int _stat_mre(const char* file_path, void *stat_object){
/* If file found, return 0:
if (MZ_FILE_STAT(pZip_filename, &file_stat) != 0)
{
// Create a new archive.
}
*/
VMBOOL file_exists;
int stat_result = -1; //Default -1.
/* Does this file exist?
VMBOOL does_this_file_exist(VMSTR filename);
*/
file_exists = does_this_file_exist((VMSTR)file_path);
if (file_exists == TRUE){
stat_result = 0;
}else{
stat_result = -1;
}
return stat_result;
}
int main(int argc, char* argv[])
{
if (argc != 3) {
std::cout << std::endl << "usage: ./yextend RULES_FILE [FILE|DIR]" << std::endl << std::endl;
exit(0);
}
// get yara runtime version
double yara_version = get_yara_version();
// version checks
if (YEXTEND_VERSION >= 1.2 && yara_version < 3.4) {
std::cout << std::endl << "Version issue: yextend version " << YEXTEND_VERSION << "+ will not run with yara versions below 3.4" << std::endl << std::endl;
std::cout << "Your env has yextend version ";
printf("%.1f\n", YEXTEND_VERSION);
std::cout << "Your env has yara version ";
printf("%.1f", yara_version);
std::cout << std::endl << std::endl;
exit(0);
}
const char *yara_ruleset_file_name = argv[1];
const char *target_resource = argv[2];
char fs[300];
/*
* pre-process yara rules and then we can use the
* pointer to "rules" as an optimized entity.
* this is a requirement so that performance
* is optimal
*/
YR_RULES* rules = NULL;
rules = bayshore_yara_preprocess_rules(yara_ruleset_file_name);
if (!rules) {
if (!does_this_file_exist(yara_ruleset_file_name)) {
std::cout << std::endl << "Yara Ruleset file: \"" << yara_ruleset_file_name << "\" does not exist, exiting ..." << std::endl << std::endl;
exit(0);
}
std::cout << std::endl << "Problem compiling Yara Ruleset file: \"" << yara_ruleset_file_name << "\", continuing with regular ruleset file ..." << std::endl << std::endl;
}
if (is_directory(target_resource)) {
DIR *dpdf;
struct dirent *epdf;
dpdf = opendir(target_resource);
if (dpdf != NULL) {
while (epdf = readdir(dpdf)){
uint8_t *c;
FILE *file = NULL;
strncpy (fs, target_resource, strlen(target_resource));
fs[strlen(target_resource)] = '\0';
if (epdf->d_name[0] != '.') {
strncat (fs, epdf->d_name, strlen(epdf->d_name));
fs[strlen(fs)] = '\0';
if ((file = fopen(fs, "rb")) != NULL) {
// Get the size of the file in bytes
long fileSize = get_file_size(file);
// Allocate space in the buffer for the whole file
c = new uint8_t[fileSize];
// Read the file in to the buffer
fread(c, fileSize, 1, file);
std::cout << std::endl << alpha << std::endl;
std::cout << output_labels[0] << fs << std::endl;
std::cout << output_labels[1] << fileSize << std::endl;
char *output = str_to_md5((const char *)c, fileSize);
if (output) {
std::cout << output_labels[4] << output << std::endl;
free(output);
}
std::list<security_scan_results_t> ssr_list;
if (rules) {
scan_content (
c,
fileSize,
rules,
&ssr_list,
fs,
yara_cb,
1);
} else {
scan_content (
c,
fileSize,
yara_ruleset_file_name,
&ssr_list,
fs,
yara_cb,
1);
}
if (!ssr_list.empty()) {
std::cout << std::endl << midline << std::endl;
for (std::list<security_scan_results_t>::const_iterator v = ssr_list.begin();
v != ssr_list.end();
v++)
{
std::cout << std::endl;
std::cout << output_labels[2] << v->file_scan_result << std::endl;
std::cout << output_labels[3] << v->file_scan_type << std::endl;
if (v->parent_file_name.size()) {
if (v->child_file_name.size())
std::cout << output_labels[6] << v->parent_file_name << std::endl << output_labels[7] << v->child_file_name << std::endl;
else
std::cout << output_labels[5] << v->parent_file_name << std::endl;
}
std::cout << output_labels[4] << v->file_signature_md5 << std::endl;
std::cout << std::endl;
}
std::cout << std::endl << omega << std::endl;
} else {
std::cout << std::endl << omega << std::endl;
}
delete[] c;
fclose(file);
}
}
}
closedir(dpdf);
}
} else if(does_this_file_exist(target_resource)) {
uint8_t *c;
FILE *file = NULL;
strncpy (fs, target_resource, strlen(target_resource));
fs[strlen(target_resource)] = '\0';
if (fs[0] != '.') {
if ((file = fopen(fs, "rb")) != NULL) {
// Get the size of the file in bytes
long fileSize = get_file_size(file);
// Allocate space in the buffer for the whole file
c = new uint8_t[fileSize];
// Read the file in to the buffer
fread(c, fileSize, 1, file);
std::cout << std::endl << alpha << std::endl;
std::cout << output_labels[0] << fs << std::endl;
std::cout << output_labels[1] << fileSize << std::endl;
char *output = str_to_md5((const char *)c, fileSize);
if (output) {
// XXX fixme
std::cout << output_labels[4] << output << std::endl;
free(output);
}
std::list<security_scan_results_t> ssr_list;
if (rules) {
scan_content (
c,
fileSize,
rules,
&ssr_list,
fs,
yara_cb,
1);
} else {
scan_content (
c,
fileSize,
yara_ruleset_file_name,
&ssr_list,
fs,
yara_cb,
1);
}
if (!ssr_list.empty()) {
std::cout << std::endl << midline << std::endl;
for (std::list<security_scan_results_t>::const_iterator v = ssr_list.begin();
v != ssr_list.end();
v++)
{
std::cout << std::endl;
std::cout << output_labels[2] << v->file_scan_result << std::endl;
std::cout << output_labels[3] << v->file_scan_type << std::endl;
if (v->parent_file_name.size()) {
if (v->child_file_name.size())
std::cout << output_labels[6] << v->parent_file_name << std::endl << output_labels[7] << v->child_file_name << std::endl;
else
std::cout << output_labels[5] << v->parent_file_name << std::endl;
}
std::cout << output_labels[4] << v->file_signature_md5 << std::endl;
std::cout << std::endl;
}
std::cout << std::endl << omega << std::endl;
} else {
std::cout << std::endl << omega << std::endl;
}
delete[] c;
fclose(file);
}
}
} else {
std::cout << std::endl << "Could not read resource: \"" << target_resource << "\", exiting ..." << std::endl << std::endl;
}
if (rules != NULL)
yr_rules_destroy(rules);
return 0;
}
