ui: Added to matched yara rules

2025-01-18 09:04:52 +01:00 · 2022-02-02 21:08:46 +01:00 · 2022-02-02 21:08:46 +01:00 · ba68f463e5
commit ba68f463e5
parent df1d302bcb
4 changed files with 14 additions and 6 deletions
--- a/lib/libimhex/include/hex/pattern_language/pattern_data.hpp
+++ b/lib/libimhex/include/hex/pattern_language/pattern_data.hpp
@ -82,7 +82,6 @@ namespace hex::pl {
    public:
        PatternData(Evaluator *evaluator, u64 offset, size_t size, u32 color = 0)
            : PatternCreationLimiter(evaluator), m_offset(offset), m_size(size), m_color(color) {
-            constexpr u32 Palette[] = { 0x70b4771f, 0x700e7fff, 0x702ca02c, 0x702827d6, 0x70bd6794, 0x704b568c, 0x70c277e3, 0x707f7f7f, 0x7022bdbc, 0x70cfbe17 };

            if (color != 0)
                return;
--- a/plugins/builtin/include/content/views/view_yara.hpp
+++ b/plugins/builtin/include/content/views/view_yara.hpp
@ -18,9 +18,10 @@ namespace hex::plugin::builtin {
        struct YaraMatch {
            std::string identifier;
            std::string variable;
-            i64 address;
-            i32 size;
+            u64 address;
+            size_t size;
            bool wholeDataMatch;
+            u32 highlightId;
        };

        std::vector<std::pair<std::string, std::string>> m_rules;
--- a/plugins/builtin/source/content/views/view_hexeditor.cpp
+++ b/plugins/builtin/source/content/views/view_hexeditor.cpp
@ -116,7 +116,8 @@ namespace hex::plugin::builtin {
        this->m_memoryEditor.HoverFn = [](const ImU8 *data, size_t off) {
            bool tooltipShown = false;

-            off += ImHexApi::Provider::get()->getBaseAddress();
+            auto provider = ImHexApi::Provider::get();
+            off += provider->getBaseAddress() + provider->getCurrentPageAddress();

            for (const auto &[id, highlight] : ImHexApi::HexEditor::getHighlights()) {
                auto &region  = highlight.getRegion();
--- a/plugins/builtin/source/content/views/view_yara.cpp
+++ b/plugins/builtin/source/content/views/view_yara.cpp
@ -96,7 +96,7 @@ namespace hex::plugin::builtin {

                while (clipper.Step()) {
                    for (u32 i = clipper.DisplayStart; i < clipper.DisplayEnd; i++) {
-                        auto &[identifier, variableName, address, size, wholeDataMatch] = this->m_matches[i];
+                        auto &[identifier, variableName, address, size, wholeDataMatch, highlightId] = this->m_matches[i];
                        ImGui::TableNextRow();
                        ImGui::TableNextColumn();
                        ImGui::PushID(i);
@ -147,6 +147,9 @@ namespace hex::plugin::builtin {
    }

    void ViewYara::applyRules() {
+        for (const auto &match : this->m_matches)
+            ImHexApi::HexEditor::removeHighlight(match.highlightId);
+
        this->m_matches.clear();
        this->m_errorMessage.clear();
        this->m_matching = true;
@ -271,7 +274,7 @@ namespace hex::plugin::builtin {
                        if (rule->strings != nullptr) {
                            yr_rule_strings_foreach(rule, string) {
                                yr_string_matches_foreach(context, string, match) {
-                                    newMatches.push_back({ rule->identifier, string->identifier, match->offset, match->match_length, false });
+                                    newMatches.push_back({ rule->identifier, string->identifier, u64(match->offset), size_t(match->match_length), false });
                                }
                            }
                        } else {
@ -284,6 +287,10 @@ namespace hex::plugin::builtin {
                &newMatches,
                0);

+            for (auto &match : newMatches) {
+                match.highlightId = ImHexApi::HexEditor::addHighlight({ match.address, match.size }, 0x70B4771F, hex::format("{0} [{1}]", match.identifier, match.variable));
+            }
+
            std::copy(newMatches.begin(), newMatches.end(), std::back_inserter(this->m_matches));
        }).detach();
    }