Cool_Tools/ImHex
1
0
Fork 0
mirror of synced 2025-01-31 20:05:22 +01:00
Code Releases Wiki Activity

feat: Allow multiple yara rules to be applied after each otherr

Browse Source
This commit is contained in:
WerWolv 2022-10-28 14:32:56 +02:00
parent 5cf6baca88
commit db3072630a
7 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
plugins/builtin/source/content/views/view_yara.cpp
View File

@ -59,7 +59,13 @@ namespace hex::plugin::builtin {
} }
ImGui::SameLine(); ImGui::SameLine();
if (ImGui::Button("hex.builtin.view.yara.reload"_lang)) this->reloadRules(); if (ImGui::Button("hex.builtin.view.yara.reload"_lang)) this->reloadRules();
ImGui::NewLine();
if (ImGui::Button("hex.builtin.view.yara.match"_lang)) this->applyRules(); if (ImGui::Button("hex.builtin.view.yara.match"_lang)) this->applyRules();
ImGui::SameLine();
ImGui::BeginDisabled(this->m_matches.empty());
if (ImGui::Button("hex.builtin.view.yara.reset"_lang)) this->clearResult();
ImGui::EndDisabled();
} }
ImGui::EndDisabled(); ImGui::EndDisabled();
@ -171,8 +177,6 @@ namespace hex::plugin::builtin {
} }
void ViewYara::applyRules() { void ViewYara::applyRules() {
this->clearResult();
this->m_matcherTask = TaskManager::createTask("hex.builtin.view.yara.matching", 0, [this](auto &task) { this->m_matcherTask = TaskManager::createTask("hex.builtin.view.yara.matching", 0, [this](auto &task) {
if (!ImHexApi::Provider::isValid()) return; if (!ImHexApi::Provider::isValid()) return;
@ -334,9 +338,25 @@ namespace hex::plugin::builtin {
TaskManager::doLater([this, resultContext] { TaskManager::doLater([this, resultContext] {
this->m_matches = resultContext.newMatches; for (const auto &match : this->m_matches) {
ImHexApi::HexEditor::removeBackgroundHighlight(match.highlightId);
ImHexApi::HexEditor::removeTooltip(match.tooltipId);
}
this->m_consoleMessages = resultContext.consoleMessages; this->m_consoleMessages = resultContext.consoleMessages;
std::move(resultContext.newMatches.begin(), resultContext.newMatches.end(), std::back_inserter(this->m_matches));
auto uniques = std::set(this->m_matches.begin(), this->m_matches.end(), [](const auto &l, const auto &r) {
return l.address < r.address &&
l.size < r.size &&
l.wholeDataMatch < r.wholeDataMatch &&
l.identifier < r.identifier &&
l.variable < r.variable;
});
this->m_matches.clear();
std::move(uniques.begin(), uniques.end(), std::back_inserter(this->m_matches));
constexpr static color_t YaraColor = 0x70B4771F; constexpr static color_t YaraColor = 0x70B4771F;
for (auto &match : this->m_matches) { for (auto &match : this->m_matches) {
match.highlightId = ImHexApi::HexEditor::addBackgroundHighlight({ match.address, match.size }, YaraColor); match.highlightId = ImHexApi::HexEditor::addBackgroundHighlight({ match.address, match.size }, YaraColor);

1
plugins/builtin/source/lang/de_DE.cpp
View File

@ -407,6 +407,7 @@ namespace hex::plugin::builtin {
{ "hex.builtin.view.yara.header.rules", "Regeln" }, { "hex.builtin.view.yara.header.rules", "Regeln" },
{ "hex.builtin.view.yara.reload", "Neu laden" }, { "hex.builtin.view.yara.reload", "Neu laden" },
{ "hex.builtin.view.yara.match", "Regeln anwenden" }, { "hex.builtin.view.yara.match", "Regeln anwenden" },
{ "hex.builtin.view.yara.reset", "Zurücksetzen" },
{ "hex.builtin.view.yara.matching", "Anwenden..." }, { "hex.builtin.view.yara.matching", "Anwenden..." },
{ "hex.builtin.view.yara.error", "Yara Kompilerfehler: " }, { "hex.builtin.view.yara.error", "Yara Kompilerfehler: " },
{ "hex.builtin.view.yara.header.matches", "Funde" }, { "hex.builtin.view.yara.header.matches", "Funde" },

1
plugins/builtin/source/lang/en_US.cpp
View File

@ -410,6 +410,7 @@ namespace hex::plugin::builtin {
{ "hex.builtin.view.yara.header.rules", "Rules" }, { "hex.builtin.view.yara.header.rules", "Rules" },
{ "hex.builtin.view.yara.reload", "Reload" }, { "hex.builtin.view.yara.reload", "Reload" },
{ "hex.builtin.view.yara.match", "Match Rules" }, { "hex.builtin.view.yara.match", "Match Rules" },
{ "hex.builtin.view.yara.reset", "Reset" },
{ "hex.builtin.view.yara.matching", "Matching..." }, { "hex.builtin.view.yara.matching", "Matching..." },
{ "hex.builtin.view.yara.error", "Yara Compiler error: " }, { "hex.builtin.view.yara.error", "Yara Compiler error: " },
{ "hex.builtin.view.yara.header.matches", "Matches" }, { "hex.builtin.view.yara.header.matches", "Matches" },

1
plugins/builtin/source/lang/it_IT.cpp
View File

@ -413,6 +413,7 @@ namespace hex::plugin::builtin {
{ "hex.builtin.view.yara.header.rules", "Regola" }, { "hex.builtin.view.yara.header.rules", "Regola" },
{ "hex.builtin.view.yara.reload", "Ricarica" }, { "hex.builtin.view.yara.reload", "Ricarica" },
{ "hex.builtin.view.yara.match", "Abbina Regole" }, { "hex.builtin.view.yara.match", "Abbina Regole" },
//{ "hex.builtin.view.yara.reset", "Reset" },
{ "hex.builtin.view.yara.matching", "Abbinamento..." }, { "hex.builtin.view.yara.matching", "Abbinamento..." },
{ "hex.builtin.view.yara.error", "Errore compilazione Yara: " }, { "hex.builtin.view.yara.error", "Errore compilazione Yara: " },
{ "hex.builtin.view.yara.header.matches", "Abbinamenti" }, { "hex.builtin.view.yara.header.matches", "Abbinamenti" },

1
plugins/builtin/source/lang/ja_JP.cpp
View File

@ -412,6 +412,7 @@ namespace hex::plugin::builtin {
{ "hex.builtin.view.yara.header.rules", "ルール" }, { "hex.builtin.view.yara.header.rules", "ルール" },
{ "hex.builtin.view.yara.reload", "リロード" }, { "hex.builtin.view.yara.reload", "リロード" },
{ "hex.builtin.view.yara.match", "検出" }, { "hex.builtin.view.yara.match", "検出" },
//{ "hex.builtin.view.yara.reset", "Reset" },
{ "hex.builtin.view.yara.matching", "マッチ中…" }, { "hex.builtin.view.yara.matching", "マッチ中…" },
{ "hex.builtin.view.yara.error", "Yaraコンパイルエラー: " }, { "hex.builtin.view.yara.error", "Yaraコンパイルエラー: " },
{ "hex.builtin.view.yara.header.matches", "マッチ結果" }, { "hex.builtin.view.yara.header.matches", "マッチ結果" },

1
plugins/builtin/source/lang/ko_KR.cpp
View File

@ -409,6 +409,7 @@ namespace hex::plugin::builtin {
{ "hex.builtin.view.yara.header.rules", "규칙" }, { "hex.builtin.view.yara.header.rules", "규칙" },
{ "hex.builtin.view.yara.reload", "재검사" }, { "hex.builtin.view.yara.reload", "재검사" },
{ "hex.builtin.view.yara.match", "일치하는 규칙" }, { "hex.builtin.view.yara.match", "일치하는 규칙" },
//{ "hex.builtin.view.yara.reset", "Reset" },
{ "hex.builtin.view.yara.matching", "검색 중..." }, { "hex.builtin.view.yara.matching", "검색 중..." },
{ "hex.builtin.view.yara.error", "Yara 컴파일러 에러: " }, { "hex.builtin.view.yara.error", "Yara 컴파일러 에러: " },
{ "hex.builtin.view.yara.header.matches", "규칙" }, { "hex.builtin.view.yara.header.matches", "규칙" },

1
plugins/builtin/source/lang/pt_BR.cpp
View File

@ -409,6 +409,7 @@ namespace hex::plugin::builtin {
{ "hex.builtin.view.yara.header.rules", "Regras" }, { "hex.builtin.view.yara.header.rules", "Regras" },
{ "hex.builtin.view.yara.reload", "Recarregar" }, { "hex.builtin.view.yara.reload", "Recarregar" },
{ "hex.builtin.view.yara.match", "Combinar Regras" }, { "hex.builtin.view.yara.match", "Combinar Regras" },
//{ "hex.builtin.view.yara.reset", "Reset" },
{ "hex.builtin.view.yara.matching", "Combinando..." }, { "hex.builtin.view.yara.matching", "Combinando..." },
{ "hex.builtin.view.yara.error", "Erro do compilador Yara: " }, { "hex.builtin.view.yara.error", "Erro do compilador Yara: " },
{ "hex.builtin.view.yara.header.matches", "Combinações" }, { "hex.builtin.view.yara.header.matches", "Combinações" },