2024-02-21 22:08:26 +01:00
|
|
|
#pragma once
|
|
|
|
|
|
|
|
#include <hex/providers/provider.hpp>
|
|
|
|
|
|
|
|
#include <string>
|
|
|
|
#include <vector>
|
|
|
|
#include <wolv/utils/expected.hpp>
|
|
|
|
|
|
|
|
namespace hex::plugin::yara {
|
|
|
|
|
|
|
|
class YaraRule {
|
|
|
|
public:
|
|
|
|
YaraRule() = default;
|
|
|
|
explicit YaraRule(const std::string& content);
|
|
|
|
explicit YaraRule(const std::fs::path& path);
|
|
|
|
|
|
|
|
static void init();
|
|
|
|
static void cleanup();
|
|
|
|
|
|
|
|
struct Match {
|
|
|
|
std::string variable;
|
|
|
|
Region region;
|
|
|
|
bool wholeDataMatch;
|
|
|
|
};
|
|
|
|
|
2024-02-22 20:49:21 +01:00
|
|
|
struct Rule {
|
|
|
|
std::string identifier;
|
|
|
|
std::map<std::string, std::string> metadata;
|
|
|
|
std::vector<std::string> tags;
|
|
|
|
|
2024-02-21 22:08:26 +01:00
|
|
|
std::vector<Match> matches;
|
2024-02-22 20:49:21 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
struct Result {
|
|
|
|
std::vector<Rule> matchedRules;
|
2024-02-21 22:08:26 +01:00
|
|
|
std::vector<std::string> consoleMessages;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct Error {
|
|
|
|
enum class Type {
|
|
|
|
CompileError,
|
|
|
|
RuntimeError,
|
|
|
|
Interrupted
|
|
|
|
} type;
|
|
|
|
std::string message;
|
|
|
|
};
|
|
|
|
|
2024-02-21 23:17:12 +01:00
|
|
|
wolv::util::Expected<Result, Error> match(prv::Provider *provider, Region region);
|
2024-02-21 22:08:26 +01:00
|
|
|
void interrupt();
|
|
|
|
[[nodiscard]] bool isInterrupted() const;
|
|
|
|
|
|
|
|
private:
|
|
|
|
std::string m_content;
|
|
|
|
std::fs::path m_filePath;
|
|
|
|
|
|
|
|
std::atomic<bool> m_interrupted = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|