C0032.001]
    examples:
      - 2D3EDC218A90F03089CC01715A9F047F:0x403CBD
      - 7D28CB106CB54876B2A5C111724A07CD:0x402350  # RtlComputeCrc32
      - 7EFF498DE13CC734262F87E6B3EF38AB:0x100084A6
  features:
    - or:
      - and:
        - number: 1 = bits in a byte
        - instruction:
          - description: is bit set?
          - or:
            - mnemonic: and
            - mnemonic: test
          - operand[1].number: 1
        - instruction:
          - mnemonic: shr
          - number: 1
        - characteristic: nzxor
        - operand[1].number: 0xEDB88320
      - and:
        - number: 0x8320
        - number: 0xEDB8
        - characteristic: nzxor
      - api: RtlComputeCrc32
      - bytes: 00 00 00 00 96 30 07 77 2C 61 0E EE BA 51 09 99 19 C4 6D 07 8F F4 6A 70 35 A5 63 E9 A3 95 64 9E = crc32_tab