int main( int argc, const char** argv) { COMPILER_RESULTS cr; YR_COMPILER* compiler = NULL; YR_RULES* rules = NULL; int result; argc = args_parse(options, argc, argv); if (show_version) { printf("%s\n", YR_VERSION); return EXIT_SUCCESS; } if (show_help) { printf("%s\n\n", USAGE_STRING); args_print_usage(options, 35); printf("\nSend bug reports and suggestions to: [email protected]\n"); return EXIT_SUCCESS; } if (argc < 2) { fprintf(stderr, "yarac: wrong number of arguments\n"); fprintf(stderr, "%s\n\n", USAGE_STRING); fprintf(stderr, "Try `--help` for more options\n"); exit_with_code(EXIT_FAILURE); } result = yr_initialize(); if (result != ERROR_SUCCESS) exit_with_code(EXIT_FAILURE); if (yr_compiler_create(&compiler) != ERROR_SUCCESS) exit_with_code(EXIT_FAILURE); if (!define_external_variables(compiler)) exit_with_code(EXIT_FAILURE); cr.errors = 0; cr.warnings = 0; yr_set_configuration(YR_CONFIG_MAX_STRINGS_PER_RULE, &max_strings_per_rule); yr_compiler_set_callback(compiler, report_error, &cr); if (!compile_files(compiler, argc, argv)) exit_with_code(EXIT_FAILURE); if (cr.errors > 0) exit_with_code(EXIT_FAILURE); if (fail_on_warnings && cr.warnings > 0) exit_with_code(EXIT_FAILURE); result = yr_compiler_get_rules(compiler, &rules); if (result != ERROR_SUCCESS) { fprintf(stderr, "error: %d\n", result); exit_with_code(EXIT_FAILURE); } result = yr_rules_save(rules, argv[argc - 1]); if (result != ERROR_SUCCESS) { fprintf(stderr, "error: %d\n", result); exit_with_code(EXIT_FAILURE); } result = EXIT_SUCCESS; _exit: if (compiler != NULL) yr_compiler_destroy(compiler); if (rules != NULL) yr_rules_destroy(rules); yr_finalize(); return result; }
int main( int argc, const char** argv) { YR_COMPILER* compiler = NULL; YR_RULES* rules = NULL; int result; argc = args_parse(options, argc, argv); if (show_version) { printf("%s\n", PACKAGE_STRING); printf("\nSend bug reports and suggestions to: %s.\n", PACKAGE_BUGREPORT); return EXIT_FAILURE; } if (show_help) { printf("%s\n\n", USAGE_STRING); args_print_usage(options, 25); printf("\nSend bug reports and suggestions to: %s.\n", PACKAGE_BUGREPORT); return EXIT_FAILURE; } if (argc < 2) { fprintf(stderr, "yarac: wrong number of arguments\n"); fprintf(stderr, "%s\n\n", USAGE_STRING); fprintf(stderr, "Try `--help` for more options\n"); exit_with_code(EXIT_FAILURE); } result = yr_initialize(); if (result != ERROR_SUCCESS) exit_with_code(EXIT_FAILURE); if (yr_compiler_create(&compiler) != ERROR_SUCCESS) exit_with_code(EXIT_FAILURE); if (!define_external_variables(compiler)) exit_with_code(EXIT_FAILURE); yr_compiler_set_callback(compiler, report_error, NULL); for (int i = 0; i < argc - 1; i++) { const char* ns; const char* file_name; char* colon = (char*) strchr(argv[i], ':'); if (colon) { file_name = colon + 1; *colon = '\0'; ns = argv[i]; } else { file_name = argv[i]; ns = NULL; } FILE* rule_file = fopen(file_name, "r"); if (rule_file != NULL) { int errors = yr_compiler_add_file( compiler, rule_file, ns, file_name); fclose(rule_file); if (errors) // errors during compilation exit_with_code(EXIT_FAILURE); } else { fprintf(stderr, "error: could not open file: %s\n", file_name); } } result = yr_compiler_get_rules(compiler, &rules); if (result != ERROR_SUCCESS) { fprintf(stderr, "error: %d\n", result); exit_with_code(EXIT_FAILURE); } result = yr_rules_save(rules, argv[argc - 1]); if (result != ERROR_SUCCESS) { fprintf(stderr, "error: %d\n", result); exit_with_code(EXIT_FAILURE); } result = EXIT_SUCCESS; _exit: if (compiler != NULL) yr_compiler_destroy(compiler); if (rules != NULL) yr_rules_destroy(rules); yr_finalize(); return result; }
bool Yara::load_rules(const std::string& rule_filename) { if (_current_rules == rule_filename) { return true; } else { // The previous rules and compiler have to be freed manually. _clean_compiler_and_rules(); } bool res = false; int retval; // Look for a compiled version of the rule file first. if (boost::filesystem::exists(rule_filename + "c")) { // File extension is .yarac instead of .yara. retval = yr_rules_load((rule_filename + "c").c_str(), &_rules); } else { retval = yr_rules_load(rule_filename.c_str(), &_rules); } // Yara rules compiled with a previous Yara version. Delete and recompile. if (retval == ERROR_UNSUPPORTED_FILE_VERSION) { boost::filesystem::remove(rule_filename + "c"); } if (retval != ERROR_SUCCESS && retval != ERROR_INVALID_FILE && retval != ERROR_UNSUPPORTED_FILE_VERSION) { PRINT_ERROR << "Could not load yara rules (" << translate_error(retval) << ")." << std::endl; return false; } if (retval == ERROR_SUCCESS) { return true; } else if (retval == ERROR_INVALID_FILE || retval == ERROR_UNSUPPORTED_FILE_VERSION) // Uncompiled rules { if (yr_compiler_create(&_compiler) != ERROR_SUCCESS) { return false; } yr_compiler_set_callback(_compiler, compiler_callback, nullptr); FILE* rule_file = fopen(rule_filename.c_str(), "r"); if (rule_file == nullptr) { return false; } retval = yr_compiler_add_file(_compiler, rule_file, nullptr, rule_filename.c_str()); if (retval != 0) { PRINT_ERROR << "Could not compile yara rules (" << retval << " error(s))." << std::endl; goto END; } retval = yr_compiler_get_rules(_compiler, &_rules); if (retval != ERROR_SUCCESS) { goto END; } // Save the compiled rules to improve load times. // /!\ The compiled rules will have to be deleted if the original (readable) rule file is updated! // TODO: Compare timestamps and recompile automatically. retval = yr_rules_save(_rules, (rule_filename + "c").c_str()); if (retval != ERROR_SUCCESS) { goto END; } res = true; _current_rules = rule_filename; END: if (rule_file != nullptr) { fclose(rule_file); } } return res; }
int main( int argc, char const* argv[]) { int i, result, errors; YR_COMPILER* compiler; YR_RULES* rules; FILE* rule_file; yr_initialize(); if (yr_compiler_create(&compiler) != ERROR_SUCCESS) { yr_finalize(); return EXIT_FAILURE; } if (!process_cmd_line(compiler, argc, argv)) { yr_compiler_destroy(compiler); yr_finalize(); return EXIT_FAILURE; } if (argc == 1 || optind == argc) { show_help(); yr_compiler_destroy(compiler); yr_finalize(); return EXIT_FAILURE; } compiler->error_report_function = report_error; for (i = optind; i < argc - 1; i++) { rule_file = fopen(argv[i], "r"); if (rule_file != NULL) { yr_compiler_push_file_name(compiler, argv[i]); errors = yr_compiler_add_file(compiler, rule_file, NULL); fclose(rule_file); if (errors) // errors during compilation { yr_compiler_destroy(compiler); yr_finalize(); return EXIT_FAILURE; } } else { fprintf(stderr, "could not open file: %s\n", argv[i]); } } result = yr_compiler_get_rules(compiler, &rules); if (result != ERROR_SUCCESS) { fprintf(stderr, "error: %d\n", result); return EXIT_FAILURE; } result = yr_rules_save(rules, argv[argc - 1]); if (result != ERROR_SUCCESS) { fprintf(stderr, "error: %d\n", result); return EXIT_FAILURE; } yr_rules_destroy(rules); yr_compiler_destroy(compiler); yr_finalize(); return EXIT_SUCCESS; }