yara: Added support for displaying variable names

2024-11-28 09:30:51 +01:00 · 2021-11-04 20:41:36 +01:00 · 2021-11-04 20:41:36 +01:00 · 434de44ef5
commit 434de44ef5
parent 1c1396bf4b
6 changed files with 12 additions and 4 deletions
--- a/include/views/view_yara.hpp
+++ b/include/views/view_yara.hpp
@ -18,6 +18,7 @@ namespace hex {
    private:
        struct YaraMatch {
            std::string identifier;
+            std::string variable;
            s64 address;
            s32 size;
            bool wholeDataMatch;
--- a/plugins/builtin/source/lang/de_DE.cpp
+++ b/plugins/builtin/source/lang/de_DE.cpp
@ -301,6 +301,7 @@ namespace hex::plugin::builtin {
                        { "hex.view.yara.error", "Yara Kompilerfehler: " },
                    { "hex.view.yara.header.matches", "Funde" },
                        { "hex.view.yara.matches.identifier", "Kennung" },
+                        { "hex.view.yara.matches.variable", "Variabel" },
                        { "hex.view.yara.whole_data", "Gesammte Daten Übereinstimmung!" },
                        { "hex.view.yara.no_rules", "Keine Yara Regeln gefunden. Platziere sie in ImHex's 'yara' Ordner" },

--- a/plugins/builtin/source/lang/en_US.cpp
+++ b/plugins/builtin/source/lang/en_US.cpp
@ -304,6 +304,7 @@ namespace hex::plugin::builtin {
                        { "hex.view.yara.error", "Yara Compiler error: " },
                    { "hex.view.yara.header.matches", "Matches" },
                        { "hex.view.yara.matches.identifier", "Identifier" },
+                        { "hex.view.yara.matches.variable", "Variable" },
                        { "hex.view.yara.whole_data", "Whole file matches!" },
                        { "hex.view.yara.no_rules", "No YARA rules found. Put them in ImHex's 'yara' folder" },

--- a/plugins/builtin/source/lang/it_IT.cpp
+++ b/plugins/builtin/source/lang/it_IT.cpp
@ -301,6 +301,7 @@ namespace hex::plugin::builtin {
                        { "hex.view.yara.error", "Errore compilazione Yara: " },
                    { "hex.view.yara.header.matches", "Abbinamenti" },
                        { "hex.view.yara.matches.identifier", "Identificatore" },
+                        //{ "hex.view.yara.matches.variable", "Variable" },
                        { "hex.view.yara.whole_data", "Tutti i file combaciano!" },
                        { "hex.view.yara.no_rules", "Nessuna regola di YARA. Aggiungile in nella cartella 'yara' di 'ImHex'" },

--- a/plugins/builtin/source/lang/zh_CN.cpp
+++ b/plugins/builtin/source/lang/zh_CN.cpp
@ -301,6 +301,7 @@ namespace hex::plugin::builtin {
                        { "hex.view.yara.error", "Yara编译器错误: " },
                    { "hex.view.yara.header.matches", "匹配" },
                        { "hex.view.yara.matches.identifier", "标识符" },
+                        //{ "hex.view.yara.matches.variable", "Variable" },
                        { "hex.view.yara.whole_data", "全文件匹配！" },
                        { "hex.view.yara.no_rules", "没有找到YARA规则。请将规则放到ImHex的'yara'目录下。" },

--- a/source/views/view_yara.cpp
+++ b/source/views/view_yara.cpp
@ -69,9 +69,10 @@ namespace hex {
            ImGui::TextUnformatted("hex.view.yara.header.matches"_lang);
            ImGui::Separator();

-            if (ImGui::BeginTable("matches", 3, ImGuiTableFlags_Borders | ImGuiTableFlags_Resizable | ImGuiTableFlags_Sortable | ImGuiTableFlags_Reorderable | ImGuiTableFlags_RowBg | ImGuiTableFlags_ScrollY)) {
+            if (ImGui::BeginTable("matches", 4, ImGuiTableFlags_Borders | ImGuiTableFlags_Resizable | ImGuiTableFlags_Sortable | ImGuiTableFlags_Reorderable | ImGuiTableFlags_RowBg | ImGuiTableFlags_ScrollY)) {
                ImGui::TableSetupScrollFreeze(0, 1);
                ImGui::TableSetupColumn("hex.view.yara.matches.identifier"_lang);
+                ImGui::TableSetupColumn("hex.view.yara.matches.variable"_lang);
                ImGui::TableSetupColumn("hex.common.address"_lang);
                ImGui::TableSetupColumn("hex.common.size"_lang);

@ -82,7 +83,7 @@ namespace hex {

                while (clipper.Step()) {
                    for (u32 i = clipper.DisplayStart; i < clipper.DisplayEnd; i++) {
-                        auto &[identifier, address, size, wholeDataMatch] = this->m_matches[i];
+                        auto &[identifier, variableName, address, size, wholeDataMatch] = this->m_matches[i];
                        ImGui::TableNextRow();
                        ImGui::TableNextColumn();
                        ImGui::PushID(i);
@ -92,6 +93,8 @@ namespace hex {
                        ImGui::PopID();
                        ImGui::SameLine();
                        ImGui::TextUnformatted(identifier.c_str());
+                        ImGui::TableNextColumn();
+                        ImGui::TextUnformatted(variableName.c_str());

                        if (!wholeDataMatch) {
                            ImGui::TableNextColumn();
@ -250,11 +253,11 @@ namespace hex {
                    if (rule->strings != nullptr) {
                        yr_rule_strings_foreach(rule, string) {
                            yr_string_matches_foreach(context, string, match) {
-                                newMatches.push_back({ rule->identifier, match->offset, match->match_length, false });
+                                newMatches.push_back({ rule->identifier, string->identifier, match->offset, match->match_length, false });
                            }
                        }
                    } else {
-                        newMatches.push_back({ rule->identifier, 0, 0, true });
+                        newMatches.push_back({ rule->identifier, "", 0, 0, true });
                    }

                }