Skip to content

Commit

Permalink
supported yara-python 4.3.0 and higher
Browse files Browse the repository at this point in the history
  • Loading branch information
@hyuunnn
hyuunnn committed Nov 3, 2023
1 parent 4b5d208 commit 292023d
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 15 deletions.
14 changes: 8 additions & 6 deletions hyara_lib/plugins/yara_checker.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,12 +74,14 @@ def _search(self):
matches = rule.match(data=f.read())
for match in matches:
strings = match.strings[0]
result[filename] = {
"path": self._folder_path.text(),
"addr": hex(strings[0]),
"rule_name": strings[1],
"value": strings[2].hex(),
}

for instance in strings.instances:
result[filename] = {
"path": self._folder_path.text(),
"addr": hex(instance.offset),
"rule_name": strings.identifier,
"value": instance.matched_data.hex(),
}
except IOError: # Permission denied
continue

Expand Down
19 changes: 10 additions & 9 deletions hyara_lib/plugins/yara_detector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,15 +93,16 @@ def _search(self):

matches = self.rule.match(data=data)
for match in matches:
for i in match.strings:
result.append(
{
"addr": hex(i[0]),
"rule_name": match.rule,
"variable_name": i[1],
"value": i[2].hex(),
}
)
for strings in match.strings:
for instance in strings.instances:
result.append(
{
"addr": hex(instance.offset),
"rule_name": match.rule,
"variable_name": strings.identifier,
"value": instance.matched_data.hex(),
}
)
self._table.setRowCount(len(result))

for idx, value in enumerate(result):
Expand Down

0 comments on commit 292023d

Please sign in to comment.