diff --git a/release.bat b/release.bat index 0f0995a2..414567af 100644 --- a/release.bat +++ b/release.bat @@ -12,8 +12,6 @@ mkdir %RELEASEDIR%\pluginsdk\jansson mkdir %RELEASEDIR%\pluginsdk\lz4 mkdir %RELEASEDIR%\pluginsdk\TitanEngine mkdir %RELEASEDIR%\pluginsdk\XEDParse -mkdir %RELEASEDIR%\pluginsdk\yara -mkdir %RELEASEDIR%\pluginsdk\yara\yara xcopy src\dbg\dbghelp %RELEASEDIR%\pluginsdk\dbghelp /S /Y xcopy src\dbg\DeviceNameResolver %RELEASEDIR%\pluginsdk\DeviceNameResolver /S /Y @@ -22,7 +20,6 @@ xcopy src\dbg\lz4 %RELEASEDIR%\pluginsdk\lz4 /S /Y xcopy src\dbg\TitanEngine %RELEASEDIR%\pluginsdk\TitanEngine /S /Y del %RELEASEDIR%\pluginsdk\TitanEngine\TitanEngine.txt /F /Q xcopy src\dbg\XEDParse %RELEASEDIR%\pluginsdk\XEDParse /S /Y -xcopy src\dbg\yara %RELEASEDIR%\pluginsdk\yara /S /Y copy src\dbg\_plugin_types.h %RELEASEDIR%\pluginsdk\_plugin_types.h copy src\dbg\_plugins.h %RELEASEDIR%\pluginsdk\_plugins.h copy src\dbg\_scriptapi*.h %RELEASEDIR%\pluginsdk\_scriptapi*.h diff --git a/src/dbg/commands/cmd-searching.cpp b/src/dbg/commands/cmd-searching.cpp index 7f310131..6acf965d 100644 --- a/src/dbg/commands/cmd-searching.cpp +++ b/src/dbg/commands/cmd-searching.cpp @@ -7,7 +7,6 @@ #include "debugger.h" #include "filehelper.h" #include "label.h" -#include "yara/yara.h" #include "stringformat.h" #include "disasm_helper.h" #include "symbolinfo.h" @@ -947,299 +946,6 @@ bool cbInstrGUIDFind(int argc, char* argv[]) return true; } -static void yaraCompilerCallback(int error_level, const char* file_name, int line_number, const char* message, void* user_data) -{ - switch(error_level) - { - case YARA_ERROR_LEVEL_ERROR: - dprintf(QT_TRANSLATE_NOOP("DBG", "[YARA ERROR] ")); - break; - case YARA_ERROR_LEVEL_WARNING: - dprintf(QT_TRANSLATE_NOOP("DBG", "[YARA WARNING] ")); - break; - } - dprintf(QT_TRANSLATE_NOOP("DBG", "File: \"%s\", Line: %d, Message: \"%s\"\n"), file_name, line_number, message); -} - -static String yara_print_string(const uint8_t* data, int length) -{ - String result = "\""; - const char* str = (const char*)data; - for(int i = 0; i < length; i++) - { - char cur[16] = ""; - if(str[i] >= 32 && str[i] <= 126) - sprintf_s(cur, "%c", str[i]); - else - sprintf_s(cur, "\\x%02X", (uint8_t)str[i]); - result += cur; - } - result += "\""; - return result; -} - -static String yara_print_hex_string(const uint8_t* data, int length) -{ - String result = ""; - for(int i = 0; i < length; i++) - { - if(i) - result += " "; - char cur[16] = ""; - sprintf_s(cur, "%02X", (uint8_t)data[i]); - result += cur; - } - return result; -} - -struct YaraScanInfo -{ - duint base; - int index; - bool rawFile; - const char* modname; - bool debug; - - YaraScanInfo(duint base, bool rawFile, const char* modname, bool debug) - : base(base), index(0), rawFile(rawFile), modname(modname), debug(debug) - { - } -}; - -static int yaraScanCallback(int message, void* message_data, void* user_data) -{ - YaraScanInfo* scanInfo = (YaraScanInfo*)user_data; - bool debug = scanInfo->debug; - switch(message) - { - case CALLBACK_MSG_RULE_MATCHING: - { - duint base = scanInfo->base; - YR_RULE* yrRule = (YR_RULE*)message_data; - auto addReference = [scanInfo, yrRule](duint addr, const char* identifier, const std::string & pattern) - { - auto index = scanInfo->index; - GuiReferenceSetRowCount(index + 1); - scanInfo->index++; - - char addr_text[deflen] = ""; - sprintf_s(addr_text, "%p", addr); - GuiReferenceSetCellContent(index, 0, addr_text); //Address - String ruleFullName = ""; - ruleFullName += yrRule->identifier; - if(identifier) - { - ruleFullName += "."; - ruleFullName += identifier; - } - GuiReferenceSetCellContent(index, 1, ruleFullName.c_str()); //Rule - GuiReferenceSetCellContent(index, 2, pattern.c_str()); //Data - }; - - if(STRING_IS_NULL(yrRule->strings)) - { - if(debug) - dprintf(QT_TRANSLATE_NOOP("DBG", "[YARA] Global rule \"%s\" matched!\n"), yrRule->identifier); - addReference(base, nullptr, ""); - } - else - { - if(debug) - dprintf(QT_TRANSLATE_NOOP("DBG", "[YARA] Rule \"%s\" matched:\n"), yrRule->identifier); - YR_STRING* string; - yr_rule_strings_foreach(yrRule, string) - { - YR_MATCH* match; - yr_string_matches_foreach(string, match) - { - String pattern; - if(STRING_IS_HEX(string)) - pattern = yara_print_hex_string(match->data, match->match_length); - else - pattern = yara_print_string(match->data, match->match_length); - auto offset = duint(match->base + match->offset); - duint addr; - if(scanInfo->rawFile) //convert raw offset to virtual offset - addr = valfileoffsettova(scanInfo->modname, offset); - else - addr = base + offset; - - if(debug) - dprintf(QT_TRANSLATE_NOOP("DBG", "[YARA] String \"%s\" : %s on %p\n"), string->identifier, pattern.c_str(), addr); - - addReference(addr, string->identifier, pattern); - } - } - } - } - break; - - case CALLBACK_MSG_RULE_NOT_MATCHING: - { - YR_RULE* yrRule = (YR_RULE*)message_data; - if(debug) - dprintf(QT_TRANSLATE_NOOP("DBG", "[YARA] Rule \"%s\" did not match!\n"), yrRule->identifier); - } - break; - - case CALLBACK_MSG_SCAN_FINISHED: - { - if(debug) - dputs(QT_TRANSLATE_NOOP("DBG", "[YARA] Scan finished!")); - } - break; - - case CALLBACK_MSG_IMPORT_MODULE: - { - YR_MODULE_IMPORT* yrModuleImport = (YR_MODULE_IMPORT*)message_data; - if(debug) - dprintf(QT_TRANSLATE_NOOP("DBG", "[YARA] Imported module \"%s\"!\n"), yrModuleImport->module_name); - } - break; - } - return ERROR_SUCCESS; //nicely undocumented what this should be -} - -bool cbInstrYara(int argc, char* argv[]) -{ - if(IsArgumentsLessThan(argc, 2)) - return false; - duint addr = 0; - SELECTIONDATA sel; - GuiSelectionGet(GUI_DISASSEMBLY, &sel); - addr = sel.start; - - duint base = 0; - duint size = 0; - duint mod = argc > 2 ? ModBaseFromName(argv[2]) : 0; - bool rawFile = false; - if(mod) - { - base = mod; - size = ModSizeFromAddr(base); - rawFile = argc > 3 && *argv[3] == '1'; - } - else - { - if(argc > 2 && !valfromstring(argv[2], &addr)) - { - dprintf(QT_TRANSLATE_NOOP("DBG", "Invalid value \"%s\"!\n"), argv[2]); - return false; - } - - size = 0; - if(argc > 3) - if(!valfromstring(argv[3], &size)) - size = 0; - if(!size) - addr = MemFindBaseAddr(addr, &size); - base = addr; - } - std::vector rawFileData; - if(rawFile) //read the file from disk - { - char modPath[MAX_PATH] = ""; - if(!ModPathFromAddr(base, modPath, MAX_PATH)) - { - dprintf(QT_TRANSLATE_NOOP("DBG", "Failed to get module path for %p!\n"), base); - return false; - } - if(!FileHelper::ReadAllData(modPath, rawFileData)) - { - dprintf(QT_TRANSLATE_NOOP("DBG", "Failed to read file \"%s\"!\n"), modPath); - return false; - } - size = rawFileData.size(); - } - Memory data(size); - if(rawFile) - memcpy(data(), rawFileData.data(), size); - else - { - memset(data(), 0xCC, data.size()); - MemReadDumb(base, data(), size); - } - - String rulesContent; - if(!FileHelper::ReadAllText(argv[1], rulesContent)) - { - dprintf(QT_TRANSLATE_NOOP("DBG", "Failed to read the rules file \"%s\"\n"), argv[1]); - return false; - } - - bool bSuccess = false; - YR_COMPILER* yrCompiler; - if(yr_compiler_create(&yrCompiler) == ERROR_SUCCESS) - { - yr_compiler_set_callback(yrCompiler, yaraCompilerCallback, 0); - if(yr_compiler_add_string(yrCompiler, rulesContent.c_str(), nullptr) == 0) //no errors found - { - YR_RULES* yrRules; - if(yr_compiler_get_rules(yrCompiler, &yrRules) == ERROR_SUCCESS) - { - //initialize new reference tab - char modname[MAX_MODULE_SIZE] = ""; - if(!ModNameFromAddr(base, modname, true)) - sprintf_s(modname, "%p", base); - String fullName; - const char* fileName = strrchr(argv[1], '\\'); - if(fileName) - fullName = fileName + 1; - else - fullName = argv[1]; - fullName += " ("; - fullName += modname; - fullName += ")"; //nanana, very ugly code (long live open source) - GuiReferenceInitialize(fullName.c_str()); - GuiReferenceAddColumn(sizeof(duint) * 2, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Address"))); - GuiReferenceAddColumn(48, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Rule"))); - GuiReferenceAddColumn(10, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Data"))); - GuiReferenceSetRowCount(0); - GuiReferenceReloadData(); - YaraScanInfo scanInfo(base, rawFile, argc > 2 ? argv[2] : modname, settingboolget("Engine", "YaraDebug")); - duint ticks = GetTickCount(); - dputs(QT_TRANSLATE_NOOP("DBG", "[YARA] Scan started...")); - int err = yr_rules_scan_mem(yrRules, data(), size, 0, yaraScanCallback, &scanInfo, 0); - GuiReferenceReloadData(); - switch(err) - { - case ERROR_SUCCESS: - dprintf(QT_TRANSLATE_NOOP("DBG", "%u scan results in %ums...\n"), DWORD(scanInfo.index), GetTickCount() - DWORD(ticks)); - bSuccess = true; - break; - case ERROR_TOO_MANY_MATCHES: - dputs(QT_TRANSLATE_NOOP("DBG", "Too many matches!")); - break; - default: - dputs(QT_TRANSLATE_NOOP("DBG", "Error while scanning memory!")); - break; - } - yr_rules_destroy(yrRules); - } - else - dputs(QT_TRANSLATE_NOOP("DBG", "Error while getting the rules!")); - } - else - dputs(QT_TRANSLATE_NOOP("DBG", "Errors in the rules file!")); - yr_compiler_destroy(yrCompiler); - } - else - dputs(QT_TRANSLATE_NOOP("DBG", "yr_compiler_create failed!")); - return bSuccess; -} - -bool cbInstrYaramod(int argc, char* argv[]) -{ - if(IsArgumentsLessThan(argc, 3)) - return false; - if(!ModBaseFromName(argv[2])) - { - dprintf(QT_TRANSLATE_NOOP("DBG", "Invalid module \"%s\"!\n"), argv[2]); - return false; - } - return cmddirectexec(StringUtils::sprintf("yara \"%s\",\"%s\",%s", argv[1], argv[2], argc > 3 && *argv[3] == '1' ? "1" : "0").c_str()); -} - bool cbInstrSetMaxFindResult(int argc, char* argv[]) { if(IsArgumentsLessThan(argc, 2)) diff --git a/src/dbg/commands/cmd-searching.h b/src/dbg/commands/cmd-searching.h index 6b6fdbf1..fd12b958 100644 --- a/src/dbg/commands/cmd-searching.h +++ b/src/dbg/commands/cmd-searching.h @@ -12,6 +12,4 @@ bool cbInstrRefStr(int argc, char* argv[]); bool cbInstrRefFuncionPointer(int argc, char* argv[]); bool cbInstrModCallFind(int argc, char* argv[]); bool cbInstrGUIDFind(int argc, char* argv[]); -bool cbInstrYara(int argc, char* argv[]); -bool cbInstrYaramod(int argc, char* argv[]); bool cbInstrSetMaxFindResult(int argc, char* argv[]); diff --git a/src/dbg/x64dbg.cpp b/src/dbg/x64dbg.cpp index 84031163..79d3ab3d 100644 --- a/src/dbg/x64dbg.cpp +++ b/src/dbg/x64dbg.cpp @@ -26,7 +26,6 @@ #include "expressionfunctions.h" #include "formatfunctions.h" #include "stringformat.h" -#include "yara/yara.h" #include "dbghelp_safe.h" static MESSAGE_STACK* gMsgStack = 0; @@ -275,8 +274,6 @@ static void registercommands() dbgcmdnew("refstr,strref", cbInstrRefStr, true); //find string references dbgcmdnew("reffunctionpointer", cbInstrRefFuncionPointer, true); //find function pointers dbgcmdnew("modcallfind", cbInstrModCallFind, true); //find intermodular calls - dbgcmdnew("yara", cbInstrYara, true); //yara test command - dbgcmdnew("yaramod", cbInstrYaramod, true); //yara rule on module dbgcmdnew("setmaxfindresult,findsetmaxresult", cbInstrSetMaxFindResult, false); //set the maximum number of occurences found dbgcmdnew("guidfind,findguid", cbInstrGUIDFind, true); //find GUID references TODO: undocumented @@ -648,9 +645,6 @@ extern "C" DLL_EXPORT const char* _dbg_dbginit() //#endif //ENABLE_MEM_TRACE dputs(QT_TRANSLATE_NOOP("DBG", "Initializing Zydis...")); Zydis::GlobalInitialize(); - dputs(QT_TRANSLATE_NOOP("DBG", "Initializing Yara...")); - if(yr_initialize() != ERROR_SUCCESS) - return "Failed to initialize Yara!"; dputs(QT_TRANSLATE_NOOP("DBG", "Getting directory information...")); strcpy_s(scriptDllDir, szProgramDir); @@ -778,7 +772,6 @@ extern "C" DLL_EXPORT void _dbg_dbgexitsignal() dputs(QT_TRANSLATE_NOOP("DBG", "Cleaning up allocated data...")); cmdfree(); varfree(); - yr_finalize(); Zydis::GlobalFinalize(); dputs(QT_TRANSLATE_NOOP("DBG", "Cleaning up wait objects...")); waitdeinitialize(); diff --git a/src/dbg/x64dbg_dbg.vcxproj b/src/dbg/x64dbg_dbg.vcxproj index 68d24279..f540ebe4 100644 --- a/src/dbg/x64dbg_dbg.vcxproj +++ b/src/dbg/x64dbg_dbg.vcxproj @@ -247,9 +247,6 @@ - - - @@ -264,36 +261,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -416,7 +383,7 @@ Windows true true - ntdll\ntdll_x86.lib;$(ProjectDir)..\zydis_wrapper\bin\x32\zydis_wrapper.lib;yara\yara_x86.lib;lz4\lz4_x86.lib;jansson\jansson_x86.lib;DeviceNameResolver\DeviceNameResolver_x86.lib;XEDParse\XEDParse_x86.lib;$(SolutionDir)bin\x32\x32bridge.lib;dbghelp\dbghelp_x86.lib;TitanEngine\TitanEngine_x86.lib;ws2_32.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies) + ntdll\ntdll_x86.lib;$(ProjectDir)..\zydis_wrapper\bin\x32\zydis_wrapper.lib;lz4\lz4_x86.lib;jansson\jansson_x86.lib;DeviceNameResolver\DeviceNameResolver_x86.lib;XEDParse\XEDParse_x86.lib;$(SolutionDir)bin\x32\x32bridge.lib;dbghelp\dbghelp_x86.lib;TitanEngine\TitanEngine_x86.lib;ws2_32.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies) @@ -437,7 +404,7 @@ Windows false false - ntdll\ntdll_x86.lib;$(ProjectDir)..\zydis_wrapper\bin\x32d\zydis_wrapper.lib;yara\yara_x86.lib;lz4\lz4_x86.lib;jansson\jansson_x86.lib;DeviceNameResolver\DeviceNameResolver_x86.lib;XEDParse\XEDParse_x86.lib;$(SolutionDir)bin\x32d\x32bridge.lib;dbghelp\dbghelp_x86.lib;TitanEngine\TitanEngine_x86.lib;ws2_32.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies) + ntdll\ntdll_x86.lib;$(ProjectDir)..\zydis_wrapper\bin\x32d\zydis_wrapper.lib;lz4\lz4_x86.lib;jansson\jansson_x86.lib;DeviceNameResolver\DeviceNameResolver_x86.lib;XEDParse\XEDParse_x86.lib;$(SolutionDir)bin\x32d\x32bridge.lib;dbghelp\dbghelp_x86.lib;TitanEngine\TitanEngine_x86.lib;ws2_32.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies) @@ -464,7 +431,7 @@ Windows true true - $(ProjectDir)..\zydis_wrapper\bin\x64\zydis_wrapper.lib;ntdll\ntdll_x64.lib;yara\yara_x64.lib;lz4\lz4_x64.lib;jansson\jansson_x64.lib;DeviceNameResolver\DeviceNameResolver_x64.lib;XEDParse\XEDParse_x64.lib;$(SolutionDir)bin\x64\x64bridge.lib;dbghelp\dbghelp_x64.lib;TitanEngine\TitanEngine_x64.lib;ws2_32.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies) + $(ProjectDir)..\zydis_wrapper\bin\x64\zydis_wrapper.lib;ntdll\ntdll_x64.lib;lz4\lz4_x64.lib;jansson\jansson_x64.lib;DeviceNameResolver\DeviceNameResolver_x64.lib;XEDParse\XEDParse_x64.lib;$(SolutionDir)bin\x64\x64bridge.lib;dbghelp\dbghelp_x64.lib;TitanEngine\TitanEngine_x64.lib;ws2_32.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies) @@ -488,7 +455,7 @@ Windows false false - $(ProjectDir)..\zydis_wrapper\bin\x64d\zydis_wrapper.lib;ntdll\ntdll_x64.lib;yara\yara_x64.lib;lz4\lz4_x64.lib;jansson\jansson_x64.lib;DeviceNameResolver\DeviceNameResolver_x64.lib;XEDParse\XEDParse_x64.lib;$(SolutionDir)bin\x64d\x64bridge.lib;dbghelp\dbghelp_x64.lib;TitanEngine\TitanEngine_x64.lib;ws2_32.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies) + $(ProjectDir)..\zydis_wrapper\bin\x64d\zydis_wrapper.lib;ntdll\ntdll_x64.lib;lz4\lz4_x64.lib;jansson\jansson_x64.lib;DeviceNameResolver\DeviceNameResolver_x64.lib;XEDParse\XEDParse_x64.lib;$(SolutionDir)bin\x64d\x64bridge.lib;dbghelp\dbghelp_x64.lib;TitanEngine\TitanEngine_x64.lib;ws2_32.lib;psapi.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;shlwapi.lib;%(AdditionalDependencies) diff --git a/src/dbg/x64dbg_dbg.vcxproj.filters b/src/dbg/x64dbg_dbg.vcxproj.filters index 66bce11e..f7a3d8f7 100644 --- a/src/dbg/x64dbg_dbg.vcxproj.filters +++ b/src/dbg/x64dbg_dbg.vcxproj.filters @@ -63,12 +63,6 @@ {b006b04c-d7ea-49cb-b097-0cac1388f98e} - - {efe5d058-e77c-49e9-a25b-75b90346dbf2} - - - {f79c5166-e315-44ca-9e93-dabc9f00fa78} - {3aba2399-cfdf-40be-9265-2062f983bbfd} @@ -604,96 +598,6 @@ Header Files\Utilities - - Header Files\Third Party\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - Header Files\Utilities @@ -748,9 +652,6 @@ Header Files\Debugger Core - - Header Files\Third Party\yara\yara - Header Files\Information @@ -856,12 +757,6 @@ Header Files\Debugger Core - - Header Files\Third Party\yara\yara - - - Header Files\Third Party\yara\yara - Header Files\Utilities diff --git a/src/dbg/yara/yara.h b/src/dbg/yara/yara.h deleted file mode 100644 index 8f52e0ae..00000000 --- a/src/dbg/yara/yara.h +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright (c) 2007-2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_YARA_H -#define YR_YARA_H - -#include "yara/utils.h" -#include "yara/filemap.h" -#include "yara/compiler.h" -#include "yara/modules.h" -#include "yara/object.h" -#include "yara/libyara.h" -#include "yara/error.h" -#include "yara/stream.h" -#include "yara/hash.h" - -#endif diff --git a/src/dbg/yara/yara/ahocorasick.h b/src/dbg/yara/yara/ahocorasick.h deleted file mode 100644 index e2ea8952..00000000 --- a/src/dbg/yara/yara/ahocorasick.h +++ /dev/null @@ -1,84 +0,0 @@ -/* -Copyright (c) 2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef _AHOCORASICK_H -#define _AHOCORASICK_H - -#include "limits.h" -#include "atoms.h" -#include "types.h" - - -#define YR_AC_ROOT_STATE 0 -#define YR_AC_NEXT_STATE(t) (t >> 32) -#define YR_AC_INVALID_TRANSITION(t, c) (((t) & 0xFFFF) != c) - -#define YR_AC_MAKE_TRANSITION(state, code, flags) \ - ((uint64_t)((((uint64_t) state) << 32) | ((flags) << 16) | (code))) - -#define YR_AC_USED_FLAG 0x1 - -#define YR_AC_USED_TRANSITION_SLOT(x) ((x) & (YR_AC_USED_FLAG << 16)) -#define YR_AC_UNUSED_TRANSITION_SLOT(x) (!YR_AC_USED_TRANSITION_SLOT(x)) - - -typedef struct _YR_AC_TABLES -{ - YR_AC_TRANSITION* transitions; - YR_AC_MATCH_TABLE_ENTRY* matches; - -} YR_AC_TABLES; - - -int yr_ac_automaton_create( - YR_AC_AUTOMATON** automaton); - - -int yr_ac_automaton_destroy( - YR_AC_AUTOMATON* automaton); - - -int yr_ac_add_string( - YR_AC_AUTOMATON* automaton, - YR_STRING* string, - YR_ATOM_LIST_ITEM* atom, - YR_ARENA* matches_arena); - - -int yr_ac_compile( - YR_AC_AUTOMATON* automaton, - YR_ARENA* arena, - YR_AC_TABLES* tables); - - -void yr_ac_print_automaton( - YR_AC_AUTOMATON* automaton); - - -#endif diff --git a/src/dbg/yara/yara/arena.h b/src/dbg/yara/yara/arena.h deleted file mode 100644 index 00cbb971..00000000 --- a/src/dbg/yara/yara/arena.h +++ /dev/null @@ -1,165 +0,0 @@ -/* -Copyright (c) 2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_ARENA_H -#define YR_ARENA_H - -#include - -#include "integers.h" -#include "stream.h" - -#define ARENA_FLAGS_FIXED_SIZE 1 -#define ARENA_FLAGS_COALESCED 2 -#define ARENA_FILE_VERSION ((13 << 16) | MAX_THREADS) - -#define EOL ((size_t) -1) - - -typedef struct _YR_RELOC -{ - uint32_t offset; - struct _YR_RELOC* next; - -} YR_RELOC; - - -typedef struct _YR_ARENA_PAGE -{ - - uint8_t* new_address; - uint8_t* address; - - size_t size; - size_t used; - - YR_RELOC* reloc_list_head; - YR_RELOC* reloc_list_tail; - - struct _YR_ARENA_PAGE* next; - struct _YR_ARENA_PAGE* prev; - -} YR_ARENA_PAGE; - - -typedef struct _YR_ARENA -{ - int flags; - - YR_ARENA_PAGE* page_list_head; - YR_ARENA_PAGE* current_page; - -} YR_ARENA; - - -int yr_arena_create( - size_t initial_size, - int flags, - YR_ARENA** arena); - - -void yr_arena_destroy( - YR_ARENA* arena); - - -void* yr_arena_base_address( - YR_ARENA* arena); - - -void* yr_arena_next_address( - YR_ARENA* arena, - void* address, - size_t offset); - - -int yr_arena_coalesce( - YR_ARENA* arena); - - -int yr_arena_reserve_memory( - YR_ARENA* arena, - size_t size); - - -int yr_arena_allocate_memory( - YR_ARENA* arena, - size_t size, - void** allocated_memory); - - -int yr_arena_allocate_struct( - YR_ARENA* arena, - size_t size, - void** allocated_memory, - ...); - - -int yr_arena_make_relocatable( - YR_ARENA* arena, - void* base, - ...); - - -int yr_arena_write_data( - YR_ARENA* arena, - void* data, - size_t size, - void** written_data); - - -int yr_arena_write_string( - YR_ARENA* arena, - const char* string, - char** written_string); - - -int yr_arena_append( - YR_ARENA* target_arena, - YR_ARENA* source_arena); - - -int yr_arena_load_stream( - YR_STREAM* stream, - YR_ARENA** arena); - - -int yr_arena_save_stream( - YR_ARENA* arena, - YR_STREAM* stream); - - -int yr_arena_duplicate( - YR_ARENA* arena, - YR_ARENA** duplicated); - - -void yr_arena_print( - YR_ARENA* arena); - -#endif diff --git a/src/dbg/yara/yara/atoms.h b/src/dbg/yara/yara/atoms.h deleted file mode 100644 index 050eaa5a..00000000 --- a/src/dbg/yara/yara/atoms.h +++ /dev/null @@ -1,102 +0,0 @@ -/* -Copyright (c) 2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_ATOMS_H -#define YR_ATOMS_H - -#include "limits.h" -#include "re.h" - -#define ATOM_TREE_LEAF 1 -#define ATOM_TREE_AND 2 -#define ATOM_TREE_OR 3 - - -typedef struct _ATOM_TREE_NODE -{ - uint8_t type; - uint8_t atom_length; - uint8_t atom[MAX_ATOM_LENGTH]; - - uint8_t* forward_code; - uint8_t* backward_code; - - RE_NODE* recent_nodes[MAX_ATOM_LENGTH]; - - struct _ATOM_TREE_NODE* children_head; - struct _ATOM_TREE_NODE* children_tail; - struct _ATOM_TREE_NODE* next_sibling; - -} ATOM_TREE_NODE; - - -typedef struct _ATOM_TREE -{ - ATOM_TREE_NODE* current_leaf; - ATOM_TREE_NODE* root_node; - -} ATOM_TREE; - - -typedef struct _YR_ATOM_LIST_ITEM -{ - uint8_t atom_length; - uint8_t atom[MAX_ATOM_LENGTH]; - - uint16_t backtrack; - - uint8_t* forward_code; - uint8_t* backward_code; - - struct _YR_ATOM_LIST_ITEM* next; - -} YR_ATOM_LIST_ITEM; - - -int yr_atoms_extract_from_re( - RE_AST* re_ast, - int flags, - YR_ATOM_LIST_ITEM** atoms); - - -int yr_atoms_extract_from_string( - uint8_t* string, - int string_length, - int flags, - YR_ATOM_LIST_ITEM** atoms); - - -int yr_atoms_min_quality( - YR_ATOM_LIST_ITEM* atom_list); - - -void yr_atoms_list_destroy( - YR_ATOM_LIST_ITEM* list_head); - -#endif diff --git a/src/dbg/yara/yara/compiler.h b/src/dbg/yara/yara/compiler.h deleted file mode 100644 index 9184ae40..00000000 --- a/src/dbg/yara/yara/compiler.h +++ /dev/null @@ -1,228 +0,0 @@ -/* -Copyright (c) 2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_COMPILER_H -#define YR_COMPILER_H - -#include -#include - -#include "ahocorasick.h" -#include "arena.h" -#include "hash.h" -#include "utils.h" -#include "filemap.h" - - -#define YARA_ERROR_LEVEL_ERROR 0 -#define YARA_ERROR_LEVEL_WARNING 1 - - -typedef void (*YR_COMPILER_CALLBACK_FUNC)( - int error_level, - const char* file_name, - int line_number, - const char* message, - void* user_data); - - -typedef struct _YR_FIXUP -{ - void* address; - struct _YR_FIXUP* next; - -} YR_FIXUP; - - -typedef struct _YR_COMPILER -{ - int errors; - int current_line; - int last_error; - int last_error_line; - int last_result; - - jmp_buf error_recovery; - - YR_ARENA* sz_arena; - YR_ARENA* rules_arena; - YR_ARENA* strings_arena; - YR_ARENA* code_arena; - YR_ARENA* re_code_arena; - YR_ARENA* compiled_rules_arena; - YR_ARENA* externals_arena; - YR_ARENA* namespaces_arena; - YR_ARENA* metas_arena; - YR_ARENA* matches_arena; - YR_ARENA* automaton_arena; - - YR_AC_AUTOMATON* automaton; - YR_HASH_TABLE* rules_table; - YR_HASH_TABLE* objects_table; - YR_HASH_TABLE* strings_table; - YR_NAMESPACE* current_namespace; - YR_RULE* current_rule; - - YR_FIXUP* fixup_stack_head; - - int namespaces_count; - - uint8_t* loop_address[MAX_LOOP_NESTING]; - char* loop_identifier[MAX_LOOP_NESTING]; - int loop_depth; - int loop_for_of_mem_offset; - - int allow_includes; - - char* file_name_stack[MAX_INCLUDE_DEPTH]; - int file_name_stack_ptr; - - FILE* file_stack[MAX_INCLUDE_DEPTH]; - int file_stack_ptr; - - char last_error_extra_info[MAX_COMPILER_ERROR_EXTRA_INFO]; - - char lex_buf[LEX_BUF_SIZE]; - char* lex_buf_ptr; - unsigned short lex_buf_len; - - char include_base_dir[MAX_PATH]; - void* user_data; - - YR_COMPILER_CALLBACK_FUNC callback; - -} YR_COMPILER; - - -#define yr_compiler_set_error_extra_info(compiler, info) \ - strlcpy( \ - compiler->last_error_extra_info, \ - info, \ - sizeof(compiler->last_error_extra_info)); \ - - -#define yr_compiler_set_error_extra_info_fmt(compiler, fmt, ...) \ - snprintf( \ - compiler->last_error_extra_info, \ - sizeof(compiler->last_error_extra_info), \ - fmt, __VA_ARGS__); - - -int _yr_compiler_push_file( - YR_COMPILER* compiler, - FILE* fh); - - -FILE* _yr_compiler_pop_file( - YR_COMPILER* compiler); - - -int _yr_compiler_push_file_name( - YR_COMPILER* compiler, - const char* file_name); - - -void _yr_compiler_pop_file_name( - YR_COMPILER* compiler); - - -YR_API int yr_compiler_create( - YR_COMPILER** compiler); - - -YR_API void yr_compiler_destroy( - YR_COMPILER* compiler); - - -YR_API void yr_compiler_set_callback( - YR_COMPILER* compiler, - YR_COMPILER_CALLBACK_FUNC callback, - void* user_data); - - -YR_API int yr_compiler_add_file( - YR_COMPILER* compiler, - FILE* rules_file, - const char* namespace_, - const char* file_name); - - -YR_API int yr_compiler_add_fd( - YR_COMPILER* compiler, - YR_FILE_DESCRIPTOR rules_fd, - const char* namespace_, - const char* file_name); - - -YR_API int yr_compiler_add_string( - YR_COMPILER* compiler, - const char* rules_string, - const char* namespace_); - - -YR_API char* yr_compiler_get_error_message( - YR_COMPILER* compiler, - char* buffer, - int buffer_size); - - -YR_API char* yr_compiler_get_current_file_name( - YR_COMPILER* context); - - -YR_API int yr_compiler_define_integer_variable( - YR_COMPILER* compiler, - const char* identifier, - int64_t value); - - -YR_API int yr_compiler_define_boolean_variable( - YR_COMPILER* compiler, - const char* identifier, - int value); - - -YR_API int yr_compiler_define_float_variable( - YR_COMPILER* compiler, - const char* identifier, - double value); - - -YR_API int yr_compiler_define_string_variable( - YR_COMPILER* compiler, - const char* identifier, - const char* value); - - -YR_API int yr_compiler_get_rules( - YR_COMPILER* compiler, - YR_RULES** rules); - - -#endif diff --git a/src/dbg/yara/yara/dotnet.h b/src/dbg/yara/yara/dotnet.h deleted file mode 100644 index 6e57402e..00000000 --- a/src/dbg/yara/yara/dotnet.h +++ /dev/null @@ -1,365 +0,0 @@ -#ifndef YR_DOTNET_H -#define YR_DOTNET_H - - -// -// CLI header. -// ECMA-335 Section II.25.3.3 -// -typedef struct _CLI_HEADER -{ - DWORD Size; // Called "Cb" in documentation. - WORD MajorRuntimeVersion; - WORD MinorRuntimeVersion; - IMAGE_DATA_DIRECTORY MetaData; - DWORD Flags; - DWORD EntryPointToken; - IMAGE_DATA_DIRECTORY Resources; - IMAGE_DATA_DIRECTORY StrongNameSignature; - ULONGLONG CodeManagerTable; - IMAGE_DATA_DIRECTORY VTableFixups; - ULONGLONG ExportAddressTableJumps; - ULONGLONG ManagedNativeHeader; -} CLI_HEADER, *PCLI_HEADER; - -#define NET_METADATA_MAGIC 0x424a5342 - -// -// CLI MetaData -// ECMA-335 Section II.24.2.1 -// -// Note: This is only part of the struct, as the rest of it is variable length. -// -typedef struct _NET_METADATA -{ - DWORD Magic; - WORD MajorVersion; - WORD MinorVersion; - DWORD Reserved; - DWORD Length; - char Version[0]; -} NET_METADATA, *PNET_METADATA; - -#define DOTNET_STREAM_NAME_SIZE 32 - -// -// CLI Stream Header -// ECMA-335 Section II.24.2.2 -// -typedef struct _STREAM_HEADER -{ - DWORD Offset; - DWORD Size; - char Name[0]; -} STREAM_HEADER, *PSTREAM_HEADER; - - -// -// CLI #~ Stream Header -// ECMA-335 Section II.24.2.6 -// -typedef struct _TILDE_HEADER -{ - DWORD Reserved1; - BYTE MajorVersion; - BYTE MinorVersion; - BYTE HeapSizes; - BYTE Reserved2; - ULONGLONG Valid; - ULONGLONG Sorted; -} TILDE_HEADER, *PTILDE_HEADER; - -// These are the bit positions in Valid which will be set if the table -// exists. -#define BIT_MODULE 0x00 -#define BIT_TYPEREF 0x01 -#define BIT_TYPEDEF 0x02 -#define BIT_FIELDPTR 0x03 // Not documented in ECMA-335 -#define BIT_FIELD 0x04 -#define BIT_METHODDEFPTR 0x05 // Not documented in ECMA-335 -#define BIT_METHODDEF 0x06 -#define BIT_PARAMPTR 0x07 // Not documented in ECMA-335 -#define BIT_PARAM 0x08 -#define BIT_INTERFACEIMPL 0x09 -#define BIT_MEMBERREF 0x0A -#define BIT_CONSTANT 0x0B -#define BIT_CUSTOMATTRIBUTE 0x0C -#define BIT_FIELDMARSHAL 0x0D -#define BIT_DECLSECURITY 0x0E -#define BIT_CLASSLAYOUT 0x0F -#define BIT_FIELDLAYOUT 0x10 -#define BIT_STANDALONESIG 0x11 -#define BIT_EVENTMAP 0x12 -#define BIT_EVENTPTR 0x13 // Not documented in ECMA-335 -#define BIT_EVENT 0x14 -#define BIT_PROPERTYMAP 0x15 -#define BIT_PROPERTYPTR 0x16 // Not documented in ECMA-335 -#define BIT_PROPERTY 0x17 -#define BIT_METHODSEMANTICS 0x18 -#define BIT_METHODIMPL 0x19 -#define BIT_MODULEREF 0x1A -#define BIT_TYPESPEC 0x1B -#define BIT_IMPLMAP 0x1C -#define BIT_FIELDRVA 0x1D -#define BIT_ENCLOG 0x1E // Not documented in ECMA-335 -#define BIT_ENCMAP 0x1F // Not documented in ECMA-335 -#define BIT_ASSEMBLY 0x20 -#define BIT_ASSEMBLYPROCESSOR 0x21 -#define BIT_ASSEMBLYOS 0x22 -#define BIT_ASSEMBLYREF 0x23 -#define BIT_ASSEMBLYREFPROCESSOR 0x24 -#define BIT_ASSEMBLYREFOS 0x25 -#define BIT_FILE 0x26 -#define BIT_EXPORTEDTYPE 0x27 -#define BIT_MANIFESTRESOURCE 0x28 -#define BIT_NESTEDCLASS 0x29 -#define BIT_GENERICPARAM 0x2A -#define BIT_METHODSPEC 0x2B -#define BIT_GENERICPARAMCONSTRAINT 0x2C -// These are not documented in ECMA-335 nor is it clear what the format is. -// They are for debugging information as far as I can tell. -//#define BIT_DOCUMENT 0x30 -//#define BIT_METHODDEBUGINFORMATION 0x31 -//#define BIT_LOCALSCOPE 0x32 -//#define BIT_LOCALVARIABLE 0x33 -//#define BIT_LOCALCONSTANT 0x34 -//#define BIT_IMPORTSCOPE 0x35 -//#define BIT_STATEMACHINEMETHOD 0x36 - - -// -// Element types. Note this is not a complete list as we aren't parsing all of -// them. This only includes the ones we care about. -// ECMA-335 Section II.23.1.16 -// -#define ELEMENT_TYPE_STRING 0x0E - - -// The string length of a typelib attribute is at most 0xFF. -#define MAX_TYPELIB_SIZE 0xFF - -// -// Module table -// ECMA-335 Section II.22.30 -// -typedef struct _MODULE_TABLE -{ - WORD Generation; - union - { - WORD Name_Short; - DWORD Name_Long; - } Name; - union - { - WORD Mvid_Short; - DWORD Mvid_Long; - } Mvid; - union - { - WORD EncId_Short; - DWORD EncId_Long; - } EncId; - union - { - WORD EncBaseId_Short; - DWORD EncBaseId_Long; - } EncBaseId; -} MODULE_TABLE, *PMODULE_TABLE; - -// -// Assembly Table -// ECMA-335 Section II.22.2 -// -typedef struct _ASSEMBLY_TABLE -{ - DWORD HashAlgId; - WORD MajorVersion; - WORD MinorVersion; - WORD BuildNumber; - WORD RevisionNumber; - DWORD Flags; - union - { - WORD PublicKey_Short; - DWORD PublicKey_Long; - } PublicKey; - union - { - WORD Name_Short; - DWORD Name_Long; - } Name; -} ASSEMBLY_TABLE, *PASSEMBLY_TABLE; - - -// -// Assembly Reference Table -// ECMA-335 Section II.22.5 -// -typedef struct _ASSEMBLYREF_TABLE -{ - WORD MajorVersion; - WORD MinorVersion; - WORD BuildNumber; - WORD RevisionNumber; - DWORD Flags; - union - { - WORD PublicKeyOrToken_Short; - DWORD PublicKeyOrToken_Long; - } PublicKeyOrToken; - union - { - WORD Name_Short; - DWORD Name_Long; - } Name; -} ASSEMBLYREF_TABLE, *PASSEMBLYREF_TABLE; - - -// -// Manifest Resource Table -// ECMA-335 Section II.22.24 -// -typedef struct _MANIFESTRESOURCE_TABLE -{ - DWORD Offset; - DWORD Flags; - union - { - WORD Name_Short; - DWORD Name_Long; - } Name; - union - { - WORD Implementation_Short; - DWORD Implementation_Long; - } Implementation; -} MANIFESTRESOURCE_TABLE, *PMANIFESTRESOURCE_TABLE; - -// -// ModuleRef Table -// ECMA-335 Section II.22.31 -// -// This is a short table, but necessary because the field size can change. -// -typedef struct _MODULEREF_TABLE -{ - union - { - WORD Name_Short; - DWORD Name_Long; - } Name; -} MODULEREF_TABLE, *PMODULEREF_TABLE; - - -// -// CustomAttribute Table -// ECMA-335 Section II.22.10 -// -typedef struct _CUSTOMATTRIBUTE_TABLE -{ - union - { - WORD Parent_Short; - DWORD Parent_Long; - } Parent; - union - { - WORD Type_Short; - DWORD Type_Long; - } Type; - union - { - WORD Value_Short; - DWORD Value_Long; - } Value; -} CUSTOMATTRIBUTE_TABLE, *PCUSTOMATTRIBUTE_TABLE; - - -// -// Constant TAble -// ECMA-335 Section II.22.9 -// -typedef struct _CONSTANT_TABLE -{ - WORD Type; - union - { - WORD Parent_Short; - DWORD Parent_Long; - } Parent; - union - { - WORD Value_Short; - DWORD Value_Long; - } Value; -} CONSTANT_TABLE, *PCONSTANT_TABLE; - - -// Used to return offsets to the various headers. -typedef struct _STREAMS -{ - PSTREAM_HEADER guid; - PSTREAM_HEADER tilde; - PSTREAM_HEADER string; - PSTREAM_HEADER blob; - PSTREAM_HEADER us; -} STREAMS, *PSTREAMS; - - -// Used to return the value of parsing a #US or #Blob entry. -// ECMA-335 Section II.24.2.4 -typedef struct _BLOB_PARSE_RESULT -{ - uint8_t size; // Number of bytes parsed. This is the new offset. - DWORD length; // Value of the bytes parsed. This is the blob length. -} BLOB_PARSE_RESULT, *PBLOB_PARSE_RESULT; - - -// Used to store the number of rows of each table. -typedef struct _ROWS -{ - uint32_t module; - uint32_t moduleref; - uint32_t assemblyref; - uint32_t typeref; - uint32_t methoddef; - uint32_t memberref; - uint32_t typedef_; - uint32_t typespec; - uint32_t field; - uint32_t param; - uint32_t property; - uint32_t interfaceimpl; - uint32_t event; - uint32_t standalonesig; - uint32_t assembly; - uint32_t file; - uint32_t exportedtype; - uint32_t manifestresource; - uint32_t genericparam; - uint32_t genericparamconstraint; - uint32_t methodspec; - uint32_t assemblyrefprocessor; -} ROWS, *PROWS; - - -// Used to store the index sizes for the various tables. -typedef struct _INDEX_SIZES -{ - uint8_t string; - uint8_t guid; - uint8_t blob; - uint8_t field; - uint8_t methoddef; - uint8_t memberref; - uint8_t param; - uint8_t event; - uint8_t typedef_; - uint8_t property; - uint8_t moduleref; - uint8_t assemblyrefprocessor; - uint8_t assemblyref; - uint8_t genericparam; -} INDEX_SIZES, *PINDEX_SIZES; -#endif diff --git a/src/dbg/yara/yara/elf.h b/src/dbg/yara/yara/elf.h deleted file mode 100644 index 821e6c96..00000000 --- a/src/dbg/yara/yara/elf.h +++ /dev/null @@ -1,323 +0,0 @@ -/* -Copyright (c) 2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef _ELF_H -#define _ELF_H - -#include "integers.h" - - -// 32-bit ELF base types - -typedef uint32_t elf32_addr_t; -typedef uint16_t elf32_half_t; -typedef uint32_t elf32_off_t; -typedef uint32_t elf32_word_t; - -// 64-bit ELF base types - -typedef uint64_t elf64_addr_t; -typedef uint16_t elf64_half_t; -typedef uint64_t elf64_off_t; -typedef uint32_t elf64_word_t; -typedef uint64_t elf64_xword_t; - -#define ELF_MAGIC 0x464C457F - -#define ELF_ET_NONE 0x0000 // no type -#define ELF_ET_REL 0x0001 // relocatable -#define ELF_ET_EXEC 0x0002 // executable -#define ELF_ET_DYN 0x0003 // Shared-Object-File -#define ELF_ET_CORE 0x0004 // Corefile -#define ELF_ET_LOPROC 0xFF00 // Processor-specific -#define ELF_ET_HIPROC 0x00FF // Processor-specific - -#define ELF_EM_NONE 0x0000 // no type -#define ELF_EM_M32 0x0001 // AT&T WE 32100 -#define ELF_EM_SPARC 0x0002 // SPARC -#define ELF_EM_386 0x0003 // Intel 80386 -#define ELF_EM_68K 0x0004 // Motorola 68000 -#define ELF_EM_88K 0x0005 // Motorola 88000 -#define ELF_EM_860 0x0007 // Intel 80860 -#define ELF_EM_MIPS 0x0008 // MIPS I Architecture -#define ELF_EM_MIPS_RS3_LE 0x000A // MIPS RS3000 Little-endian -#define ELF_EM_PPC 0x0014 // PowerPC -#define ELF_EM_PPC64 0x0015 // 64-bit PowerPC -#define ELF_EM_ARM 0x0028 // ARM -#define ELF_EM_X86_64 0x003E // AMD/Intel x86_64 -#define ELF_EM_AARCH64 0x00B7 // 64-bit ARM - -#define ELF_CLASS_NONE 0x0000 -#define ELF_CLASS_32 0x0001 // 32bit file -#define ELF_CLASS_64 0x0002 // 64bit file - -#define ELF_DATA_NONE 0x0000 -#define ELF_DATA_2LSB 0x0001 -#define ELF_DATA_2MSB 0x002 - - -#define ELF_SHT_NULL 0 // Section header table entry unused -#define ELF_SHT_PROGBITS 1 // Program data -#define ELF_SHT_SYMTAB 2 // Symbol table -#define ELF_SHT_STRTAB 3 // String table -#define ELF_SHT_RELA 4 // Relocation entries with addends -#define ELF_SHT_HASH 5 // Symbol hash table -#define ELF_SHT_DYNAMIC 6 // Dynamic linking information -#define ELF_SHT_NOTE 7 // Notes -#define ELF_SHT_NOBITS 8 // Program space with no data (bss) -#define ELF_SHT_REL 9 // Relocation entries, no addends -#define ELF_SHT_SHLIB 10 // Reserved -#define ELF_SHT_DYNSYM 11 // Dynamic linker symbol table -#define ELF_SHT_NUM 12 // Number of defined types - -#define ELF_SHF_WRITE 0x1 // Section is writable -#define ELF_SHF_ALLOC 0x2 // Section is present during execution -#define ELF_SHF_EXECINSTR 0x4 // Section contains executable instructions - -#define ELF_SHN_LORESERVE 0xFF00 - -#define ELF_PT_NULL 0 // The array element is unused -#define ELF_PT_LOAD 1 // Loadable segment -#define ELF_PT_DYNAMIC 2 // Segment contains dynamic linking info -#define ELF_PT_INTERP 3 // Contains interpreter pathname -#define ELF_PT_NOTE 4 // Location & size of auxiliary info -#define ELF_PT_SHLIB 5 // Reserved, unspecified semantics -#define ELF_PT_PHDR 6 // Location and size of program header table -#define ELF_PT_TLS 7 // Thread-Local Storage -#define ELF_PT_GNU_EH_FRAME 0x6474e550 -#define ELF_PT_GNU_STACK 0x6474e551 - -#define ELF_DT_NULL 0 // End of the dynamic entries -#define ELF_DT_NEEDED 1 // Name of needed library -#define ELF_DT_PLTRELSZ 2 // Size in bytes of PLT relocs -#define ELF_DT_PLTGOT 3 // Processor defined value */ -#define ELF_DT_HASH 4 // Address of symbol hash table -#define ELF_DT_STRTAB 5 // Address of string table -#define ELF_DT_SYMTAB 6 // Address of symbol table -#define ELF_DT_RELA 7 // Address of Rela relocs -#define ELF_DT_RELASZ 8 // Total size of Rela relocs -#define ELF_DT_RELAENT 9 // Size of one Rela reloc -#define ELF_DT_STRSZ 10 // Size of string table -#define ELF_DT_SYMENT 11 // Size of one symbol table entry -#define ELF_DT_INIT 12 // Address of init function -#define ELF_DT_FINI 13 // Address of termination function -#define ELF_DT_SONAME 14 // Name of shared object -#define ELF_DT_RPATH 15 // Library search path (deprecated) -#define ELF_DT_SYMBOLIC 16 // Start symbol search here -#define ELF_DT_REL 17 // Address of Rel relocs -#define ELF_DT_RELSZ 18 // Total size of Rel relocs -#define ELF_DT_RELENT 19 // Size of one Rel reloc -#define ELF_DT_PLTREL 20 // Type of reloc in PLT -#define ELF_DT_DEBUG 21 // For debugging; unspecified -#define ELF_DT_TEXTREL 22 // Reloc might modify .text -#define ELF_DT_JMPREL 23 // Address of PLT relocs -#define ELF_DT_BIND_NOW 24 // Process relocations of object -#define ELF_DT_INIT_ARRAY 25 // Array with addresses of init fct -#define ELF_DT_FINI_ARRAY 26 // Array with addresses of fini fct -#define ELF_DT_INIT_ARRAYSZ 27 // Size in bytes of DT_INIT_ARRAY -#define ELF_DT_FINI_ARRAYSZ 28 // Size in bytes of DT_FINI_ARRAY -#define ELF_DT_RUNPATH 29 // Library search path -#define ELF_DT_FLAGS 30 // Flags for the object being loaded -#define ELF_DT_ENCODING 32 // Start of encoded range - -#define ELF_STT_NOTYPE 0 // Symbol type is unspecified -#define ELF_STT_OBJECT 1 // Symbol is a data object -#define ELF_STT_FUNC 2 // Symbol is a code object -#define ELF_STT_SECTION 3 // Symbol associated with a section -#define ELF_STT_FILE 4 // Symbol's name is file name -#define ELF_STT_COMMON 5 // Symbol is a common data object -#define ELF_STT_TLS 6 // Symbol is thread-local data object - -#define ELF_STB_LOCAL 0 // Local symbol -#define ELF_STB_GLOBAL 1 // Global symbol -#define ELF_STB_WEAK 2 // Weak symbol - -#define ELF_PF_X 0x1 // Segment is executable -#define ELF_PF_W 0x2 // Segment is writable -#define ELF_PF_R 0x4 // Segment is readable - -#define ELF_PN_XNUM 0xffff - -#pragma pack(push,1) - -typedef struct -{ - uint32_t magic; - uint8_t _class; - uint8_t data; - uint8_t version; - uint8_t pad[8]; - uint8_t nident; - -} elf_ident_t; - - -typedef struct -{ - elf_ident_t ident; - elf32_half_t type; - elf32_half_t machine; - elf32_word_t version; - elf32_addr_t entry; - elf32_off_t ph_offset; - elf32_off_t sh_offset; - elf32_word_t flags; - elf32_half_t header_size; - elf32_half_t ph_entry_size; - elf32_half_t ph_entry_count; - elf32_half_t sh_entry_size; - elf32_half_t sh_entry_count; - elf32_half_t sh_str_table_index; - -} elf32_header_t; - - -typedef struct -{ - elf_ident_t ident; - elf64_half_t type; - elf64_half_t machine; - elf64_word_t version; - elf64_addr_t entry; - elf64_off_t ph_offset; - elf64_off_t sh_offset; - elf64_word_t flags; - elf64_half_t header_size; - elf64_half_t ph_entry_size; - elf64_half_t ph_entry_count; - elf64_half_t sh_entry_size; - elf64_half_t sh_entry_count; - elf64_half_t sh_str_table_index; - -} elf64_header_t; - - -typedef struct -{ - elf32_word_t type; - elf32_off_t offset; - elf32_addr_t virt_addr; - elf32_addr_t phys_addr; - elf32_word_t file_size; - elf32_word_t mem_size; - elf32_word_t flags; - elf32_word_t alignment; - -} elf32_program_header_t; - - -typedef struct -{ - elf64_word_t type; - elf64_word_t flags; - elf64_off_t offset; - elf64_addr_t virt_addr; - elf64_addr_t phys_addr; - elf64_xword_t file_size; - elf64_xword_t mem_size; - elf64_xword_t alignment; - -} elf64_program_header_t; - - -typedef struct -{ - elf32_word_t name; - elf32_word_t type; - elf32_word_t flags; - elf32_addr_t addr; - elf32_off_t offset; - elf32_word_t size; - elf32_word_t link; - elf32_word_t info; - elf32_word_t align; - elf32_word_t entry_size; - -} elf32_section_header_t; - - -typedef struct -{ - elf64_word_t name; - elf64_word_t type; - elf64_xword_t flags; - elf64_addr_t addr; - elf64_off_t offset; - elf64_xword_t size; - elf64_word_t link; - elf64_word_t info; - elf64_xword_t align; - elf64_xword_t entry_size; - -} elf64_section_header_t; - - -typedef struct -{ - elf32_word_t tag; - elf32_word_t val; - -} elf32_dyn_t; - - -typedef struct -{ - elf64_xword_t tag; - elf64_xword_t val; - -} elf64_dyn_t; - - -typedef struct -{ - elf32_word_t name; - elf32_addr_t value; - elf32_word_t size; - unsigned char info; - unsigned char other; - elf32_half_t shndx; - -} elf32_sym_t; - - -typedef struct -{ - elf32_word_t name; - unsigned char info; - unsigned char other; - elf32_half_t shndx; - elf64_addr_t value; - elf64_xword_t size; - -} elf64_sym_t; - - -#pragma pack(pop) - -#endif diff --git a/src/dbg/yara/yara/endian.h b/src/dbg/yara/yara/endian.h deleted file mode 100644 index 5072d8ec..00000000 --- a/src/dbg/yara/yara/endian.h +++ /dev/null @@ -1,100 +0,0 @@ -/* -Copyright (c) 2016. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_ENDIAN_H -#define YR_ENDIAN_H - -#include - - -#if defined(__has_builtin) -# if __has_builtin(__builtin_bswap16) -# define yr_bswap16(x) __builtin_bswap16(x) -# endif -#endif - -#if !defined(yr_bswap16) && defined(_MSC_VER) -# define yr_bswap16(x) _byteswap_ushort(x) -#endif - -#if !defined(yr_bswap16) -uint16_t _yr_bswap16(uint16_t x); -# define yr_bswap16(x) _yr_bswap16(x) -#endif - - -#if defined(__has_builtin) -# if __has_builtin(__builtin_bswap32) -# define yr_bswap32(x) __builtin_bswap32(x) -# endif -#endif - -#if !defined(yr_bswap32) && defined(_MSC_VER) -# define yr_bswap32(x) _byteswap_ulong(x) -#endif - -#if !defined(yr_bswap32) -uint32_t _yr_bswap32(uint32_t x); -#define yr_bswap32(x) _yr_bswap32(x) -#endif - - -#if defined(__has_builtin) -# if __has_builtin(__builtin_bswap64) -# define yr_bswap64(x) __builtin_bswap64(x) -# endif -#endif - -#if !defined(yr_bswap64) && defined(_MSC_VER) -# define yr_bswap64(x) _byteswap_uint64(x) -#endif - -#if !defined(yr_bswap64) -uint64_t _yr_bswap64(uint64_t x); -#define yr_bswap64(x) _yr_bswap64(x) -#endif - - -#if defined(WORDS_BIGENDIAN) -#define yr_le16toh(x) yr_bswap16(x) -#define yr_le32toh(x) yr_bswap32(x) -#define yr_le64toh(x) yr_bswap64(x) -#define yr_be16toh(x) (x) -#define yr_be32toh(x) (x) -#define yr_be64toh(x) (x) -#else -#define yr_le16toh(x) (x) -#define yr_le32toh(x) (x) -#define yr_le64toh(x) (x) -#define yr_be16toh(x) yr_bswap16(x) -#define yr_be32toh(x) yr_bswap32(x) -#define yr_be64toh(x) yr_bswap64(x) -#endif - -#endif diff --git a/src/dbg/yara/yara/error.h b/src/dbg/yara/yara/error.h deleted file mode 100644 index 4778943c..00000000 --- a/src/dbg/yara/yara/error.h +++ /dev/null @@ -1,129 +0,0 @@ -/* -Copyright (c) 2014. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_ERROR_H -#define YR_ERROR_H - -#include - -#if defined(_WIN32) || defined(__CYGWIN__) -#include -#endif - -#ifndef ERROR_SUCCESS -#define ERROR_SUCCESS 0 -#endif - -// ERROR_INSUFICIENT_MEMORY is misspelled but it's kept for backward -// compatibility, as some other programs can be using it in this form. -#define ERROR_INSUFICIENT_MEMORY 1 - -#define ERROR_INSUFFICIENT_MEMORY 1 -#define ERROR_COULD_NOT_ATTACH_TO_PROCESS 2 -#define ERROR_COULD_NOT_OPEN_FILE 3 -#define ERROR_COULD_NOT_MAP_FILE 4 -#define ERROR_INVALID_FILE 6 -#define ERROR_CORRUPT_FILE 7 -#define ERROR_UNSUPPORTED_FILE_VERSION 8 -#define ERROR_INVALID_REGULAR_EXPRESSION 9 -#define ERROR_INVALID_HEX_STRING 10 -#define ERROR_SYNTAX_ERROR 11 -#define ERROR_LOOP_NESTING_LIMIT_EXCEEDED 12 -#define ERROR_DUPLICATED_LOOP_IDENTIFIER 13 -#define ERROR_DUPLICATED_IDENTIFIER 14 -#define ERROR_DUPLICATED_TAG_IDENTIFIER 15 -#define ERROR_DUPLICATED_META_IDENTIFIER 16 -#define ERROR_DUPLICATED_STRING_IDENTIFIER 17 -#define ERROR_UNREFERENCED_STRING 18 -#define ERROR_UNDEFINED_STRING 19 -#define ERROR_UNDEFINED_IDENTIFIER 20 -#define ERROR_MISPLACED_ANONYMOUS_STRING 21 -#define ERROR_INCLUDES_CIRCULAR_REFERENCE 22 -#define ERROR_INCLUDE_DEPTH_EXCEEDED 23 -#define ERROR_WRONG_TYPE 24 -#define ERROR_EXEC_STACK_OVERFLOW 25 -#define ERROR_SCAN_TIMEOUT 26 -#define ERROR_TOO_MANY_SCAN_THREADS 27 -#define ERROR_CALLBACK_ERROR 28 -#define ERROR_INVALID_ARGUMENT 29 -#define ERROR_TOO_MANY_MATCHES 30 -#define ERROR_INTERNAL_FATAL_ERROR 31 -#define ERROR_NESTED_FOR_OF_LOOP 32 -#define ERROR_INVALID_FIELD_NAME 33 -#define ERROR_UNKNOWN_MODULE 34 -#define ERROR_NOT_A_STRUCTURE 35 -#define ERROR_NOT_INDEXABLE 36 -#define ERROR_NOT_A_FUNCTION 37 -#define ERROR_INVALID_FORMAT 38 -#define ERROR_TOO_MANY_ARGUMENTS 39 -#define ERROR_WRONG_ARGUMENTS 40 -#define ERROR_WRONG_RETURN_TYPE 41 -#define ERROR_DUPLICATED_STRUCTURE_MEMBER 42 -#define ERROR_EMPTY_STRING 43 -#define ERROR_DIVISION_BY_ZERO 44 -#define ERROR_REGULAR_EXPRESSION_TOO_LARGE 45 -#define ERROR_TOO_MANY_RE_FIBERS 46 -#define ERROR_COULD_NOT_READ_PROCESS_MEMORY 47 -#define ERROR_INVALID_EXTERNAL_VARIABLE_TYPE 48 -#define ERROR_REGULAR_EXPRESSION_TOO_COMPLEX 49 -#define ERROR_INVALID_MODULE_NAME 50 - - -#define FAIL_ON_ERROR(x) { \ - int result = (x); \ - if (result != ERROR_SUCCESS) \ - return result; \ -} - -#define FAIL_ON_ERROR_WITH_CLEANUP(x, cleanup) { \ - int result = (x); \ - if (result != ERROR_SUCCESS) { \ - cleanup; \ - return result; \ - } \ -} - -#define FAIL_ON_COMPILER_ERROR(x) { \ - compiler->last_result = (x); \ - if (compiler->last_result != ERROR_SUCCESS) \ - return compiler->last_result; \ -} - - -#ifdef NDEBUG -#define assertf(expr, msg, ...) ((void)0) -#else -#define assertf(expr, msg, ...) \ - if(!(expr)) { \ - fprintf(stderr, "%s:%d: " msg "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ - abort(); \ - } -#endif - -#endif diff --git a/src/dbg/yara/yara/exec.h b/src/dbg/yara/yara/exec.h deleted file mode 100644 index 241c96e5..00000000 --- a/src/dbg/yara/yara/exec.h +++ /dev/null @@ -1,176 +0,0 @@ -/* -Copyright (c) 2013-2014. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_EXEC_H -#define YR_EXEC_H - -#include "hash.h" -#include "scan.h" -#include "types.h" -#include "rules.h" - - -#define UNDEFINED 0xFFFABADAFABADAFFLL -#define IS_UNDEFINED(x) ((size_t)(x) == (size_t) UNDEFINED) - -#define OP_ERROR 0 -#define OP_HALT 255 -#define OP_NOP 254 - -#define OP_AND 1 -#define OP_OR 2 -#define OP_NOT 3 -#define OP_BITWISE_NOT 4 -#define OP_BITWISE_AND 5 -#define OP_BITWISE_OR 6 -#define OP_BITWISE_XOR 7 -#define OP_SHL 8 -#define OP_SHR 9 -#define OP_MOD 10 -#define OP_INT_TO_DBL 11 -#define OP_STR_TO_BOOL 12 -#define OP_PUSH 13 -#define OP_POP 14 -#define OP_CALL 15 -#define OP_OBJ_LOAD 16 -#define OP_OBJ_VALUE 17 -#define OP_OBJ_FIELD 18 -#define OP_INDEX_ARRAY 19 -#define OP_COUNT 20 -#define OP_LENGTH 21 -#define OP_FOUND 22 -#define OP_FOUND_AT 23 -#define OP_FOUND_IN 24 -#define OP_OFFSET 25 -#define OP_OF 26 -#define OP_PUSH_RULE 27 -#define OP_INIT_RULE 28 -#define OP_MATCH_RULE 29 -#define OP_INCR_M 30 -#define OP_CLEAR_M 31 -#define OP_ADD_M 32 -#define OP_POP_M 33 -#define OP_PUSH_M 34 -#define OP_SWAPUNDEF 35 -#define OP_JNUNDEF 36 -#define OP_JLE 37 -#define OP_FILESIZE 38 -#define OP_ENTRYPOINT 39 -#define OP_CONTAINS 40 -#define OP_MATCHES 41 -#define OP_IMPORT 42 -#define OP_LOOKUP_DICT 43 -#define OP_JFALSE 44 -#define OP_JTRUE 45 - - -#define _OP_EQ 0 -#define _OP_NEQ 1 -#define _OP_LT 2 -#define _OP_GT 3 -#define _OP_LE 4 -#define _OP_GE 5 -#define _OP_ADD 6 -#define _OP_SUB 7 -#define _OP_MUL 8 -#define _OP_DIV 9 -#define _OP_MINUS 10 - - -#define OP_INT_BEGIN 100 -#define OP_INT_EQ (OP_INT_BEGIN + _OP_EQ) -#define OP_INT_NEQ (OP_INT_BEGIN + _OP_NEQ) -#define OP_INT_LT (OP_INT_BEGIN + _OP_LT) -#define OP_INT_GT (OP_INT_BEGIN + _OP_GT) -#define OP_INT_LE (OP_INT_BEGIN + _OP_LE) -#define OP_INT_GE (OP_INT_BEGIN + _OP_GE) -#define OP_INT_ADD (OP_INT_BEGIN + _OP_ADD) -#define OP_INT_SUB (OP_INT_BEGIN + _OP_SUB) -#define OP_INT_MUL (OP_INT_BEGIN + _OP_MUL) -#define OP_INT_DIV (OP_INT_BEGIN + _OP_DIV) -#define OP_INT_MINUS (OP_INT_BEGIN + _OP_MINUS) -#define OP_INT_END OP_INT_MINUS - -#define OP_DBL_BEGIN 120 -#define OP_DBL_EQ (OP_DBL_BEGIN + _OP_EQ) -#define OP_DBL_NEQ (OP_DBL_BEGIN + _OP_NEQ) -#define OP_DBL_LT (OP_DBL_BEGIN + _OP_LT) -#define OP_DBL_GT (OP_DBL_BEGIN + _OP_GT) -#define OP_DBL_LE (OP_DBL_BEGIN + _OP_LE) -#define OP_DBL_GE (OP_DBL_BEGIN + _OP_GE) -#define OP_DBL_ADD (OP_DBL_BEGIN + _OP_ADD) -#define OP_DBL_SUB (OP_DBL_BEGIN + _OP_SUB) -#define OP_DBL_MUL (OP_DBL_BEGIN + _OP_MUL) -#define OP_DBL_DIV (OP_DBL_BEGIN + _OP_DIV) -#define OP_DBL_MINUS (OP_DBL_BEGIN + _OP_MINUS) -#define OP_DBL_END OP_DBL_MINUS - -#define OP_STR_BEGIN 140 -#define OP_STR_EQ (OP_STR_BEGIN + _OP_EQ) -#define OP_STR_NEQ (OP_STR_BEGIN + _OP_NEQ) -#define OP_STR_LT (OP_STR_BEGIN + _OP_LT) -#define OP_STR_GT (OP_STR_BEGIN + _OP_GT) -#define OP_STR_LE (OP_STR_BEGIN + _OP_LE) -#define OP_STR_GE (OP_STR_BEGIN + _OP_GE) -#define OP_STR_END OP_STR_GE - -#define IS_INT_OP(x) ((x) >= OP_INT_BEGIN && (x) <= OP_INT_END) -#define IS_DBL_OP(x) ((x) >= OP_DBL_BEGIN && (x) <= OP_DBL_END) -#define IS_STR_OP(x) ((x) >= OP_STR_BEGIN && (x) <= OP_STR_END) - -#define OP_READ_INT 240 -#define OP_INT8 (OP_READ_INT + 0) -#define OP_INT16 (OP_READ_INT + 1) -#define OP_INT32 (OP_READ_INT + 2) -#define OP_UINT8 (OP_READ_INT + 3) -#define OP_UINT16 (OP_READ_INT + 4) -#define OP_UINT32 (OP_READ_INT + 5) -#define OP_INT8BE (OP_READ_INT + 6) -#define OP_INT16BE (OP_READ_INT + 7) -#define OP_INT32BE (OP_READ_INT + 8) -#define OP_UINT8BE (OP_READ_INT + 9) -#define OP_UINT16BE (OP_READ_INT + 10) -#define OP_UINT32BE (OP_READ_INT + 11) - - -#define OPERATION(operator, op1, op2) \ - (IS_UNDEFINED(op1) || IS_UNDEFINED(op2)) ? (UNDEFINED) : (op1 operator op2) - - -#define COMPARISON(operator, op1, op2) \ - (IS_UNDEFINED(op1) || IS_UNDEFINED(op2)) ? (0) : (op1 operator op2) - - -int yr_execute_code( - YR_RULES* rules, - YR_SCAN_CONTEXT* context, - int timeout, - time_t start_time); - -#endif diff --git a/src/dbg/yara/yara/exefiles.h b/src/dbg/yara/yara/exefiles.h deleted file mode 100644 index 877ae158..00000000 --- a/src/dbg/yara/yara/exefiles.h +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright (c) 2007. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_EXEFILES_H -#define YR_EXEFILES_H - -uint64_t yr_get_entry_point_offset( - uint8_t* buffer, - size_t buffer_length); - - -uint64_t yr_get_entry_point_address( - uint8_t* buffer, - size_t buffer_length, - size_t base_address); - -#endif diff --git a/src/dbg/yara/yara/filemap.h b/src/dbg/yara/yara/filemap.h deleted file mode 100644 index 7851cd43..00000000 --- a/src/dbg/yara/yara/filemap.h +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_FILEMAP_H -#define YR_FILEMAP_H - -#ifdef _MSC_VER -#define off_t int64_t -#else -#include -#endif - -#if defined(_WIN32) || defined(__CYGWIN__) -#include -#define YR_FILE_DESCRIPTOR HANDLE -#else -#define YR_FILE_DESCRIPTOR int -#endif - -#include - -#include "integers.h" -#include "utils.h" - - -typedef struct _YR_MAPPED_FILE -{ - YR_FILE_DESCRIPTOR file; - size_t size; - uint8_t* data; -#if defined(_WIN32) || defined(__CYGWIN__) - HANDLE mapping; -#endif - -} YR_MAPPED_FILE; - - -YR_API int yr_filemap_map( - const char* file_path, - YR_MAPPED_FILE* pmapped_file); - - -YR_API int yr_filemap_map_fd( - YR_FILE_DESCRIPTOR file, - off_t offset, - size_t size, - YR_MAPPED_FILE* pmapped_file); - - -YR_API int yr_filemap_map_ex( - const char* file_path, - off_t offset, - size_t size, - YR_MAPPED_FILE* pmapped_file); - - -YR_API void yr_filemap_unmap( - YR_MAPPED_FILE* pmapped_file); - - -YR_API void yr_filemap_unmap_fd( - YR_MAPPED_FILE* pmapped_file); - -#endif diff --git a/src/dbg/yara/yara/globals.h b/src/dbg/yara/yara/globals.h deleted file mode 100644 index 5b275298..00000000 --- a/src/dbg/yara/yara/globals.h +++ /dev/null @@ -1,41 +0,0 @@ -/* -Copyright (c) 2014. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_GLOBALS_H -#define YR_GLOBALS_H - -#include "threading.h" - -extern char yr_lowercase[256]; -extern char yr_altercase[256]; - -extern YR_THREAD_STORAGE_KEY yr_tidx_key; -extern YR_THREAD_STORAGE_KEY yr_recovery_state_key; - -#endif diff --git a/src/dbg/yara/yara/hash.h b/src/dbg/yara/yara/hash.h deleted file mode 100644 index 696fc2ea..00000000 --- a/src/dbg/yara/yara/hash.h +++ /dev/null @@ -1,103 +0,0 @@ -/* -Copyright (c) 2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_HASH_H -#define YR_HASH_H - -#include - -#include "utils.h" - -typedef struct _YR_HASH_TABLE_ENTRY -{ - void* key; - size_t key_length; - char* ns; - void* value; - - struct _YR_HASH_TABLE_ENTRY* next; - -} YR_HASH_TABLE_ENTRY; - - -typedef struct _YR_HASH_TABLE -{ - int size; - - YR_HASH_TABLE_ENTRY* buckets[1]; - -} YR_HASH_TABLE; - - -typedef int (*YR_HASH_TABLE_FREE_VALUE_FUNC)(void* value); - - -YR_API int yr_hash_table_create( - int size, - YR_HASH_TABLE** table); - - -YR_API void yr_hash_table_clean( - YR_HASH_TABLE* table, - YR_HASH_TABLE_FREE_VALUE_FUNC free_value); - - -YR_API void yr_hash_table_destroy( - YR_HASH_TABLE* table, - YR_HASH_TABLE_FREE_VALUE_FUNC free_value); - - -YR_API void* yr_hash_table_lookup( - YR_HASH_TABLE* table, - const char* key, - const char* ns); - - -YR_API int yr_hash_table_add( - YR_HASH_TABLE* table, - const char* key, - const char* ns, - void* value); - - -YR_API void* yr_hash_table_lookup_raw_key( - YR_HASH_TABLE* table, - const void* key, - size_t key_length, - const char* ns); - - -YR_API int yr_hash_table_add_raw_key( - YR_HASH_TABLE* table, - const void* key, - size_t key_length, - const char* ns, - void* value); - -#endif diff --git a/src/dbg/yara/yara/hex_lexer.h b/src/dbg/yara/yara/hex_lexer.h deleted file mode 100644 index 81c75a9a..00000000 --- a/src/dbg/yara/yara/hex_lexer.h +++ /dev/null @@ -1,110 +0,0 @@ -/* -Copyright (c) 2007. Victor M. Alvarez [plusvic@gmail.com]. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#include "re.h" - -#undef yyparse -#undef yylex -#undef yyerror -#undef yyfatal -#undef yychar -#undef yydebug -#undef yynerrs -#undef yyget_extra -#undef yyget_lineno - -#undef YY_FATAL_ERROR -#undef YY_DECL -#undef LEX_ENV - -#define yyparse hex_yyparse -#define yylex hex_yylex -#define yyerror hex_yyerror -#define yyfatal hex_yyfatal -#define yychar hex_yychar -#define yydebug hex_yydebug -#define yynerrs hex_yynerrs -#define yyget_extra hex_yyget_extra -#define yyget_lineno hex_yyget_lineno - - -#ifndef YY_TYPEDEF_YY_SCANNER_T -#define YY_TYPEDEF_YY_SCANNER_T -typedef void* yyscan_t; -#endif - -#define YY_EXTRA_TYPE RE_AST* -#define YY_USE_CONST - - -typedef struct _HEX_LEX_ENVIRONMENT -{ - int token_count; - int inside_or; - int last_error_code; - char last_error_message[256]; - -} HEX_LEX_ENVIRONMENT; - - -#define YY_FATAL_ERROR(msg) hex_yyfatal(yyscanner, msg) - -#define LEX_ENV ((HEX_LEX_ENVIRONMENT*) lex_env) - -#include - -#define YY_DECL int hex_yylex \ - (YYSTYPE * yylval_param , yyscan_t yyscanner, HEX_LEX_ENVIRONMENT* lex_env) - - -YY_EXTRA_TYPE yyget_extra( - yyscan_t yyscanner); - -int yylex( - YYSTYPE* yylval_param, - yyscan_t yyscanner, - HEX_LEX_ENVIRONMENT* lex_env); - -int yyparse( - void* yyscanner, - HEX_LEX_ENVIRONMENT* lex_env); - -void yyerror( - yyscan_t yyscanner, - HEX_LEX_ENVIRONMENT* lex_env, - const char* error_message); - -void yyfatal( - yyscan_t yyscanner, - const char* error_message); - -int yr_parse_hex_string( - const char* hex_string, - RE_AST** re_ast, - RE_ERROR* error); diff --git a/src/dbg/yara/yara/integers.h b/src/dbg/yara/yara/integers.h deleted file mode 100644 index 559432d2..00000000 --- a/src/dbg/yara/yara/integers.h +++ /dev/null @@ -1,66 +0,0 @@ -/* -Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_INTEGERS_H -#define YR_INTEGERS_H - -/* Integer type definitions - */ -#if ( defined( _MSC_VER ) && ( _MSC_VER < 1600 ) ) || ( defined( __BORLANDC__ ) && ( __BORLANDC__ <= 0x0560 ) ) - -#ifdef __cplusplus -extern "C" { -#endif - -/* Microsoft Visual Studio C++ before Visual Studio 2010 or earlier versions of the Borland C++ Builder - * do not support the (u)int#_t type definitions but have __int# definitions instead - */ -typedef __int8 int8_t; -typedef unsigned __int8 uint8_t; -typedef __int16 int16_t; -typedef unsigned __int16 uint16_t; -typedef __int32 int32_t; -typedef unsigned __int32 uint32_t; -typedef __int64 int64_t; -typedef unsigned __int64 uint64_t; - -#ifdef __cplusplus -} -#endif - -#else - -/* Other "compilers" and later versions of Microsoft Visual Studio C++ and - * Borland C/C++ define the types in - */ -#include - -#endif - -#endif diff --git a/src/dbg/yara/yara/lexer.h b/src/dbg/yara/yara/lexer.h deleted file mode 100644 index e8ccbf67..00000000 --- a/src/dbg/yara/yara/lexer.h +++ /dev/null @@ -1,150 +0,0 @@ -/* -Copyright (c) 2007. Victor M. Alvarez [plusvic@gmail.com]. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#include "compiler.h" - - -#undef yyparse -#undef yylex -#undef yyerror -#undef yyfatal -#undef yychar -#undef yydebug -#undef yynerrs -#undef yyget_extra -#undef yyget_lineno - -#undef YY_DECL -#undef YY_FATAL_ERROR -#undef YY_EXTRA_TYPE - -#define yyparse yara_yyparse -#define yylex yara_yylex -#define yyerror yara_yyerror -#define yyfatal yara_yyfatal -#define yywarning yara_yywarning -#define yychar yara_yychar -#define yydebug yara_yydebug -#define yynerrs yara_yynerrs -#define yyget_extra yara_yyget_extra -#define yyget_lineno yara_yyget_lineno - - -#ifndef YY_TYPEDEF_YY_SCANNER_T -#define YY_TYPEDEF_YY_SCANNER_T -typedef void* yyscan_t; -#endif - -#ifndef YY_TYPEDEF_EXPRESSION_T -#define YY_TYPEDEF_EXPRESSION_T - - -// Expression type constants are powers of two because they are used as flags. -// For example: -// CHECK_TYPE(whatever, EXPRESSION_TYPE_INTEGER | EXPRESSION_TYPE_FLOAT) -// The expression above is used to ensure that the type of "whatever" is either -// integer or float. - -#define EXPRESSION_TYPE_BOOLEAN 1 -#define EXPRESSION_TYPE_INTEGER 2 -#define EXPRESSION_TYPE_STRING 4 -#define EXPRESSION_TYPE_REGEXP 8 -#define EXPRESSION_TYPE_OBJECT 16 -#define EXPRESSION_TYPE_FLOAT 32 - -typedef struct _EXPRESSION -{ - int type; - - union - { - int64_t integer; - YR_OBJECT* object; - SIZED_STRING* sized_string; - } value; - - const char* identifier; - -} EXPRESSION; - -union YYSTYPE; - -#endif - - -#define YY_DECL int yylex( \ - union YYSTYPE* yylval_param, yyscan_t yyscanner, YR_COMPILER* compiler) - - -#define YY_FATAL_ERROR(msg) yara_yyfatal(yyscanner, msg) - - -#define YY_EXTRA_TYPE YR_COMPILER* -#define YY_USE_CONST - - -int yyget_lineno(yyscan_t yyscanner); - -int yylex( - union YYSTYPE* yylval_param, - yyscan_t yyscanner, - YR_COMPILER* compiler); - -int yyparse( - void* yyscanner, - YR_COMPILER* compiler); - -void yyerror( - yyscan_t yyscanner, - YR_COMPILER* compiler, - const char* error_message); - -void yywarning( - yyscan_t yyscanner, - const char* message_fmt, - ...); - -void yyfatal( - yyscan_t yyscanner, - const char* error_message); - -YY_EXTRA_TYPE yyget_extra( - yyscan_t yyscanner); - -int yr_lex_parse_rules_string( - const char* rules_string, - YR_COMPILER* compiler); - -int yr_lex_parse_rules_file( - FILE* rules_file, - YR_COMPILER* compiler); - -int yr_lex_parse_rules_fd( - YR_FILE_DESCRIPTOR rules_fd, - YR_COMPILER* compiler); diff --git a/src/dbg/yara/yara/libyara.h b/src/dbg/yara/yara/libyara.h deleted file mode 100644 index 8e38fb57..00000000 --- a/src/dbg/yara/yara/libyara.h +++ /dev/null @@ -1,85 +0,0 @@ -/* -Copyright (c) 2014. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_LIBYARA_H -#define YR_LIBYARA_H - -#include "utils.h" - -#define YR_MAJOR_VERSION 3 -#define YR_MINOR_VERSION 6 -#define YR_MICRO_VERSION 0 - -#define version_str(s) _version_str(s) -#define _version_str(s) #s - -// Version as a string -#define YR_VERSION version_str(YR_MAJOR_VERSION) \ - "." version_str(YR_MINOR_VERSION) \ - "." version_str(YR_MICRO_VERSION) - -// Version as a single 4-byte hex number, e.g. 0x030401 == 3.4.1. -#define YR_VERSION_HEX ((YR_MAJOR_VERSION << 16) | \ - (YR_MINOR_VERSION << 8) | \ - (YR_MICRO_VERSION << 0)) - - -// Enumerated type listing configuration options -typedef enum _YR_CONFIG_NAME -{ - YR_CONFIG_STACK_SIZE, - YR_CONFIG_MAX - -} YR_CONFIG_NAME; - - -#define DEFAULT_STACK_SIZE 16384 - - -YR_API int yr_initialize(void); - - -YR_API int yr_finalize(void); - - -YR_API void yr_finalize_thread(void); - - -YR_API int yr_get_tidx(void); - - -YR_API void yr_set_tidx(int); - - -YR_API int yr_set_configuration(YR_CONFIG_NAME, void*); - - -YR_API int yr_get_configuration(YR_CONFIG_NAME, void*); - -#endif diff --git a/src/dbg/yara/yara/limits.h b/src/dbg/yara/yara/limits.h deleted file mode 100644 index 6de75c69..00000000 --- a/src/dbg/yara/yara/limits.h +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright (c) 2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_LIMITS_H -#define YR_LIMITS_H - -#if defined(_WIN32) || defined(__CYGWIN__) -#include -#endif - -#include "utils.h" - -// MAX_THREADS is the number of threads that can use a YR_RULES -// object simultaneously. - -#ifndef MAX_THREADS -#define MAX_THREADS 32 -#endif - - -#ifndef MAX_PATH -#define MAX_PATH 1024 -#endif - -#define MAX_COMPILER_ERROR_EXTRA_INFO 256 -#define MAX_ATOM_LENGTH 4 -#define MAX_LOOP_NESTING 4 -#define MAX_ARENA_PAGES 32 -#define MAX_INCLUDE_DEPTH 16 -#define MAX_STRING_MATCHES 1000000 -#define MAX_FUNCTION_ARGS 128 -#define MAX_FAST_RE_STACK 300 -#define MAX_OVERLOADED_FUNCTIONS 10 -#define MAX_HEX_STRING_TOKENS 10000 -#define MAX_MATCH_DATA 4096 - -#define LOOP_LOCAL_VARS 4 -#define STRING_CHAINING_THRESHOLD 200 -#define LEX_BUF_SIZE 8192 - - -#endif diff --git a/src/dbg/yara/yara/mem.h b/src/dbg/yara/yara/mem.h deleted file mode 100644 index 94e65526..00000000 --- a/src/dbg/yara/yara/mem.h +++ /dev/null @@ -1,74 +0,0 @@ -/* -Copyright (c) 2007. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_MEM_H -#define YR_MEM_H - -#include - -#ifdef DMALLOC - -#define yr_malloc malloc -#define yr_calloc calloc -#define yr_realloc realloc -#define yr_free free -#define yr_strdup strdup -#define yr_strndup strndup - -#include - -#else - -void* yr_calloc( - size_t count, - size_t size); - -void* yr_malloc( - size_t size); - -void* yr_realloc( - void* ptr, - size_t size); - -void yr_free( - void* ptr); - -char* yr_strdup( - const char* str); - -char* yr_strndup( - const char* str, size_t n); - -#endif - -int yr_heap_alloc(void); - -int yr_heap_free(void); - -#endif diff --git a/src/dbg/yara/yara/modules.h b/src/dbg/yara/yara/modules.h deleted file mode 100644 index 559ec044..00000000 --- a/src/dbg/yara/yara/modules.h +++ /dev/null @@ -1,447 +0,0 @@ -/* -Copyright (c) 2014. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_MODULES_H -#define YR_MODULES_H - -#include -#include -#include -#include - -#include "utils.h" -#include "limits.h" -#include "error.h" -#include "exec.h" -#include "types.h" -#include "object.h" -#include "libyara.h" - -// Concatenation that macro-expands its arguments. - -#define YR_CONCAT(arg1, arg2) _YR_CONCAT(arg1, arg2) // expands the arguments. -#define _YR_CONCAT(arg1, arg2) arg1 ## arg2 // do the actual concatenation. - - -#define module_declarations YR_CONCAT(MODULE_NAME, __declarations) -#define module_load YR_CONCAT(MODULE_NAME, __load) -#define module_unload YR_CONCAT(MODULE_NAME, __unload) -#define module_initialize YR_CONCAT(MODULE_NAME, __initialize) -#define module_finalize YR_CONCAT(MODULE_NAME, __finalize) - -#define begin_declarations \ - int module_declarations(YR_OBJECT* module) { \ - YR_OBJECT* stack[64]; \ - int stack_top = 0; \ - stack[stack_top] = module; - - -#define end_declarations \ - return ERROR_SUCCESS; } - - -#define begin_struct(name) { \ - YR_OBJECT* structure; \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_STRUCTURE, \ - name, \ - stack[stack_top], \ - &structure)); \ - assertf( \ - stack_top < sizeof(stack)/sizeof(stack[0]) - 1, \ - "too many nested structures"); \ - stack[++stack_top] = structure; \ - } - - -#define begin_struct_array(name) { \ - YR_OBJECT* structure; \ - YR_OBJECT* array; \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_ARRAY, \ - name, \ - stack[stack_top], \ - &array)); \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_STRUCTURE, \ - name, \ - array, \ - &structure)); \ - assertf( \ - stack_top < sizeof(stack)/sizeof(stack[0]) - 1, \ - "too many nested structures"); \ - stack[++stack_top] = structure; \ - } - - -#define begin_struct_dictionary(name) { \ - YR_OBJECT* structure; \ - YR_OBJECT* array; \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_DICTIONARY, \ - name, \ - stack[stack_top], \ - &array)); \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_STRUCTURE, \ - name, \ - array, \ - &structure)); \ - assertf( \ - stack_top < sizeof(stack)/sizeof(stack[0]) - 1, \ - "too many nested structures"); \ - stack[++stack_top] = structure; \ - } - - -#define end_struct(name) { \ - assert(stack[stack_top]->type == OBJECT_TYPE_STRUCTURE); \ - assertf( \ - strcmp(stack[stack_top]->identifier, name) == 0, \ - "unbalanced begin_struct/end_struct"); \ - stack_top--; \ - } - - -#define end_struct_array(name) end_struct(name) - - -#define end_struct_dictionary(name) end_struct(name) - - -#define declare_integer(name) { \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_INTEGER, \ - name, \ - stack[stack_top], \ - NULL)); \ - } - - -#define declare_integer_array(name) { \ - YR_OBJECT* array; \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_ARRAY, \ - name, \ - stack[stack_top], \ - &array)); \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_INTEGER, \ - name, \ - array, \ - NULL)); \ - } - - -#define declare_integer_dictionary(name) { \ - YR_OBJECT* dict; \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_DICTIONARY, \ - name, \ - stack[stack_top], \ - &dict)); \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_INTEGER, \ - name, \ - dict, \ - NULL)); \ - } - - -#define declare_float(name) { \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_FLOAT, \ - name, \ - stack[stack_top], \ - NULL)); \ - } - - -#define declare_float_array(name) { \ - YR_OBJECT* array; \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_ARRAY, \ - name, \ - stack[stack_top], \ - &array)); \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_FLOAT, \ - name, \ - array, \ - NULL)); \ - } - - -#define declare_float_dictionary(name) { \ - YR_OBJECT* dict; \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_DICTIONARY, \ - name, \ - stack[stack_top], \ - &dict)); \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_FLOAT, \ - name, \ - dict, \ - NULL)); \ - } - - -#define declare_string(name) { \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_STRING, \ - name, \ - stack[stack_top], \ - NULL)); \ - } - - -#define declare_string_array(name) { \ - YR_OBJECT* array; \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_ARRAY, \ - name, \ - stack[stack_top], \ - &array)); \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_STRING, \ - name, \ - array, \ - NULL)); \ - } - - -#define declare_string_dictionary(name) { \ - YR_OBJECT* dict; \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_DICTIONARY, \ - name, \ - stack[stack_top], \ - &dict)); \ - FAIL_ON_ERROR(yr_object_create( \ - OBJECT_TYPE_STRING, \ - name, \ - dict, \ - NULL)); \ - } - - -#define declare_function(name, args_fmt, ret_fmt, func) { \ - YR_OBJECT* function; \ - FAIL_ON_ERROR(yr_object_function_create( \ - name, \ - args_fmt, \ - ret_fmt, \ - func, \ - stack[stack_top], \ - &function)); \ - } - - -#define define_function(func) \ - int func ( \ - YR_VALUE* __args, \ - YR_SCAN_CONTEXT* __context, \ - YR_OBJECT_FUNCTION* __function_obj) - - -#define sized_string_argument(n) \ - (__args[n-1].ss) - -#define string_argument(n) \ - (sized_string_argument(n)->c_string) - -#define integer_argument(n) \ - (__args[n-1].i) - -#define float_argument(n) \ - (__args[n-1].d) - -#define regexp_argument(n) \ - ((RE*)(__args[n-1].re)) - - -#define module() yr_object_get_root((YR_OBJECT*) __function_obj) -#define parent() (__function_obj->parent) -#define scan_context() (__context) - - -#define foreach_memory_block(iterator, block) \ - for (block = iterator->first(iterator); \ - block != NULL; \ - block = iterator->next(iterator)) \ - - -#define first_memory_block(context) \ - (context)->iterator->first((context)->iterator) - - -#define is_undefined(object, ...) \ - yr_object_has_undefined_value(object, __VA_ARGS__) - - -#define get_object(object, ...) \ - yr_object_lookup(object, 0, __VA_ARGS__) - - -#define get_integer(object, ...) \ - yr_object_get_integer(object, __VA_ARGS__) - - -#define get_float(object, ...) \ - yr_object_get_float(object, __VA_ARGS__) - - -#define get_string(object, ...) \ - yr_object_get_string(object, __VA_ARGS__) - - -#define set_integer(value, object, ...) \ - yr_object_set_integer(value, object, __VA_ARGS__) - - -#define set_float(value, object, ...) \ - yr_object_set_float(value, object, __VA_ARGS__) - - -#define set_sized_string(value, len, object, ...) \ - yr_object_set_string(value, len, object, __VA_ARGS__) - - -#define set_string(value, object, ...) \ - set_sized_string(value, strlen(value), object, __VA_ARGS__) - - -#define return_integer(integer) { \ - assertf( \ - __function_obj->return_obj->type == OBJECT_TYPE_INTEGER, \ - "return type differs from function declaration"); \ - yr_object_set_integer( \ - (integer), \ - __function_obj->return_obj, \ - NULL); \ - return ERROR_SUCCESS; \ - } - - -#define return_float(double_) { \ - double d = (double) (double_); \ - assertf( \ - __function_obj->return_obj->type == OBJECT_TYPE_FLOAT, \ - "return type differs from function declaration"); \ - yr_object_set_float( \ - (d != (double) UNDEFINED) ? d : NAN, \ - __function_obj->return_obj, \ - NULL); \ - return ERROR_SUCCESS; \ - } - - -#define return_string(string) { \ - char* s = (char*) (string); \ - assertf( \ - __function_obj->return_obj->type == OBJECT_TYPE_STRING, \ - "return type differs from function declaration"); \ - yr_object_set_string( \ - (s != (char*) UNDEFINED) ? s : NULL, \ - (s != (char*) UNDEFINED) ? strlen(s) : 0, \ - __function_obj->return_obj, \ - NULL); \ - return ERROR_SUCCESS; \ - } - - -struct _YR_MODULE; - - -typedef int (*YR_EXT_INITIALIZE_FUNC)( - struct _YR_MODULE* module); - - -typedef int (*YR_EXT_FINALIZE_FUNC)( - struct _YR_MODULE* module); - - -typedef int (*YR_EXT_DECLARATIONS_FUNC)( - YR_OBJECT* module_object); - - -typedef int (*YR_EXT_LOAD_FUNC)( - YR_SCAN_CONTEXT* context, - YR_OBJECT* module_object, - void* module_data, - size_t module_data_size); - - -typedef int (*YR_EXT_UNLOAD_FUNC)( - YR_OBJECT* module_object); - - -typedef struct _YR_MODULE -{ - char* name; - - YR_EXT_DECLARATIONS_FUNC declarations; - YR_EXT_LOAD_FUNC load; - YR_EXT_UNLOAD_FUNC unload; - YR_EXT_INITIALIZE_FUNC initialize; - YR_EXT_FINALIZE_FUNC finalize; - -} YR_MODULE; - - -typedef struct _YR_MODULE_IMPORT -{ - const char* module_name; - void* module_data; - size_t module_data_size; - -} YR_MODULE_IMPORT; - - -int yr_modules_initialize(void); - - -int yr_modules_finalize(void); - - -int yr_modules_do_declarations( - const char* module_name, - YR_OBJECT* main_structure); - - -int yr_modules_load( - const char* module_name, - YR_SCAN_CONTEXT* context); - - -int yr_modules_unload_all( - YR_SCAN_CONTEXT* context); - -#endif diff --git a/src/dbg/yara/yara/object.h b/src/dbg/yara/yara/object.h deleted file mode 100644 index d194a3e7..00000000 --- a/src/dbg/yara/yara/object.h +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright (c) 2014. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_OBJECT_H -#define YR_OBJECT_H - -#ifdef _MSC_VER - -#include -#ifndef isnan -#define isnan _isnan -#endif - -#ifndef INFINITY -#define INFINITY (DBL_MAX + DBL_MAX) -#endif - -#ifndef NAN -#define NAN (INFINITY-INFINITY) -#endif - -#endif - -#include "types.h" - - -#define OBJECT_CREATE 1 - -#define OBJECT_TYPE_INTEGER 1 -#define OBJECT_TYPE_STRING 2 -#define OBJECT_TYPE_STRUCTURE 3 -#define OBJECT_TYPE_ARRAY 4 -#define OBJECT_TYPE_FUNCTION 5 -#define OBJECT_TYPE_DICTIONARY 6 -#define OBJECT_TYPE_FLOAT 7 - - -int yr_object_create( - int8_t type, - const char* identifier, - YR_OBJECT* parent, - YR_OBJECT** object); - - -int yr_object_function_create( - const char* identifier, - const char* arguments_fmt, - const char* return_fmt, - YR_MODULE_FUNC func, - YR_OBJECT* parent, - YR_OBJECT** function); - - -int yr_object_from_external_variable( - YR_EXTERNAL_VARIABLE* external, - YR_OBJECT** object); - - -void yr_object_destroy( - YR_OBJECT* object); - - -int yr_object_copy( - YR_OBJECT* object, - YR_OBJECT** object_copy); - - -YR_OBJECT* yr_object_lookup_field( - YR_OBJECT* object, - const char* field_name); - - -YR_OBJECT* yr_object_lookup( - YR_OBJECT* root, - int flags, - const char* pattern, - ...); - - -int yr_object_has_undefined_value( - YR_OBJECT* object, - const char* field, - ...); - -int64_t yr_object_get_integer( - YR_OBJECT* object, - const char* field, - ...); - - -SIZED_STRING* yr_object_get_string( - YR_OBJECT* object, - const char* field, - ...); - - -int yr_object_set_integer( - int64_t value, - YR_OBJECT* object, - const char* field, - ...); - - -int yr_object_set_float( - double value, - YR_OBJECT* object, - const char* field, - ...); - - -int yr_object_set_string( - const char* value, - size_t len, - YR_OBJECT* object, - const char* field, - ...); - - -YR_OBJECT* yr_object_array_get_item( - YR_OBJECT* object, - int flags, - int index); - - -int yr_object_array_set_item( - YR_OBJECT* object, - YR_OBJECT* item, - int index); - - -YR_OBJECT* yr_object_dict_get_item( - YR_OBJECT* object, - int flags, - const char* key); - - -int yr_object_dict_set_item( - YR_OBJECT* object, - YR_OBJECT* item, - const char* key); - - -int yr_object_structure_set_member( - YR_OBJECT* object, - YR_OBJECT* member); - - -YR_OBJECT* yr_object_get_root( - YR_OBJECT* object); - - -YR_API void yr_object_print_data( - YR_OBJECT* object, - int indent, - int print_identifier); - - -#endif diff --git a/src/dbg/yara/yara/parser.h b/src/dbg/yara/yara/parser.h deleted file mode 100644 index 8042bcfc..00000000 --- a/src/dbg/yara/yara/parser.h +++ /dev/null @@ -1,138 +0,0 @@ -/* -Copyright (c) 2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_PARSER_H -#define YR_PARSER_H - - -#include "lexer.h" - - -int yr_parser_emit( - yyscan_t yyscanner, - uint8_t instruction, - uint8_t** instruction_address); - - -int yr_parser_emit_with_arg( - yyscan_t yyscanner, - uint8_t instruction, - int64_t argument, - uint8_t** instruction_address, - int64_t** argument_address); - - -int yr_parser_emit_with_arg_double( - yyscan_t yyscanner, - uint8_t instruction, - double argument, - uint8_t** instruction_address, - double** argument_address); - - -int yr_parser_emit_with_arg_reloc( - yyscan_t yyscanner, - uint8_t instruction, - void* argument, - uint8_t** instruction_address, - void** argument_address); - - -int yr_parser_check_types( - YR_COMPILER* compiler, - YR_OBJECT_FUNCTION* function, - const char* actual_args_fmt); - - -YR_STRING* yr_parser_lookup_string( - yyscan_t yyscanner, - const char* identifier); - - -int yr_parser_lookup_loop_variable( - yyscan_t yyscanner, - const char* identifier); - - -YR_RULE* yr_parser_reduce_rule_declaration_phase_1( - yyscan_t yyscanner, - int32_t flags, - const char* identifier); - - -int yr_parser_reduce_rule_declaration_phase_2( - yyscan_t yyscanner, - YR_RULE* rule); - - -YR_STRING* yr_parser_reduce_string_declaration( - yyscan_t yyscanner, - int32_t flags, - const char* identifier, - SIZED_STRING* str); - - -YR_META* yr_parser_reduce_meta_declaration( - yyscan_t yyscanner, - int32_t type, - const char* identifier, - const char* string, - int64_t integer); - - -int yr_parser_reduce_string_identifier( - yyscan_t yyscanner, - const char* identifier, - uint8_t instruction, - uint64_t at_offset); - - -int yr_parser_emit_pushes_for_strings( - yyscan_t yyscanner, - const char* identifier); - - -int yr_parser_reduce_external( - yyscan_t yyscanner, - const char* identifier, - uint8_t instruction); - - -int yr_parser_reduce_import( - yyscan_t yyscanner, - SIZED_STRING* module_name); - - -int yr_parser_reduce_operation( - yyscan_t yyscanner, - const char* operation, - EXPRESSION left_operand, - EXPRESSION right_operand); - -#endif diff --git a/src/dbg/yara/yara/pe.h b/src/dbg/yara/yara/pe.h deleted file mode 100644 index a5157696..00000000 --- a/src/dbg/yara/yara/pe.h +++ /dev/null @@ -1,533 +0,0 @@ -/* -Copyright (c) 2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_PE_H -#define YR_PE_H - -#include "endian.h" -#include "types.h" - -#pragma pack(push, 1) - -#if defined(_WIN32) || defined(__CYGWIN__) -#include - -// These definitions are not present in older Windows headers. - -#ifndef IMAGE_FILE_MACHINE_ARMNT -#define IMAGE_FILE_MACHINE_ARMNT 0x01c4 -#endif - -#ifndef IMAGE_FILE_MACHINE_ARM64 -#define IMAGE_FILE_MACHINE_ARM64 0xaa64 -#endif - -#else - -#include - -#include "integers.h" - -typedef uint8_t BYTE; -typedef uint16_t WORD; -typedef uint32_t DWORD; -typedef int32_t LONG; -typedef uint32_t ULONG; -typedef uint64_t ULONGLONG; - - -#define FIELD_OFFSET(type, field) ((size_t)&(((type *)0)->field)) - -#ifndef _MAC - -#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ -#define IMAGE_OS2_SIGNATURE 0x454E // NE -#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE -#define IMAGE_VXD_SIGNATURE 0x454C // LE -#define IMAGE_NT_SIGNATURE 0x00004550 // PE00 - -#else - -#define IMAGE_DOS_SIGNATURE 0x4D5A // MZ -#define IMAGE_OS2_SIGNATURE 0x4E45 // NE -#define IMAGE_OS2_SIGNATURE_LE 0x4C45 // LE -#define IMAGE_NT_SIGNATURE 0x50450000 // PE00 - -#endif - -#pragma pack(push, 2) - -typedef struct _IMAGE_DOS_HEADER // DOS .EXE header -{ - WORD e_magic; // Magic number - WORD e_cblp; // Bytes on last page of file - WORD e_cp; // Pages in file - WORD e_crlc; // Relocations - WORD e_cparhdr; // Size of header in paragraphs - WORD e_minalloc; // Minimum extra paragraphs needed - WORD e_maxalloc; // Maximum extra paragraphs needed - WORD e_ss; // Initial (relative) SS value - WORD e_sp; // Initial SP value - WORD e_csum; // Checksum - WORD e_ip; // Initial IP value - WORD e_cs; // Initial (relative) CS value - WORD e_lfarlc; // File address of relocation table - WORD e_ovno; // Overlay number - WORD e_res[4]; // Reserved words - WORD e_oemid; // OEM identifier (for e_oeminfo) - WORD e_oeminfo; // OEM information; e_oemid specific - WORD e_res2[10]; // Reserved words - LONG e_lfanew; // File address of new exe header -} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER; - -#pragma pack(pop) - -// -// File header format. -// - -#pragma pack(push,4) - -typedef struct _IMAGE_FILE_HEADER -{ - WORD Machine; - WORD NumberOfSections; - DWORD TimeDateStamp; - DWORD PointerToSymbolTable; - DWORD NumberOfSymbols; - WORD SizeOfOptionalHeader; - WORD Characteristics; -} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; - - - -#define IMAGE_SIZEOF_FILE_HEADER 20 - - -#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file. -#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved external references). -#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line numbers stripped from file. -#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file. -#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 // Aggressively trim working set -#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 // App can handle >2gb addresses -#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed. -#define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine. -#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file -#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file. -#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file. -#define IMAGE_FILE_SYSTEM 0x1000 // System File. -#define IMAGE_FILE_DLL 0x2000 // File is a DLL. -#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine -#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed. - - -#define IMAGE_FILE_MACHINE_UNKNOWN 0x0000 -#define IMAGE_FILE_MACHINE_AM33 0x01d3 -#define IMAGE_FILE_MACHINE_AMD64 0x8664 -#define IMAGE_FILE_MACHINE_ARM 0x01c0 -#define IMAGE_FILE_MACHINE_ARMNT 0x01c4 -#define IMAGE_FILE_MACHINE_ARM64 0xaa64 -#define IMAGE_FILE_MACHINE_EBC 0x0ebc -#define IMAGE_FILE_MACHINE_I386 0x014c -#define IMAGE_FILE_MACHINE_IA64 0x0200 -#define IMAGE_FILE_MACHINE_M32R 0x9041 -#define IMAGE_FILE_MACHINE_MIPS16 0x0266 -#define IMAGE_FILE_MACHINE_MIPSFPU 0x0366 -#define IMAGE_FILE_MACHINE_MIPSFPU16 0x0466 -#define IMAGE_FILE_MACHINE_POWERPC 0x01f0 -#define IMAGE_FILE_MACHINE_POWERPCFP 0x01f1 -#define IMAGE_FILE_MACHINE_R4000 0x0166 -#define IMAGE_FILE_MACHINE_SH3 0x01a2 -#define IMAGE_FILE_MACHINE_SH3DSP 0x01a3 -#define IMAGE_FILE_MACHINE_SH4 0x01a6 -#define IMAGE_FILE_MACHINE_SH5 0x01a8 -#define IMAGE_FILE_MACHINE_THUMB 0x01c2 -#define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 - -// Section characteristics -#define IMAGE_SCN_CNT_CODE 0x00000020 -#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 -#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 -#define IMAGE_SCN_GPREL 0x00008000 -#define IMAGE_SCN_MEM_16BIT 0x00020000 -#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 -#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 -#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 -#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 -#define IMAGE_SCN_MEM_SHARED 0x10000000 -#define IMAGE_SCN_MEM_EXECUTE 0x20000000 -#define IMAGE_SCN_MEM_READ 0x40000000 -#define IMAGE_SCN_MEM_WRITE 0x80000000 - -// -// Directory format. -// - -typedef struct _IMAGE_DATA_DIRECTORY -{ - DWORD VirtualAddress; - DWORD Size; -} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY; - -#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 - - -#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory -#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory -#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory -#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory -#define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory -#define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table -#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory -#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage) -#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 7 // Architecture Specific Data -#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // RVA of GP -#define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory -#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory -#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers -#define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table -#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 13 // Delay Load Import Descriptors -#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 14 // COM Runtime descriptor - - -// -// Optional header format. -// - -typedef struct _IMAGE_OPTIONAL_HEADER32 -{ - WORD Magic; - BYTE MajorLinkerVersion; - BYTE MinorLinkerVersion; - DWORD SizeOfCode; - DWORD SizeOfInitializedData; - DWORD SizeOfUninitializedData; - DWORD AddressOfEntryPoint; - DWORD BaseOfCode; - DWORD BaseOfData; - DWORD ImageBase; - DWORD SectionAlignment; - DWORD FileAlignment; - WORD MajorOperatingSystemVersion; - WORD MinorOperatingSystemVersion; - WORD MajorImageVersion; - WORD MinorImageVersion; - WORD MajorSubsystemVersion; - WORD MinorSubsystemVersion; - DWORD Win32VersionValue; - DWORD SizeOfImage; - DWORD SizeOfHeaders; - DWORD CheckSum; - WORD Subsystem; - WORD DllCharacteristics; - DWORD SizeOfStackReserve; - DWORD SizeOfStackCommit; - DWORD SizeOfHeapReserve; - DWORD SizeOfHeapCommit; - DWORD LoaderFlags; - DWORD NumberOfRvaAndSizes; - IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; - -} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32; - - -typedef struct _IMAGE_OPTIONAL_HEADER64 -{ - WORD Magic; - BYTE MajorLinkerVersion; - BYTE MinorLinkerVersion; - DWORD SizeOfCode; - DWORD SizeOfInitializedData; - DWORD SizeOfUninitializedData; - DWORD AddressOfEntryPoint; - DWORD BaseOfCode; - ULONGLONG ImageBase; - DWORD SectionAlignment; - DWORD FileAlignment; - WORD MajorOperatingSystemVersion; - WORD MinorOperatingSystemVersion; - WORD MajorImageVersion; - WORD MinorImageVersion; - WORD MajorSubsystemVersion; - WORD MinorSubsystemVersion; - DWORD Win32VersionValue; - DWORD SizeOfImage; - DWORD SizeOfHeaders; - DWORD CheckSum; - WORD Subsystem; - WORD DllCharacteristics; - ULONGLONG SizeOfStackReserve; - ULONGLONG SizeOfStackCommit; - ULONGLONG SizeOfHeapReserve; - ULONGLONG SizeOfHeapCommit; - DWORD LoaderFlags; - DWORD NumberOfRvaAndSizes; - IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; - -} IMAGE_OPTIONAL_HEADER64, *PIMAGE_OPTIONAL_HEADER64; - - -#define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10b -#define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20b - - -typedef struct _IMAGE_NT_HEADERS32 -{ - DWORD Signature; - IMAGE_FILE_HEADER FileHeader; - IMAGE_OPTIONAL_HEADER32 OptionalHeader; - -} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32; - - -typedef struct _IMAGE_NT_HEADERS64 -{ - DWORD Signature; - IMAGE_FILE_HEADER FileHeader; - IMAGE_OPTIONAL_HEADER64 OptionalHeader; - -} IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64; - -// IMAGE_FIRST_SECTION doesn't need 32/64 versions since the file header is -// the same either way. - -#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \ - ((BYTE*)ntheader + \ - FIELD_OFFSET( IMAGE_NT_HEADERS32, OptionalHeader ) + \ - yr_le16toh(((PIMAGE_NT_HEADERS32)(ntheader))->FileHeader.SizeOfOptionalHeader) \ - )) - -// Subsystem Values - -#define IMAGE_SUBSYSTEM_UNKNOWN 0 -#define IMAGE_SUBSYSTEM_NATIVE 1 -#define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 -#define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 -#define IMAGE_SUBSYSTEM_OS2_CUI 5 -#define IMAGE_SUBSYSTEM_POSIX_CUI 7 -#define IMAGE_SUBSYSTEM_NATIVE_WINDOWS 8 -#define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI 9 -#define IMAGE_SUBSYSTEM_EFI_APPLICATION 10 -#define IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER 11 -#define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER 12 -#define IMAGE_SUBSYSTEM_EFI_ROM_IMAGE 13 -#define IMAGE_SUBSYSTEM_XBOX 14 -#define IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION 16 - -// DllCharacteristics values - -#define IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040 -#define IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY 0x0080 -#define IMAGE_DLLCHARACTERISTICS_NX_COMPAT 0x0100 -#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION 0x0200 -#define IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400 -#define IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800 -#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000 -#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000 - -// -// Section header format. -// - -#define IMAGE_SIZEOF_SHORT_NAME 8 - -typedef struct _IMAGE_SECTION_HEADER -{ - BYTE Name[IMAGE_SIZEOF_SHORT_NAME]; - union - { - DWORD PhysicalAddress; - DWORD VirtualSize; - } Misc; - DWORD VirtualAddress; - DWORD SizeOfRawData; - DWORD PointerToRawData; - DWORD PointerToRelocations; - DWORD PointerToLinenumbers; - WORD NumberOfRelocations; - WORD NumberOfLinenumbers; - DWORD Characteristics; - -} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER; - -#define IMAGE_SIZEOF_SECTION_HEADER 40 - - -typedef struct _IMAGE_EXPORT_DIRECTORY -{ - DWORD Characteristics; - DWORD TimeDateStamp; - WORD MajorVersion; - WORD MinorVersion; - DWORD Name; - DWORD Base; - DWORD NumberOfFunctions; - DWORD NumberOfNames; - DWORD AddressOfFunctions; - DWORD AddressOfNames; - DWORD AddressOfNameOrdinals; -} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY; - - -typedef struct _IMAGE_IMPORT_DESCRIPTOR -{ - union - { - DWORD Characteristics; - DWORD OriginalFirstThunk; - } ; - DWORD TimeDateStamp; - DWORD ForwarderChain; - DWORD Name; - DWORD FirstThunk; - -} IMAGE_IMPORT_DESCRIPTOR, *PIMAGE_IMPORT_DESCRIPTOR; - - -typedef struct _IMAGE_IMPORT_BY_NAME -{ - WORD Hint; - BYTE Name[1]; - -} IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME; - -typedef struct _IMAGE_THUNK_DATA32 -{ - union - { - DWORD ForwarderString; - DWORD Function; - DWORD Ordinal; - DWORD AddressOfData; - } u1; - -} IMAGE_THUNK_DATA32, *PIMAGE_THUNK_DATA32; - - -#define IMAGE_ORDINAL_FLAG32 0x80000000 -#define IMAGE_ORDINAL_FLAG64 0x8000000000000000L - -typedef struct _IMAGE_THUNK_DATA64 -{ - union - { - ULONGLONG ForwarderString; - ULONGLONG Function; - ULONGLONG Ordinal; - ULONGLONG AddressOfData; - } u1; - -} IMAGE_THUNK_DATA64, *PIMAGE_THUNK_DATA64; - - -typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY -{ - DWORD Name; - DWORD OffsetToData; -} IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY; - - -typedef struct _IMAGE_RESOURCE_DATA_ENTRY -{ - DWORD OffsetToData; - DWORD Size; - DWORD CodePage; - DWORD Reserved; -} IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY; - - -typedef struct _IMAGE_RESOURCE_DIRECTORY -{ - DWORD Characteristics; - DWORD TimeDateStamp; - WORD MajorVersion; - WORD MinorVersion; - WORD NumberOfNamedEntries; - WORD NumberOfIdEntries; -} IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY; - -#pragma pack(pop) - -#endif // _WIN32 - -typedef struct _VERSION_INFO -{ - WORD Length; - WORD ValueLength; - WORD Type; - char Key[0]; -} VERSION_INFO, *PVERSION_INFO; - - -#define WIN_CERT_REVISION_1_0 0x0100 -#define WIN_CERT_REVISION_2_0 0x0200 - -#define WIN_CERT_TYPE_X509 0x0001 -#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 -#define WIN_CERT_TYPE_RESERVED_1 0x0003 -#define WIN_CERT_TYPE_TS_STACK_SIGNED 0x0004 - -typedef struct _WIN_CERTIFICATE -{ - DWORD Length; - WORD Revision; - WORD CertificateType; - BYTE Certificate[0]; -} WIN_CERTIFICATE, *PWIN_CERTIFICATE; - - -// -// Rich signature. -// http://www.ntcore.com/files/richsign.htm -// - -#define RICH_VERSION_ID(id_version) (id_version >> 16) -#define RICH_VERSION_VERSION(id_version) (id_version & 0xFFFF) - -typedef struct _RICH_VERSION_INFO -{ - DWORD id_version; //tool id and version (use RICH_VERSION_ID and RICH_VERSION_VERSION macros) - DWORD times; //number of times this tool was used -} RICH_VERSION_INFO, *PRICH_VERSION_INFO; - -typedef struct _RICH_SIGNATURE -{ - DWORD dans; - DWORD key1; - DWORD key2; - DWORD key3; - RICH_VERSION_INFO versions[0]; -} RICH_SIGNATURE, *PRICH_SIGNATURE; - -#define RICH_DANS 0x536e6144 // "DanS" -#define RICH_RICH 0x68636952 // "Rich" - - -#pragma pack(pop) -#endif diff --git a/src/dbg/yara/yara/pe_utils.h b/src/dbg/yara/yara/pe_utils.h deleted file mode 100644 index d6292e8f..00000000 --- a/src/dbg/yara/yara/pe_utils.h +++ /dev/null @@ -1,114 +0,0 @@ -#ifndef YR_PE_UTILS_H -#define YR_PE_UTILS_H - -#include - -#define MAX_PE_SECTIONS 96 - - -#define IS_64BITS_PE(pe) \ - (yr_le16toh(pe->header64->OptionalHeader.Magic) == IMAGE_NT_OPTIONAL_HDR64_MAGIC) - - -#define OptionalHeader(pe,field) \ - (IS_64BITS_PE(pe) ? \ - pe->header64->OptionalHeader.field : \ - pe->header->OptionalHeader.field) - - -// -// Imports are stored in a linked list. Each node (IMPORTED_DLL) contains the -// name of the DLL and a pointer to another linked list of -// IMPORT_EXPORT_FUNCTION structures containing the details of imported -// functions. -// - -typedef struct _IMPORTED_DLL -{ - char* name; - - struct _IMPORT_EXPORT_FUNCTION* functions; - struct _IMPORTED_DLL* next; - -} IMPORTED_DLL, *PIMPORTED_DLL; - - -// -// This is used to track imported and exported functions. The "has_ordinal" -// field is only used in the case of imports as those are optional. Every export -// has an ordinal so we don't need the field there, but in the interest of -// keeping duplicate code to a minimum we use this function for both imports and -// exports. -// - -typedef struct _IMPORT_EXPORT_FUNCTION -{ - char* name; - uint8_t has_ordinal; - uint16_t ordinal; - - struct _IMPORT_EXPORT_FUNCTION* next; - -} IMPORT_EXPORT_FUNCTION, *PIMPORT_EXPORT_FUNCTION; - - -typedef struct _PE -{ - uint8_t* data; - size_t data_size; - - union - { - PIMAGE_NT_HEADERS32 header; - PIMAGE_NT_HEADERS64 header64; - }; - - YR_OBJECT* object; - IMPORTED_DLL* imported_dlls; - IMPORT_EXPORT_FUNCTION* exported_functions; - - uint32_t resources; - -} PE; - - -#define fits_in_pe(pe, pointer, size) \ - ((size_t) size <= pe->data_size && \ - (uint8_t*) (pointer) >= pe->data && \ - (uint8_t*) (pointer) <= pe->data + pe->data_size - size) - -#define struct_fits_in_pe(pe, pointer, struct_type) \ - fits_in_pe(pe, pointer, sizeof(struct_type)) - - -PIMAGE_NT_HEADERS32 pe_get_header( - uint8_t* data, - size_t data_size); - - -PIMAGE_DATA_DIRECTORY pe_get_directory_entry( - PE* pe, - int entry); - - -PIMAGE_DATA_DIRECTORY pe_get_directory_entry( - PE* pe, - int entry); - - -int64_t pe_rva_to_offset( - PE* pe, - uint64_t rva); - - -char* ord_lookup( - char* dll, - uint16_t ord); - - -#if HAVE_LIBCRYPTO -#include -time_t ASN1_get_time_t(ASN1_TIME* time); -#endif - -#endif diff --git a/src/dbg/yara/yara/proc.h b/src/dbg/yara/yara/proc.h deleted file mode 100644 index fb6b289d..00000000 --- a/src/dbg/yara/yara/proc.h +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright (c) 2007. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_PROC_H -#define YR_PROC_H - -#include "types.h" - -int yr_process_open_iterator( - int pid, - YR_MEMORY_BLOCK_ITERATOR* iterator); - -int yr_process_close_iterator( - YR_MEMORY_BLOCK_ITERATOR* iterator); - -#endif diff --git a/src/dbg/yara/yara/re.h b/src/dbg/yara/yara/re.h deleted file mode 100644 index cfc7df70..00000000 --- a/src/dbg/yara/yara/re.h +++ /dev/null @@ -1,272 +0,0 @@ -/* -Copyright (c) 2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_RE_H -#define YR_RE_H - -#include - -#include "arena.h" -#include "sizedstr.h" - -#define RE_NODE_LITERAL 1 -#define RE_NODE_MASKED_LITERAL 2 -#define RE_NODE_ANY 3 -#define RE_NODE_CONCAT 4 -#define RE_NODE_ALT 5 -#define RE_NODE_RANGE 6 -#define RE_NODE_STAR 7 -#define RE_NODE_PLUS 8 -#define RE_NODE_CLASS 9 -#define RE_NODE_WORD_CHAR 10 -#define RE_NODE_NON_WORD_CHAR 11 -#define RE_NODE_SPACE 12 -#define RE_NODE_NON_SPACE 13 -#define RE_NODE_DIGIT 14 -#define RE_NODE_NON_DIGIT 15 -#define RE_NODE_EMPTY 16 -#define RE_NODE_ANCHOR_START 17 -#define RE_NODE_ANCHOR_END 18 -#define RE_NODE_WORD_BOUNDARY 19 -#define RE_NODE_NON_WORD_BOUNDARY 20 -#define RE_NODE_RANGE_ANY 21 - - -#define RE_OPCODE_ANY 0xA0 -#define RE_OPCODE_ANY_EXCEPT_NEW_LINE 0xA1 -#define RE_OPCODE_LITERAL 0xA2 -#define RE_OPCODE_MASKED_LITERAL 0xA4 -#define RE_OPCODE_CLASS 0xA5 -#define RE_OPCODE_WORD_CHAR 0xA7 -#define RE_OPCODE_NON_WORD_CHAR 0xA8 -#define RE_OPCODE_SPACE 0xA9 -#define RE_OPCODE_NON_SPACE 0xAA -#define RE_OPCODE_DIGIT 0xAB -#define RE_OPCODE_NON_DIGIT 0xAC -#define RE_OPCODE_MATCH 0xAD - -#define RE_OPCODE_MATCH_AT_END 0xB0 -#define RE_OPCODE_MATCH_AT_START 0xB1 -#define RE_OPCODE_WORD_BOUNDARY 0xB2 -#define RE_OPCODE_NON_WORD_BOUNDARY 0xB3 -#define RE_OPCODE_REPEAT_ANY_GREEDY 0xB4 -#define RE_OPCODE_REPEAT_ANY_UNGREEDY 0xB5 - -#define RE_OPCODE_SPLIT_A 0xC0 -#define RE_OPCODE_SPLIT_B 0xC1 -#define RE_OPCODE_JUMP 0xC2 -#define RE_OPCODE_REPEAT_START_GREEDY 0xC3 -#define RE_OPCODE_REPEAT_END_GREEDY 0xC4 -#define RE_OPCODE_REPEAT_START_UNGREEDY 0xC5 -#define RE_OPCODE_REPEAT_END_UNGREEDY 0xC6 - - -#define RE_FLAGS_FAST_REGEXP 0x02 -#define RE_FLAGS_BACKWARDS 0x04 -#define RE_FLAGS_EXHAUSTIVE 0x08 -#define RE_FLAGS_WIDE 0x10 -#define RE_FLAGS_NO_CASE 0x20 -#define RE_FLAGS_SCAN 0x40 -#define RE_FLAGS_DOT_ALL 0x80 -#define RE_FLAGS_GREEDY 0x400 -#define RE_FLAGS_UNGREEDY 0x800 - - -typedef struct RE RE; -typedef struct RE_AST RE_AST; -typedef struct RE_NODE RE_NODE; -typedef struct RE_ERROR RE_ERROR; - -typedef uint8_t RE_SPLIT_ID_TYPE; - - -struct RE_NODE -{ - int type; - - union - { - int value; - int count; - int start; - }; - - union - { - int mask; - int end; - }; - - int greedy; - - uint8_t* class_vector; - - RE_NODE* left; - RE_NODE* right; - - uint8_t* forward_code; - uint8_t* backward_code; -}; - - -struct RE_AST -{ - uint32_t flags; - RE_NODE* root_node; -}; - - -// Disable warning due to zero length array in Microsoft's compiler - -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning(disable:4200) -#endif - -struct RE -{ - uint32_t flags; - uint8_t code[0]; -}; - -#ifdef _MSC_VER -#pragma warning(pop) -#endif - - -struct RE_ERROR -{ - char message[512]; -}; - - -typedef int RE_MATCH_CALLBACK_FUNC( - uint8_t* match, - int match_length, - int flags, - void* args); - - -int yr_re_ast_create( - RE_AST** re_ast); - -void yr_re_ast_destroy( - RE_AST* re_ast); - -void yr_re_ast_print( - RE_AST* re_ast); - -SIZED_STRING* yr_re_ast_extract_literal( - RE_AST* re_ast); - - -int yr_re_ast_contains_dot_star( - RE_AST* re_ast); - - -int yr_re_ast_split_at_chaining_point( - RE_AST* re_ast, - RE_AST** result_re_ast, - RE_AST** remainder_re_ast, - int32_t* min_gap, - int32_t* max_gap); - - -int yr_re_ast_emit_code( - RE_AST* re_ast, - YR_ARENA* arena, - int backwards_code); - - -RE_NODE* yr_re_node_create( - int type, - RE_NODE* left, - RE_NODE* right); - - -void yr_re_node_destroy( - RE_NODE* node); - - -int yr_re_exec( - uint8_t* re_code, - uint8_t* input, - size_t input_forwards_size, - size_t input_backwards_size, - int flags, - RE_MATCH_CALLBACK_FUNC callback, - void* callback_args, - int* matches); - - -int yr_re_fast_exec( - uint8_t* code, - uint8_t* input_data, - size_t input_forwards_size, - size_t input_backwards_size, - int flags, - RE_MATCH_CALLBACK_FUNC callback, - void* callback_args, - int* matches); - - -int yr_re_parse( - const char* re_string, - RE_AST** re_ast, - RE_ERROR* error); - - -int yr_re_parse_hex( - const char* hex_string, - RE_AST** re_ast, - RE_ERROR* error); - - -int yr_re_compile( - const char* re_string, - int flags, - YR_ARENA* code_arena, - RE** re, - RE_ERROR* error); - - -int yr_re_match( - RE* re, - const char* target); - - -int yr_re_initialize(void); - - -int yr_re_finalize(void); - - -int yr_re_finalize_thread(void); - -#endif diff --git a/src/dbg/yara/yara/re_lexer.h b/src/dbg/yara/yara/re_lexer.h deleted file mode 100644 index e1332963..00000000 --- a/src/dbg/yara/yara/re_lexer.h +++ /dev/null @@ -1,109 +0,0 @@ -/* -Copyright (c) 2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#undef yyparse -#undef yylex -#undef yyerror -#undef yyfatal -#undef yychar -#undef yydebug -#undef yynerrs -#undef yyget_extra -#undef yyget_lineno - -#undef YY_FATAL_ERROR -#undef YY_DECL -#undef LEX_ENV - - -#define yyparse re_yyparse -#define yylex re_yylex -#define yyerror re_yyerror -#define yyfatal re_yyfatal -#define yychar re_yychar -#define yydebug re_yydebug -#define yynerrs re_yynerrs -#define yyget_extra re_yyget_extra -#define yyget_lineno re_yyget_lineno - - -#ifndef YY_TYPEDEF_YY_SCANNER_T -#define YY_TYPEDEF_YY_SCANNER_T -typedef void* yyscan_t; -#endif - -#define YY_EXTRA_TYPE RE_AST* -#define YY_USE_CONST - - -typedef struct _RE_LEX_ENVIRONMENT -{ - int negated_class; - uint8_t class_vector[32]; - int last_error_code; - char last_error_message[256]; - -} RE_LEX_ENVIRONMENT; - - -#define LEX_ENV ((RE_LEX_ENVIRONMENT*) lex_env) - -#define YY_FATAL_ERROR(msg) re_yyfatal(yyscanner, msg) - -#include - -#define YY_DECL int re_yylex \ - (YYSTYPE * yylval_param , yyscan_t yyscanner, RE_LEX_ENVIRONMENT* lex_env) - - -YY_EXTRA_TYPE yyget_extra( - yyscan_t yyscanner); - -int yylex( - YYSTYPE* yylval_param, - yyscan_t yyscanner, - RE_LEX_ENVIRONMENT* lex_env); - -int yyparse( - void* yyscanner, - RE_LEX_ENVIRONMENT* lex_env); - -void yyerror( - yyscan_t yyscanner, - RE_LEX_ENVIRONMENT* lex_env, - const char* error_message); - -void yyfatal( - yyscan_t yyscanner, - const char* error_message); - -int yr_parse_re_string( - const char* re_string, - RE_AST** re_ast, - RE_ERROR* error); diff --git a/src/dbg/yara/yara/rules.h b/src/dbg/yara/yara/rules.h deleted file mode 100644 index 143b3bb2..00000000 --- a/src/dbg/yara/yara/rules.h +++ /dev/null @@ -1,159 +0,0 @@ -/* -Copyright (c) 2014. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_RULES_H -#define YR_RULES_H - -#include "types.h" -#include "utils.h" -#include "filemap.h" - - -#define CALLBACK_MSG_RULE_MATCHING 1 -#define CALLBACK_MSG_RULE_NOT_MATCHING 2 -#define CALLBACK_MSG_SCAN_FINISHED 3 -#define CALLBACK_MSG_IMPORT_MODULE 4 -#define CALLBACK_MSG_MODULE_IMPORTED 5 - -#define CALLBACK_CONTINUE 0 -#define CALLBACK_ABORT 1 -#define CALLBACK_ERROR 2 - - -#define yr_rule_tags_foreach(rule, tag_name) \ - for (tag_name = rule->tags; \ - tag_name != NULL && *tag_name != '\0'; \ - tag_name += strlen(tag_name) + 1) - - -#define yr_rule_metas_foreach(rule, meta) \ - for (meta = rule->metas; !META_IS_NULL(meta); meta++) - - -#define yr_rule_strings_foreach(rule, string) \ - for (string = rule->strings; !STRING_IS_NULL(string); string++) - - -#define yr_string_matches_foreach(string, match) \ - for (match = STRING_MATCHES(string).head; match != NULL; match = match->next) - - -#define yr_rules_foreach(rules, rule) \ - for (rule = rules->rules_list_head; !RULE_IS_NULL(rule); rule++) - - - -YR_API int yr_rules_scan_mem( - YR_RULES* rules, - uint8_t* buffer, - size_t buffer_size, - int flags, - YR_CALLBACK_FUNC callback, - void* user_data, - int timeout); - - -YR_API int yr_rules_scan_file( - YR_RULES* rules, - const char* filename, - int flags, - YR_CALLBACK_FUNC callback, - void* user_data, - int timeout); - - -YR_API int yr_rules_scan_fd( - YR_RULES* rules, - YR_FILE_DESCRIPTOR fd, - int flags, - YR_CALLBACK_FUNC callback, - void* user_data, - int timeout); - - -YR_API int yr_rules_scan_proc( - YR_RULES* rules, - int pid, - int flags, - YR_CALLBACK_FUNC callback, - void* user_data, - int timeout); - -YR_API int yr_rules_save( - YR_RULES* rules, - const char* filename); - - -YR_API int yr_rules_save_stream( - YR_RULES* rules, - YR_STREAM* stream); - - -YR_API int yr_rules_load( - const char* filename, - YR_RULES** rules); - - -YR_API int yr_rules_load_stream( - YR_STREAM* stream, - YR_RULES** rules); - - -YR_API int yr_rules_destroy( - YR_RULES* rules); - - -YR_API int yr_rules_define_integer_variable( - YR_RULES* rules, - const char* identifier, - int64_t value); - - -YR_API int yr_rules_define_boolean_variable( - YR_RULES* rules, - const char* identifier, - int value); - - -YR_API int yr_rules_define_float_variable( - YR_RULES* rules, - const char* identifier, - double value); - - -YR_API int yr_rules_define_string_variable( - YR_RULES* rules, - const char* identifier, - const char* value); - - -YR_API void yr_rules_print_profiling_info( - YR_RULES* rules); - -#endif diff --git a/src/dbg/yara/yara/scan.h b/src/dbg/yara/yara/scan.h deleted file mode 100644 index fcde91ba..00000000 --- a/src/dbg/yara/yara/scan.h +++ /dev/null @@ -1,49 +0,0 @@ -/* -Copyright (c) 2014. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_SCAN_H -#define YR_SCAN_H - -#include "types.h" - -// Bitmasks for flags. -#define SCAN_FLAGS_FAST_MODE 1 -#define SCAN_FLAGS_PROCESS_MEMORY 2 -#define SCAN_FLAGS_NO_TRYCATCH 4 - - -int yr_scan_verify_match( - YR_SCAN_CONTEXT* context, - YR_AC_MATCH* ac_match, - uint8_t* data, - size_t data_size, - size_t data_base, - size_t offset); - -#endif diff --git a/src/dbg/yara/yara/sizedstr.h b/src/dbg/yara/yara/sizedstr.h deleted file mode 100644 index a725dd1d..00000000 --- a/src/dbg/yara/yara/sizedstr.h +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef _SIZEDSTR_H -#define _SIZEDSTR_H - -#include - -#include "integers.h" - -// -// This struct is used to support strings containing null chars. The length of -// the string is stored along the string data. However the string data is also -// terminated with a null char. -// - -#define SIZED_STRING_FLAGS_NO_CASE 1 -#define SIZED_STRING_FLAGS_DOT_ALL 2 - -#pragma pack(push) -#pragma pack(8) - - -typedef struct _SIZED_STRING -{ - uint32_t length; - uint32_t flags; - - char c_string[1]; - -} SIZED_STRING; - -#pragma pack(pop) - - -int sized_string_cmp( - SIZED_STRING* s1, - SIZED_STRING* s2); - - -SIZED_STRING* sized_string_dup( - SIZED_STRING* s); - -#endif diff --git a/src/dbg/yara/yara/stream.h b/src/dbg/yara/yara/stream.h deleted file mode 100644 index 60eb397b..00000000 --- a/src/dbg/yara/yara/stream.h +++ /dev/null @@ -1,72 +0,0 @@ -/* -Copyright (c) 2015. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_STREAM_H -#define YR_STREAM_H - -#include - -typedef size_t (*YR_STREAM_READ_FUNC)( - void* ptr, - size_t size, - size_t count, - void* user_data); - - -typedef size_t (*YR_STREAM_WRITE_FUNC)( - const void* ptr, - size_t size, - size_t count, - void* user_data); - - -typedef struct _YR_STREAM -{ - void* user_data; - - YR_STREAM_READ_FUNC read; - YR_STREAM_WRITE_FUNC write; - -} YR_STREAM; - - -size_t yr_stream_read( - void* ptr, - size_t size, - size_t count, - YR_STREAM* stream); - - -size_t yr_stream_write( - const void* ptr, - size_t size, - size_t count, - YR_STREAM* stream); - -#endif diff --git a/src/dbg/yara/yara/strutils.h b/src/dbg/yara/yara/strutils.h deleted file mode 100644 index b84a6752..00000000 --- a/src/dbg/yara/yara/strutils.h +++ /dev/null @@ -1,91 +0,0 @@ -/* -Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_STRUTILS_H -#define YR_STRUTILS_H - -#include -#include - -#include "integers.h" - -// Cygwin already has these functions. -#if defined(_WIN32) && !defined(__CYGWIN__) -#if defined(_MSC_VER) && _MSC_VER < 1900 -#define snprintf _snprintf -#endif -#define strcasecmp _stricmp -#define strncasecmp _strnicmp -#endif - - -uint64_t xtoi( - const char* hexstr); - - -#if !HAVE_STRLCPY && !defined(strlcpy) -size_t strlcpy( - char* dst, - const char* src, - size_t size); -#endif - - -#if !HAVE_STRLCAT && !defined(strlcat) -size_t strlcat( - char* dst, - const char* src, - size_t size); -#endif - - -#if !HAVE_MEMMEM && !defined(memmem) -void* memmem( - const void* haystack, - size_t haystack_size, - const void* needle, - size_t needle_size); -#endif - - -int strnlen_w( - const char* w_str); - - -int strcmp_w( - const char* w_str, - const char* str); - - -size_t strlcpy_w( - char* dst, - const char* w_src, - size_t n); - -#endif diff --git a/src/dbg/yara/yara/threading.h b/src/dbg/yara/yara/threading.h deleted file mode 100644 index 2a5d9f5f..00000000 --- a/src/dbg/yara/yara/threading.h +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright (c) 2016. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_MUTEX_H -#define YR_MUTEX_H - - - -#if defined(_WIN32) || defined(__CYGWIN__) - -#include - -typedef DWORD YR_THREAD_ID; -typedef DWORD YR_THREAD_STORAGE_KEY; -typedef HANDLE YR_MUTEX; - -#else - -#include - -typedef pthread_t YR_THREAD_ID; -typedef pthread_key_t YR_THREAD_STORAGE_KEY; -typedef pthread_mutex_t YR_MUTEX; - -#endif - -YR_THREAD_ID yr_current_thread_id(void); - -int yr_mutex_create(YR_MUTEX*); -int yr_mutex_destroy(YR_MUTEX*); -int yr_mutex_lock(YR_MUTEX*); -int yr_mutex_unlock(YR_MUTEX*); - -int yr_thread_storage_create(YR_THREAD_STORAGE_KEY*); -int yr_thread_storage_destroy(YR_THREAD_STORAGE_KEY*); -int yr_thread_storage_set_value(YR_THREAD_STORAGE_KEY*, void*); -void* yr_thread_storage_get_value(YR_THREAD_STORAGE_KEY*); - -#endif diff --git a/src/dbg/yara/yara/types.h b/src/dbg/yara/yara/types.h deleted file mode 100644 index fdd63cc7..00000000 --- a/src/dbg/yara/yara/types.h +++ /dev/null @@ -1,566 +0,0 @@ -/* -Copyright (c) 2013. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#ifndef YR_TYPES_H -#define YR_TYPES_H - - -#include "arena.h" -#include "re.h" -#include "limits.h" -#include "hash.h" -#include "utils.h" -#include "threading.h" - - - -#ifdef PROFILING_ENABLED -#include -#endif - - -#define DECLARE_REFERENCE(type, name) \ - union { type name; int64_t name##_; } YR_ALIGN(8) - - - -#define NAMESPACE_TFLAGS_UNSATISFIED_GLOBAL 0x01 - - -#define STRING_GFLAGS_REFERENCED 0x01 -#define STRING_GFLAGS_HEXADECIMAL 0x02 -#define STRING_GFLAGS_NO_CASE 0x04 -#define STRING_GFLAGS_ASCII 0x08 -#define STRING_GFLAGS_WIDE 0x10 -#define STRING_GFLAGS_REGEXP 0x20 -#define STRING_GFLAGS_FAST_REGEXP 0x40 -#define STRING_GFLAGS_FULL_WORD 0x80 -#define STRING_GFLAGS_ANONYMOUS 0x100 -#define STRING_GFLAGS_SINGLE_MATCH 0x200 -#define STRING_GFLAGS_LITERAL 0x400 -#define STRING_GFLAGS_FITS_IN_ATOM 0x800 -#define STRING_GFLAGS_NULL 0x1000 -#define STRING_GFLAGS_CHAIN_PART 0x2000 -#define STRING_GFLAGS_CHAIN_TAIL 0x4000 -#define STRING_GFLAGS_FIXED_OFFSET 0x8000 -#define STRING_GFLAGS_GREEDY_REGEXP 0x10000 -#define STRING_GFLAGS_DOT_ALL 0x20000 - -#define STRING_IS_HEX(x) \ - (((x)->g_flags) & STRING_GFLAGS_HEXADECIMAL) - -#define STRING_IS_NO_CASE(x) \ - (((x)->g_flags) & STRING_GFLAGS_NO_CASE) - -#define STRING_IS_DOT_ALL(x) \ - (((x)->g_flags) & STRING_GFLAGS_DOT_ALL) - -#define STRING_IS_ASCII(x) \ - (((x)->g_flags) & STRING_GFLAGS_ASCII) - -#define STRING_IS_WIDE(x) \ - (((x)->g_flags) & STRING_GFLAGS_WIDE) - -#define STRING_IS_REGEXP(x) \ - (((x)->g_flags) & STRING_GFLAGS_REGEXP) - -#define STRING_IS_GREEDY_REGEXP(x) \ - (((x)->g_flags) & STRING_GFLAGS_GREEDY_REGEXP) - -#define STRING_IS_FULL_WORD(x) \ - (((x)->g_flags) & STRING_GFLAGS_FULL_WORD) - -#define STRING_IS_ANONYMOUS(x) \ - (((x)->g_flags) & STRING_GFLAGS_ANONYMOUS) - -#define STRING_IS_REFERENCED(x) \ - (((x)->g_flags) & STRING_GFLAGS_REFERENCED) - -#define STRING_IS_SINGLE_MATCH(x) \ - (((x)->g_flags) & STRING_GFLAGS_SINGLE_MATCH) - -#define STRING_IS_FIXED_OFFSET(x) \ - (((x)->g_flags) & STRING_GFLAGS_FIXED_OFFSET) - -#define STRING_IS_LITERAL(x) \ - (((x)->g_flags) & STRING_GFLAGS_LITERAL) - -#define STRING_IS_FAST_REGEXP(x) \ - (((x)->g_flags) & STRING_GFLAGS_FAST_REGEXP) - -#define STRING_IS_CHAIN_PART(x) \ - (((x)->g_flags) & STRING_GFLAGS_CHAIN_PART) - -#define STRING_IS_CHAIN_TAIL(x) \ - (((x)->g_flags) & STRING_GFLAGS_CHAIN_TAIL) - -#define STRING_IS_NULL(x) \ - ((x) == NULL || ((x)->g_flags) & STRING_GFLAGS_NULL) - -#define STRING_FITS_IN_ATOM(x) \ - (((x)->g_flags) & STRING_GFLAGS_FITS_IN_ATOM) - -#define STRING_FOUND(x) \ - ((x)->matches[yr_get_tidx()].tail != NULL) - -#define STRING_MATCHES(x) \ - ((x)->matches[yr_get_tidx()]) - - -#define RULE_TFLAGS_MATCH 0x01 - -#define RULE_GFLAGS_PRIVATE 0x01 -#define RULE_GFLAGS_GLOBAL 0x02 -#define RULE_GFLAGS_REQUIRE_EXECUTABLE 0x04 -#define RULE_GFLAGS_REQUIRE_FILE 0x08 -#define RULE_GFLAGS_NULL 0x1000 - -#define RULE_IS_PRIVATE(x) \ - (((x)->g_flags) & RULE_GFLAGS_PRIVATE) - -#define RULE_IS_GLOBAL(x) \ - (((x)->g_flags) & RULE_GFLAGS_GLOBAL) - -#define RULE_IS_NULL(x) \ - (((x)->g_flags) & RULE_GFLAGS_NULL) - -#define RULE_MATCHES(x) \ - ((x)->t_flags[yr_get_tidx()] & RULE_TFLAGS_MATCH) - - -#define META_TYPE_NULL 0 -#define META_TYPE_INTEGER 1 -#define META_TYPE_STRING 2 -#define META_TYPE_BOOLEAN 3 - -#define META_IS_NULL(x) \ - ((x) != NULL ? (x)->type == META_TYPE_NULL : TRUE) - - -#define EXTERNAL_VARIABLE_TYPE_NULL 0 -#define EXTERNAL_VARIABLE_TYPE_FLOAT 1 -#define EXTERNAL_VARIABLE_TYPE_INTEGER 2 -#define EXTERNAL_VARIABLE_TYPE_BOOLEAN 3 -#define EXTERNAL_VARIABLE_TYPE_STRING 4 -#define EXTERNAL_VARIABLE_TYPE_MALLOC_STRING 5 - -#define EXTERNAL_VARIABLE_IS_NULL(x) \ - ((x) != NULL ? (x)->type == EXTERNAL_VARIABLE_TYPE_NULL : TRUE) - - -#pragma pack(push) -#pragma pack(8) - - -typedef struct _YR_NAMESPACE -{ - int32_t t_flags[MAX_THREADS]; // Thread-specific flags - DECLARE_REFERENCE(char*, name); - -} YR_NAMESPACE; - - -typedef struct _YR_META -{ - int32_t type; - YR_ALIGN(8) int64_t integer; - - DECLARE_REFERENCE(const char*, identifier); - DECLARE_REFERENCE(char*, string); - -} YR_META; - - -struct _YR_MATCH; - - -typedef struct _YR_MATCHES -{ - int32_t count; - - DECLARE_REFERENCE(struct _YR_MATCH*, head); - DECLARE_REFERENCE(struct _YR_MATCH*, tail); - -} YR_MATCHES; - - -typedef struct _YR_STRING -{ - int32_t g_flags; - int32_t length; - - DECLARE_REFERENCE(char*, identifier); - DECLARE_REFERENCE(uint8_t*, string); - DECLARE_REFERENCE(struct _YR_STRING*, chained_to); - - int32_t chain_gap_min; - int32_t chain_gap_max; - - int64_t fixed_offset; - - YR_MATCHES matches[MAX_THREADS]; - YR_MATCHES unconfirmed_matches[MAX_THREADS]; - -#ifdef PROFILING_ENABLED - clock_t clock_ticks; -#endif - -} YR_STRING; - - -typedef struct _YR_RULE -{ - int32_t g_flags; // Global flags - int32_t t_flags[MAX_THREADS]; // Thread-specific flags - - DECLARE_REFERENCE(const char*, identifier); - DECLARE_REFERENCE(const char*, tags); - DECLARE_REFERENCE(YR_META*, metas); - DECLARE_REFERENCE(YR_STRING*, strings); - DECLARE_REFERENCE(YR_NAMESPACE*, ns); - -#ifdef PROFILING_ENABLED - clock_t clock_ticks; -#endif - -} YR_RULE; - - -typedef struct _YR_EXTERNAL_VARIABLE -{ - int32_t type; - - YR_ALIGN(8) union - { - int64_t i; - double f; - char* s; - } value; - - DECLARE_REFERENCE(char*, identifier); - -} YR_EXTERNAL_VARIABLE; - - -typedef struct _YR_AC_MATCH -{ - uint16_t backtrack; - - DECLARE_REFERENCE(YR_STRING*, string); - DECLARE_REFERENCE(uint8_t*, forward_code); - DECLARE_REFERENCE(uint8_t*, backward_code); - DECLARE_REFERENCE(struct _YR_AC_MATCH*, next); - -} YR_AC_MATCH; - - -typedef struct _YR_AC_MATCH_TABLE_ENTRY -{ - DECLARE_REFERENCE(YR_AC_MATCH*, match); - -} YR_AC_MATCH_TABLE_ENTRY; - - -typedef uint64_t YR_AC_TRANSITION; -typedef YR_AC_TRANSITION* YR_AC_TRANSITION_TABLE; -typedef YR_AC_MATCH_TABLE_ENTRY* YR_AC_MATCH_TABLE; - - -typedef struct _YARA_RULES_FILE_HEADER -{ - DECLARE_REFERENCE(YR_RULE*, rules_list_head); - DECLARE_REFERENCE(YR_EXTERNAL_VARIABLE*, externals_list_head); - DECLARE_REFERENCE(uint8_t*, code_start); - DECLARE_REFERENCE(YR_AC_MATCH_TABLE, match_table); - DECLARE_REFERENCE(YR_AC_TRANSITION_TABLE, transition_table); - -} YARA_RULES_FILE_HEADER; - -#pragma pack(pop) - - -// -// Structs defined below are never stored in the compiled rules file -// - -typedef struct _YR_MATCH -{ - int64_t base; // Base address for the match - int64_t offset; // Offset relative to base for the match - int32_t match_length; // Match length - int32_t data_length; - - // Pointer to a buffer containing a portion of the matched data. The size of - // the buffer is data_length. data_length is always <= length and is limited - // to MAX_MATCH_DATA bytes. - - uint8_t* data; - - // If the match belongs to a chained string chain_length contains the - // length of the chain. This field is used only in unconfirmed matches. - - int32_t chain_length; - - struct _YR_MATCH* prev; - struct _YR_MATCH* next; - -} YR_MATCH; - - -struct _YR_AC_STATE; - - -typedef struct _YR_AC_STATE -{ - uint8_t depth; - uint8_t input; - - uint32_t t_table_slot; - - struct _YR_AC_STATE* failure; - struct _YR_AC_STATE* first_child; - struct _YR_AC_STATE* siblings; - - YR_AC_MATCH* matches; - -} YR_AC_STATE; - - -typedef struct _YR_AC_AUTOMATON -{ - // Both m_table and t_table have the same number of elements, which is - // stored in tables_size. - - uint32_t tables_size; - uint32_t t_table_unused_candidate; - - YR_AC_TRANSITION_TABLE t_table; - YR_AC_MATCH_TABLE m_table; - - YR_AC_STATE* root; - -} YR_AC_AUTOMATON; - - -typedef struct _YR_RULES -{ - - unsigned char tidx_mask[YR_BITARRAY_NCHARS(MAX_THREADS)]; - uint8_t* code_start; - - YR_MUTEX mutex; - YR_ARENA* arena; - YR_RULE* rules_list_head; - YR_EXTERNAL_VARIABLE* externals_list_head; - YR_AC_TRANSITION_TABLE transition_table; - YR_AC_MATCH_TABLE match_table; - -} YR_RULES; - - -struct _YR_MEMORY_BLOCK; -struct _YR_MEMORY_BLOCK_ITERATOR; - - -typedef uint8_t* (*YR_MEMORY_BLOCK_FETCH_DATA_FUNC)( - struct _YR_MEMORY_BLOCK* self); - - -typedef struct _YR_MEMORY_BLOCK* (*YR_MEMORY_BLOCK_ITERATOR_FUNC)( - struct _YR_MEMORY_BLOCK_ITERATOR* self); - - -typedef struct _YR_MEMORY_BLOCK -{ - size_t size; - size_t base; - - void* context; - - YR_MEMORY_BLOCK_FETCH_DATA_FUNC fetch_data; - -} YR_MEMORY_BLOCK; - - -typedef struct _YR_MEMORY_BLOCK_ITERATOR -{ - void* context; - - YR_MEMORY_BLOCK_ITERATOR_FUNC first; - YR_MEMORY_BLOCK_ITERATOR_FUNC next; - -} YR_MEMORY_BLOCK_ITERATOR; - - -typedef int (*YR_CALLBACK_FUNC)( - int message, - void* message_data, - void* user_data); - - -typedef struct _YR_SCAN_CONTEXT -{ - uint64_t file_size; - uint64_t entry_point; - - int flags; - int tidx; - - void* user_data; - - YR_MEMORY_BLOCK_ITERATOR* iterator; - YR_HASH_TABLE* objects_table; - YR_CALLBACK_FUNC callback; - - YR_ARENA* matches_arena; - YR_ARENA* matching_strings_arena; - -} YR_SCAN_CONTEXT; - - -struct _YR_OBJECT; - - -typedef union _YR_VALUE -{ - int64_t i; - double d; - void* p; - struct _YR_OBJECT* o; - YR_STRING* s; - SIZED_STRING* ss; - RE* re; - -} YR_VALUE; - - -#define OBJECT_COMMON_FIELDS \ - int8_t type; \ - const char* identifier; \ - struct _YR_OBJECT* parent; \ - void* data; - - -typedef struct _YR_OBJECT -{ - OBJECT_COMMON_FIELDS - YR_VALUE value; - -} YR_OBJECT; - - -typedef struct _YR_OBJECT_STRUCTURE -{ - OBJECT_COMMON_FIELDS - struct _YR_STRUCTURE_MEMBER* members; - -} YR_OBJECT_STRUCTURE; - - -typedef struct _YR_OBJECT_ARRAY -{ - OBJECT_COMMON_FIELDS - YR_OBJECT* prototype_item; - struct _YR_ARRAY_ITEMS* items; - -} YR_OBJECT_ARRAY; - - -typedef struct _YR_OBJECT_DICTIONARY -{ - OBJECT_COMMON_FIELDS - YR_OBJECT* prototype_item; - struct _YR_DICTIONARY_ITEMS* items; - -} YR_OBJECT_DICTIONARY; - - -struct _YR_OBJECT_FUNCTION; - - -typedef int (*YR_MODULE_FUNC)( - YR_VALUE* args, - YR_SCAN_CONTEXT* context, - struct _YR_OBJECT_FUNCTION* function_obj); - - -typedef struct _YR_OBJECT_FUNCTION -{ - OBJECT_COMMON_FIELDS - YR_OBJECT* return_obj; - - struct - { - const char* arguments_fmt; - YR_MODULE_FUNC code; - - } prototypes[MAX_OVERLOADED_FUNCTIONS]; - -} YR_OBJECT_FUNCTION; - - -#define object_as_structure(obj) ((YR_OBJECT_STRUCTURE*) (obj)) -#define object_as_array(obj) ((YR_OBJECT_ARRAY*) (obj)) -#define object_as_dictionary(obj) ((YR_OBJECT_DICTIONARY*) (obj)) -#define object_as_function(obj) ((YR_OBJECT_FUNCTION*) (obj)) - - -typedef struct _YR_STRUCTURE_MEMBER -{ - YR_OBJECT* object; - struct _YR_STRUCTURE_MEMBER* next; - -} YR_STRUCTURE_MEMBER; - - -typedef struct _YR_ARRAY_ITEMS -{ - int count; - YR_OBJECT* objects[1]; - -} YR_ARRAY_ITEMS; - - -typedef struct _YR_DICTIONARY_ITEMS -{ - int used; - int free; - - struct - { - - char* key; - YR_OBJECT* obj; - - } objects[1]; - -} YR_DICTIONARY_ITEMS; - - -#endif diff --git a/src/dbg/yara/yara/utils.h b/src/dbg/yara/yara/utils.h deleted file mode 100644 index fd3d34a8..00000000 --- a/src/dbg/yara/yara/utils.h +++ /dev/null @@ -1,109 +0,0 @@ -/* -Copyright (c) 2014. The YARA Authors. All Rights Reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this -list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - - -#ifndef YR_UTILS_H -#define YR_UTILS_H - -#include - -#ifndef TRUE -#define TRUE 1 -#endif - -#ifndef FALSE -#define FALSE 0 -#endif - -#ifndef NULL -#define NULL 0 -#endif - -#ifdef __cplusplus -#define EXTERNC extern "C" -#else -#define EXTERNC -#endif - -#if defined(__GNUC__) -#define YR_API EXTERNC __attribute__((visibility("default"))) -#elif defined(_MSC_VER) -#define YR_API EXTERNC __declspec(dllexport) -#else -#define YR_API EXTERNC -#endif - -#if defined(__GNUC__) -#define YR_ALIGN(n) __attribute__((aligned(n))) -#elif defined(_MSC_VER) -#define YR_ALIGN(n) __declspec(align(n)) -#else -#define YR_ALIGN(n) -#endif - -#define yr_min(x, y) ((x < y) ? (x) : (y)) -#define yr_max(x, y) ((x > y) ? (x) : (y)) - -#define yr_swap(x, y, T) do { T temp = x; x = y; y = temp; } while (0) - -#ifdef NDEBUG - -#define assertf(expr, msg, ...) ((void)0) - -#else - -#include - -#define assertf(expr, msg, ...) \ - if(!(expr)) { \ - fprintf(stderr, "%s:%d: " msg "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ - abort(); \ - } - -#endif - -// Set, unset, and test bits in an array of unsigned characters by integer -// index. The underlying array must be of type char or unsigned char to -// ensure compatibility with the CHAR_BIT constant used in these definitions. - -#define YR_BITARRAY_SET(uchar_array_base, bitnum) \ - (((uchar_array_base)[(bitnum)/CHAR_BIT]) = \ - ((uchar_array_base)[(bitnum)/CHAR_BIT] | (1 << ((bitnum) % CHAR_BIT)))) - -#define YR_BITARRAY_UNSET(uchar_array_base, bitnum) \ - (((uchar_array_base)[(bitnum)/CHAR_BIT]) = \ - ((uchar_array_base)[(bitnum)/CHAR_BIT] & (~(1 << ((bitnum) % CHAR_BIT))))) - -#define YR_BITARRAY_TEST(uchar_array_base, bitnum) \ - (((uchar_array_base)[(bitnum)/CHAR_BIT] & (1 << ((bitnum) % CHAR_BIT))) != 0) - -#define YR_BITARRAY_NCHARS(bitnum) \ - (((bitnum)+(CHAR_BIT-1))/CHAR_BIT) - -#endif diff --git a/src/dbg/yara/yara_x64.lib b/src/dbg/yara/yara_x64.lib deleted file mode 100644 index 60f5409d..00000000 Binary files a/src/dbg/yara/yara_x64.lib and /dev/null differ diff --git a/src/dbg/yara/yara_x86.lib b/src/dbg/yara/yara_x86.lib deleted file mode 100644 index 833e8056..00000000 Binary files a/src/dbg/yara/yara_x86.lib and /dev/null differ diff --git a/src/gui/Src/Gui/CPUDisassembly.cpp b/src/gui/Src/Gui/CPUDisassembly.cpp index 8fe14237..fba2d55e 100644 --- a/src/gui/Src/Gui/CPUDisassembly.cpp +++ b/src/gui/Src/Gui/CPUDisassembly.cpp @@ -16,7 +16,6 @@ #include "WordEditDialog.h" #include "GotoDialog.h" #include "HexEditDialog.h" -#include "YaraRuleSelectionDialog.h" #include "AssembleDialog.h" #include "StringUtil.h" #include "Breakpoints.h" @@ -512,7 +511,6 @@ void CPUDisassembly::setupRightClickContextMenu() mMenuBuilder->addAction(makeShortcutAction(DIcon("compile.png"), tr("Assemble"), SLOT(assembleSlot()), "ActionAssemble")); removeAction(mMenuBuilder->addAction(makeShortcutAction(DIcon("patch.png"), tr("Patches"), SLOT(showPatchesSlot()), "ViewPatches"))); //prevent conflicting shortcut with the MainWindow - mMenuBuilder->addAction(makeShortcutAction(DIcon("yara.png"), tr("&Yara..."), SLOT(yaraSlot()), "ActionYara")); mMenuBuilder->addSeparator(); mMenuBuilder->addAction(makeShortcutAction(DIcon("neworigin.png"), tr("Set New Origin Here"), SLOT(setNewOriginHereActionSlot()), "ActionSetNewOriginHere")); @@ -1445,17 +1443,6 @@ void CPUDisassembly::showPatchesSlot() emit showPatches(); } -void CPUDisassembly::yaraSlot() -{ - YaraRuleSelectionDialog yaraDialog(this); - if(yaraDialog.exec() == QDialog::Accepted) - { - QString addrText = ToPtrString(rvaToVa(getInitialSelection())); - DbgCmdExec(QString("yara \"%0\",%1").arg(yaraDialog.getSelectedFile()).arg(addrText).toUtf8().constData()); - emit displayReferencesWidget(); - } -} - void CPUDisassembly::copySelectionSlot(bool copyBytes) { QString selectionString = ""; diff --git a/src/gui/Src/Gui/CPUDisassembly.h b/src/gui/Src/Gui/CPUDisassembly.h index d1590411..17d7981c 100644 --- a/src/gui/Src/Gui/CPUDisassembly.h +++ b/src/gui/Src/Gui/CPUDisassembly.h @@ -78,7 +78,6 @@ public slots: void binaryPasteIgnoreSizeSlot(); void undoSelectionSlot(); void showPatchesSlot(); - void yaraSlot(); void copySelectionSlot(); void copySelectionToFileSlot(); void copySelectionNoBytesSlot(); diff --git a/src/gui/Src/Gui/CPUDump.cpp b/src/gui/Src/Gui/CPUDump.cpp index 6560d013..547e1684 100644 --- a/src/gui/Src/Gui/CPUDump.cpp +++ b/src/gui/Src/Gui/CPUDump.cpp @@ -7,7 +7,6 @@ #include "Bridge.h" #include "LineEditDialog.h" #include "HexEditDialog.h" -#include "YaraRuleSelectionDialog.h" #include "CPUMultiDump.h" #include "GotoDialog.h" #include "CPUDisassembly.h" @@ -186,7 +185,6 @@ void CPUDump::setupContextMenu() mMenuBuilder->addAction(makeShortcutAction(DIcon("search-for.png"), tr("&Find Pattern..."), SLOT(findPattern()), "ActionFindPattern")); mMenuBuilder->addAction(makeShortcutAction(DIcon("find.png"), tr("Find &References"), SLOT(findReferencesSlot()), "ActionFindReferences")); - mMenuBuilder->addAction(makeShortcutAction(DIcon("yara.png"), tr("&Yara..."), SLOT(yaraSlot()), "ActionYara")); mMenuBuilder->addAction(makeShortcutAction(DIcon("sync.png"), tr("&Sync with expression"), SLOT(syncWithExpressionSlot()), "ActionSyncWithExpression")); mMenuBuilder->addAction(makeShortcutAction(DIcon("animal-dog.png"), ArchValue(tr("Watch DWORD"), tr("Watch QWORD")), SLOT(watchSlot()), "ActionWatchDwordQword")); @@ -1683,17 +1681,6 @@ void CPUDump::selectionUpdatedSlot() GuiAddStatusBarMessage(QString(info + ": " + selStart + " -> " + selEnd + QString().sprintf(" (0x%.8X bytes)\n", getSelectionEnd() - getSelectionStart() + 1)).toUtf8().constData()); } -void CPUDump::yaraSlot() -{ - YaraRuleSelectionDialog yaraDialog(this); - if(yaraDialog.exec() == QDialog::Accepted) - { - QString addrText = ToPtrString(rvaToVa(getSelectionStart())); - DbgCmdExec(QString("yara \"%0\",%1").arg(yaraDialog.getSelectedFile()).arg(addrText).toUtf8().constData()); - emit displayReferencesWidget(); - } -} - void CPUDump::syncWithExpressionSlot() { if(!DbgIsDebugging()) diff --git a/src/gui/Src/Gui/CPUDump.h b/src/gui/Src/Gui/CPUDump.h index e63893d7..b90eab09 100644 --- a/src/gui/Src/Gui/CPUDump.h +++ b/src/gui/Src/Gui/CPUDump.h @@ -105,7 +105,6 @@ public slots: void watchSlot(); void selectionUpdatedSlot(); - void yaraSlot(); void syncWithExpressionSlot(); void followInDumpNSlot(); void allocMemorySlot(); diff --git a/src/gui/Src/Gui/MemoryMapView.cpp b/src/gui/Src/Gui/MemoryMapView.cpp index ad97b3a7..3478042f 100644 --- a/src/gui/Src/Gui/MemoryMapView.cpp +++ b/src/gui/Src/Gui/MemoryMapView.cpp @@ -5,7 +5,6 @@ #include "Configuration.h" #include "Bridge.h" #include "PageMemoryRights.h" -#include "YaraRuleSelectionDialog.h" #include "HexEditDialog.h" #include "MiscUtil.h" #include "GotoDialog.h" @@ -55,12 +54,6 @@ void MemoryMapView::setupContextMenu() connect(this, SIGNAL(enterPressedSignal()), this, SLOT(doubleClickedSlot())); connect(this, SIGNAL(doubleClickedSignal()), this, SLOT(doubleClickedSlot())); - //Yara - mYara = new QAction(DIcon("yara.png"), "&Yara...", this); - mYara->setShortcutContext(Qt::WidgetShortcut); - this->addAction(mYara); - connect(mYara, SIGNAL(triggered()), this, SLOT(yaraSlot())); - //Set PageMemory Rights mPageMemoryRights = new QAction(DIcon("memmap_set_page_memory_rights.png"), tr("Set Page Memory Rights"), this); connect(mPageMemoryRights, SIGNAL(triggered()), this, SLOT(pageMemoryRights())); @@ -193,7 +186,6 @@ void MemoryMapView::refreshShortcutsSlot() mGotoExpression->setShortcut(ConfigShortcut("ActionGotoExpression")); mMemoryFree->setShortcut(ConfigShortcut("ActionFreeMemory")); mMemoryAllocate->setShortcut(ConfigShortcut("ActionAllocateMemory")); - mYara->setShortcut(ConfigShortcut("ActionYara")); mComment->setShortcut(ConfigShortcut("ActionSetComment")); } @@ -206,7 +198,6 @@ void MemoryMapView::contextMenuSlot(const QPoint & pos) wMenu.addAction(mFollowDump); wMenu.addAction(mDumpMemory); wMenu.addAction(mComment); - wMenu.addAction(mYara); wMenu.addAction(mFindPattern); wMenu.addAction(mSwitchView); wMenu.addSeparator(); @@ -475,18 +466,6 @@ void MemoryMapView::doubleClickedSlot() } } -void MemoryMapView::yaraSlot() -{ - YaraRuleSelectionDialog yaraDialog(this); - if(yaraDialog.exec() == QDialog::Accepted) - { - QString addr_text = getCellContent(getInitialSelection(), 0); - QString size_text = getCellContent(getInitialSelection(), 1); - DbgCmdExec(QString("yara \"%0\",%1,%2").arg(yaraDialog.getSelectedFile()).arg(addr_text).arg(size_text).toUtf8().constData()); - emit showReferences(); - } -} - void MemoryMapView::memoryExecuteSingleshootToggleSlot() { for(int i : getSelection()) diff --git a/src/gui/Src/Gui/MemoryMapView.h b/src/gui/Src/Gui/MemoryMapView.h index 1586731b..e4dff2e0 100644 --- a/src/gui/Src/Gui/MemoryMapView.h +++ b/src/gui/Src/Gui/MemoryMapView.h @@ -22,7 +22,6 @@ public slots: void followDumpSlot(); void followDisassemblerSlot(); void doubleClickedSlot(); - void yaraSlot(); void memoryExecuteSingleshootToggleSlot(); void memoryAllocateSlot(); void ExecCommand(); @@ -48,7 +47,6 @@ private: QAction* mFollowDump; QAction* mFollowDisassembly; - QAction* mYara; QAction* mSwitchView; QAction* mPageMemoryRights; QAction* mDumpMemory; diff --git a/src/gui/Src/Gui/SymbolView.cpp b/src/gui/Src/Gui/SymbolView.cpp index 52a6cf25..007675dd 100644 --- a/src/gui/Src/Gui/SymbolView.cpp +++ b/src/gui/Src/Gui/SymbolView.cpp @@ -3,7 +3,6 @@ #include #include "Configuration.h" #include "Bridge.h" -#include "YaraRuleSelectionDialog.h" #include "BrowseDialog.h" #include "StdSearchListView.h" #include "ZehSymbolTable.h" @@ -286,12 +285,6 @@ void SymbolView::setupContextMenu() mModuleList->addAction(mFreeLib); connect(mFreeLib, SIGNAL(triggered()), this, SLOT(moduleFree())); - mYaraAction = new QAction(DIcon("yara.png"), tr("&Yara Memory..."), this); - connect(mYaraAction, SIGNAL(triggered()), this, SLOT(moduleYara())); - - mYaraFileAction = new QAction(DIcon("yara.png"), tr("&Yara File..."), this); - connect(mYaraFileAction, SIGNAL(triggered()), this, SLOT(moduleYaraFile())); - mModSetUserAction = new QAction(DIcon("markasuser.png"), tr("Mark as &user module"), this); mModSetUserAction->setShortcutContext(Qt::WidgetWithChildrenShortcut); this->addAction(mModSetUserAction); @@ -523,8 +516,6 @@ void SymbolView::moduleContextMenu(QMenu* wMenu) } wMenu->addAction(mLoadLib); wMenu->addAction(mFreeLib); - wMenu->addAction(mYaraAction); - wMenu->addAction(mYaraFileAction); wMenu->addSeparator(); int party = DbgFunctions()->ModGetParty(modbase); if(party != 0) @@ -571,28 +562,6 @@ void SymbolView::moduleBrowse() } } -void SymbolView::moduleYara() -{ - QString modname = mModuleList->mCurList->getCellContent(mModuleList->mCurList->getInitialSelection(), 1); - YaraRuleSelectionDialog yaraDialog(this, QString("Yara (%1)").arg(modname)); - if(yaraDialog.exec() == QDialog::Accepted) - { - DbgCmdExec(QString("yaramod \"%0\",\"%1\"").arg(yaraDialog.getSelectedFile()).arg(modname).toUtf8().constData()); - emit showReferences(); - } -} - -void SymbolView::moduleYaraFile() -{ - QString modname = mModuleList->mCurList->getCellContent(mModuleList->mCurList->getInitialSelection(), 1); - YaraRuleSelectionDialog yaraDialog(this, QString("Yara (%1)").arg(modname)); - if(yaraDialog.exec() == QDialog::Accepted) - { - DbgCmdExec(QString("yaramod \"%0\",\"%1\",1").arg(yaraDialog.getSelectedFile()).arg(modname).toUtf8().constData()); - emit showReferences(); - } -} - void SymbolView::moduleDownloadSymbols() { DbgCmdExec(QString("symdownload \"%0\"").arg(mModuleList->mCurList->getCellContent(mModuleList->mCurList->getInitialSelection(), 1)).toUtf8().constData()); diff --git a/src/gui/Src/Gui/SymbolView.h b/src/gui/Src/Gui/SymbolView.h index 689f4e23..27ce5599 100644 --- a/src/gui/Src/Gui/SymbolView.h +++ b/src/gui/Src/Gui/SymbolView.h @@ -48,8 +48,6 @@ private slots: void moduleDownloadAllSymbols(); void moduleCopyPath(); void moduleBrowse(); - void moduleYara(); - void moduleYaraFile(); void moduleSetUser(); void moduleSetSystem(); void moduleSetParty(); @@ -84,8 +82,6 @@ private: QAction* mDownloadSymbolsAction; QAction* mDownloadAllSymbolsAction; QAction* mCopyPathAction; - QAction* mYaraAction; - QAction* mYaraFileAction; QAction* mModSetUserAction; QAction* mModSetSystemAction; QAction* mModSetPartyAction; diff --git a/src/gui/Src/Gui/YaraRuleSelectionDialog.cpp b/src/gui/Src/Gui/YaraRuleSelectionDialog.cpp deleted file mode 100644 index f929a30c..00000000 --- a/src/gui/Src/Gui/YaraRuleSelectionDialog.cpp +++ /dev/null @@ -1,75 +0,0 @@ -#include "YaraRuleSelectionDialog.h" -#include "ui_YaraRuleSelectionDialog.h" -#include -#include -#include -#include -#include "Imports.h" - -YaraRuleSelectionDialog::YaraRuleSelectionDialog(QWidget* parent, const QString & title) : - QDialog(parent), - ui(new Ui::YaraRuleSelectionDialog) -{ - ui->setupUi(this); - setWindowFlags(windowFlags() & ~Qt::WindowContextHelpButtonHint | Qt::MSWindowsFixedSizeDialogHint); - setWindowTitle(title); - - char setting[MAX_SETTING_SIZE] = ""; - if(BridgeSettingGet("Misc", "YaraRulesDirectory", setting)) - { - rulesDirectory = QString(setting); - enumRulesDirectory(); - } -} - -YaraRuleSelectionDialog::~YaraRuleSelectionDialog() -{ - delete ui; -} - -QString YaraRuleSelectionDialog::getSelectedFile() -{ - return selectedFile; -} - -void YaraRuleSelectionDialog::on_buttonDirectory_clicked() -{ - QString dir = QFileDialog::getExistingDirectory(this, tr("Select Yara Rules Directory...")); - if(!dir.length()) - return; - rulesDirectory = QDir::toNativeSeparators(dir); - BridgeSettingSet("Misc", "YaraRulesDirectory", dir.toUtf8().constData()); - enumRulesDirectory(); -} - -void YaraRuleSelectionDialog::on_buttonFile_clicked() -{ - QString file = QFileDialog::getOpenFileName(this, tr("Select Yara Rule..."), rulesDirectory); - if(!file.length()) - return; - selectedFile = QDir::toNativeSeparators(file); - this->accept(); -} - -void YaraRuleSelectionDialog::on_buttonSelect_clicked() -{ - if(!ui->listRules->selectedItems().size()) //no selection - return; - int selectedIndex = ui->listRules->row(ui->listRules->selectedItems().at(0)); - selectedFile = ruleFiles.at(selectedIndex).first; - this->accept(); -} - -void YaraRuleSelectionDialog::enumRulesDirectory() -{ - ruleFiles.clear(); - ui->listRules->clear(); - QDirIterator it(rulesDirectory, QDir::Files, QDirIterator::Subdirectories); - while(it.hasNext()) - { - it.next(); - ruleFiles.append(QPair(QDir::toNativeSeparators(it.filePath()), it.fileName())); - ui->listRules->addItem(it.fileName()); - } - ui->listRules->setCurrentRow(0); -} diff --git a/src/gui/Src/Gui/YaraRuleSelectionDialog.h b/src/gui/Src/Gui/YaraRuleSelectionDialog.h deleted file mode 100644 index 9d4df468..00000000 --- a/src/gui/Src/Gui/YaraRuleSelectionDialog.h +++ /dev/null @@ -1,34 +0,0 @@ -#ifndef YARARULESELECTIONDIALOG_H -#define YARARULESELECTIONDIALOG_H - -#include - -namespace Ui -{ - class YaraRuleSelectionDialog; -} - -class YaraRuleSelectionDialog : public QDialog -{ - Q_OBJECT - -public: - explicit YaraRuleSelectionDialog(QWidget* parent = 0, const QString & title = "Yara"); - ~YaraRuleSelectionDialog(); - QString getSelectedFile(); - -private slots: - void on_buttonDirectory_clicked(); - void on_buttonFile_clicked(); - void on_buttonSelect_clicked(); - -private: - Ui::YaraRuleSelectionDialog* ui; - QList> ruleFiles; - QString rulesDirectory; - QString selectedFile; - - void enumRulesDirectory(); -}; - -#endif // YARARULESELECTIONDIALOG_H diff --git a/src/gui/Src/Gui/YaraRuleSelectionDialog.ui b/src/gui/Src/Gui/YaraRuleSelectionDialog.ui deleted file mode 100644 index a6b6ec28..00000000 --- a/src/gui/Src/Gui/YaraRuleSelectionDialog.ui +++ /dev/null @@ -1,95 +0,0 @@ - - - YaraRuleSelectionDialog - - - - 0 - 0 - 341 - 361 - - - - Yara - - - - :/icons/images/yara.png:/icons/images/Yara.png - - - - - 10 - 10 - 322 - 341 - - - - - - - - - - - - - 0 - 0 - - - - Directory... - - - - - - - &File... - - - - - - - &Select - - - - - - - &Cancel - - - - - - - - - - - - - - buttonCancel - clicked() - YaraRuleSelectionDialog - reject() - - - 341 - 280 - - - 361 - 246 - - - - - diff --git a/src/gui/Src/Utils/Configuration.cpp b/src/gui/Src/Utils/Configuration.cpp index 7e99f06c..af144c12 100644 --- a/src/gui/Src/Utils/Configuration.cpp +++ b/src/gui/Src/Utils/Configuration.cpp @@ -481,7 +481,6 @@ Configuration::Configuration() : QObject(), noMoreMsgbox(false) defaultShortcuts.insert("ActionToggleFunction", Shortcut({tr("Actions"), tr("Toggle Function")}, "Shift+F")); defaultShortcuts.insert("ActionToggleArgument", Shortcut({tr("Actions"), tr("Toggle Argument")}, "Shift+A")); defaultShortcuts.insert("ActionAssemble", Shortcut({tr("Actions"), tr("Assemble")}, "Space")); - defaultShortcuts.insert("ActionYara", Shortcut({tr("Actions"), tr("Yara")}, "Ctrl+Y")); defaultShortcuts.insert("ActionSetNewOriginHere", Shortcut({tr("Actions"), tr("Set New Origin Here")}, "Ctrl+*")); defaultShortcuts.insert("ActionGotoOrigin", Shortcut({tr("Actions"), tr("Goto Origin")}, "*")); defaultShortcuts.insert("ActionGotoPrevious", Shortcut({tr("Actions"), tr("Goto Previous")}, "-")); diff --git a/src/gui/x64dbg.pro b/src/gui/x64dbg.pro index ea943a80..ebdf39d8 100644 --- a/src/gui/x64dbg.pro +++ b/src/gui/x64dbg.pro @@ -132,7 +132,6 @@ SOURCES += \ Src/Gui/SelectFields.cpp \ Src/Gui/ReferenceManager.cpp \ Src/Bridge/BridgeResult.cpp \ - Src/Gui/YaraRuleSelectionDialog.cpp \ Src/Gui/SourceViewerManager.cpp \ Src/Gui/SourceView.cpp \ Src/Utils/ValidateExpressionThread.cpp \ @@ -247,7 +246,6 @@ HEADERS += \ Src/Gui/SelectFields.h \ Src/Gui/ReferenceManager.h \ Src/Bridge/BridgeResult.h \ - Src/Gui/YaraRuleSelectionDialog.h \ Src/Gui/SourceViewerManager.h \ Src/Gui/SourceView.h \ Src/Utils/StringUtil.h \ @@ -327,7 +325,6 @@ FORMS += \ Src/Gui/AttachDialog.ui \ Src/Gui/PageMemoryRights.ui \ Src/Gui/SelectFields.ui \ - Src/Gui/YaraRuleSelectionDialog.ui \ Src/Gui/AssembleDialog.ui \ Src/Gui/EditBreakpointDialog.ui \ Src/Gui/CPUArgumentWidget.ui \