int _stat_mre(const char* file_path, void *stat_object){ /* If file found, return 0: if (MZ_FILE_STAT(pZip_filename, &file_stat) != 0) { // Create a new archive. } */ VMBOOL file_exists; int stat_result = -1; //Default -1. /* Does this file exist? VMBOOL does_this_file_exist(VMSTR filename); */ file_exists = does_this_file_exist((VMSTR)file_path); if (file_exists == TRUE){ stat_result = 0; }else{ stat_result = -1; } return stat_result; }
int main(int argc, char* argv[]) { if (argc != 3) { std::cout << std::endl << "usage: ./yextend RULES_FILE [FILE|DIR]" << std::endl << std::endl; exit(0); } // get yara runtime version double yara_version = get_yara_version(); // version checks if (YEXTEND_VERSION >= 1.2 && yara_version < 3.4) { std::cout << std::endl << "Version issue: yextend version " << YEXTEND_VERSION << "+ will not run with yara versions below 3.4" << std::endl << std::endl; std::cout << "Your env has yextend version "; printf("%.1f\n", YEXTEND_VERSION); std::cout << "Your env has yara version "; printf("%.1f", yara_version); std::cout << std::endl << std::endl; exit(0); } const char *yara_ruleset_file_name = argv[1]; const char *target_resource = argv[2]; char fs[300]; /* * pre-process yara rules and then we can use the * pointer to "rules" as an optimized entity. * this is a requirement so that performance * is optimal */ YR_RULES* rules = NULL; rules = bayshore_yara_preprocess_rules(yara_ruleset_file_name); if (!rules) { if (!does_this_file_exist(yara_ruleset_file_name)) { std::cout << std::endl << "Yara Ruleset file: \"" << yara_ruleset_file_name << "\" does not exist, exiting ..." << std::endl << std::endl; exit(0); } std::cout << std::endl << "Problem compiling Yara Ruleset file: \"" << yara_ruleset_file_name << "\", continuing with regular ruleset file ..." << std::endl << std::endl; } if (is_directory(target_resource)) { DIR *dpdf; struct dirent *epdf; dpdf = opendir(target_resource); if (dpdf != NULL) { while (epdf = readdir(dpdf)){ uint8_t *c; FILE *file = NULL; strncpy (fs, target_resource, strlen(target_resource)); fs[strlen(target_resource)] = '\0'; if (epdf->d_name[0] != '.') { strncat (fs, epdf->d_name, strlen(epdf->d_name)); fs[strlen(fs)] = '\0'; if ((file = fopen(fs, "rb")) != NULL) { // Get the size of the file in bytes long fileSize = get_file_size(file); // Allocate space in the buffer for the whole file c = new uint8_t[fileSize]; // Read the file in to the buffer fread(c, fileSize, 1, file); std::cout << std::endl << alpha << std::endl; std::cout << output_labels[0] << fs << std::endl; std::cout << output_labels[1] << fileSize << std::endl; char *output = str_to_md5((const char *)c, fileSize); if (output) { std::cout << output_labels[4] << output << std::endl; free(output); } std::list<security_scan_results_t> ssr_list; if (rules) { scan_content ( c, fileSize, rules, &ssr_list, fs, yara_cb, 1); } else { scan_content ( c, fileSize, yara_ruleset_file_name, &ssr_list, fs, yara_cb, 1); } if (!ssr_list.empty()) { std::cout << std::endl << midline << std::endl; for (std::list<security_scan_results_t>::const_iterator v = ssr_list.begin(); v != ssr_list.end(); v++) { std::cout << std::endl; std::cout << output_labels[2] << v->file_scan_result << std::endl; std::cout << output_labels[3] << v->file_scan_type << std::endl; if (v->parent_file_name.size()) { if (v->child_file_name.size()) std::cout << output_labels[6] << v->parent_file_name << std::endl << output_labels[7] << v->child_file_name << std::endl; else std::cout << output_labels[5] << v->parent_file_name << std::endl; } std::cout << output_labels[4] << v->file_signature_md5 << std::endl; std::cout << std::endl; } std::cout << std::endl << omega << std::endl; } else { std::cout << std::endl << omega << std::endl; } delete[] c; fclose(file); } } } closedir(dpdf); } } else if(does_this_file_exist(target_resource)) { uint8_t *c; FILE *file = NULL; strncpy (fs, target_resource, strlen(target_resource)); fs[strlen(target_resource)] = '\0'; if (fs[0] != '.') { if ((file = fopen(fs, "rb")) != NULL) { // Get the size of the file in bytes long fileSize = get_file_size(file); // Allocate space in the buffer for the whole file c = new uint8_t[fileSize]; // Read the file in to the buffer fread(c, fileSize, 1, file); std::cout << std::endl << alpha << std::endl; std::cout << output_labels[0] << fs << std::endl; std::cout << output_labels[1] << fileSize << std::endl; char *output = str_to_md5((const char *)c, fileSize); if (output) { // XXX fixme std::cout << output_labels[4] << output << std::endl; free(output); } std::list<security_scan_results_t> ssr_list; if (rules) { scan_content ( c, fileSize, rules, &ssr_list, fs, yara_cb, 1); } else { scan_content ( c, fileSize, yara_ruleset_file_name, &ssr_list, fs, yara_cb, 1); } if (!ssr_list.empty()) { std::cout << std::endl << midline << std::endl; for (std::list<security_scan_results_t>::const_iterator v = ssr_list.begin(); v != ssr_list.end(); v++) { std::cout << std::endl; std::cout << output_labels[2] << v->file_scan_result << std::endl; std::cout << output_labels[3] << v->file_scan_type << std::endl; if (v->parent_file_name.size()) { if (v->child_file_name.size()) std::cout << output_labels[6] << v->parent_file_name << std::endl << output_labels[7] << v->child_file_name << std::endl; else std::cout << output_labels[5] << v->parent_file_name << std::endl; } std::cout << output_labels[4] << v->file_signature_md5 << std::endl; std::cout << std::endl; } std::cout << std::endl << omega << std::endl; } else { std::cout << std::endl << omega << std::endl; } delete[] c; fclose(file); } } } else { std::cout << std::endl << "Could not read resource: \"" << target_resource << "\", exiting ..." << std::endl << std::endl; } if (rules != NULL) yr_rules_destroy(rules); return 0; }