asn1:[bitstring_overflow][, double_overflow][, oversize_length <value>][, absolute_offset <value>|relative_offset <value>];
| Option | Description |
| bitstring_overflow |
Detects invalid bitstring encodings that are known to be remotely exploitable. |
| double_overflow |
Detects a double ASCII encoding that is larger than a standard buffer. This is known to be an exploitable function in Microsoft, but it is unknown at this time which services may be exploitable. |
oversize_length  value |
Compares ASN.1 type lengths with the supplied argument. The syntax looks like, ``oversize_length 500''. This means that if an ASN.1 type is greater than 500, then this keyword is evaluated as true. This keyword must have one argument which specifies the length to compare against. |
|
absolute_offset value |
This is the absolute offset from the beginning of the packet. For example, if you wanted to decode snmp packets, you would say ``absolute_offset 0''. absolute_offset has one argument, the offset value. Offset may be positive or negative. |
|
relative_offset value |
This is the relative offset from the last content match or byte_test/jump.
relative_offset has one argument, the offset number. So if you
wanted to start decoding and ASN.1 sequence right after the content ``foo'',
you would specify |