From 434de44ef56f047149c44a3a7b944d8d59fd99a0 Mon Sep 17 00:00:00 2001 From: WerWolv Date: Thu, 4 Nov 2021 20:41:36 +0100 Subject: [PATCH] yara: Added support for displaying variable names --- include/views/view_yara.hpp | 1 + plugins/builtin/source/lang/de_DE.cpp | 1 + plugins/builtin/source/lang/en_US.cpp | 1 + plugins/builtin/source/lang/it_IT.cpp | 1 + plugins/builtin/source/lang/zh_CN.cpp | 1 + source/views/view_yara.cpp | 11 +++++++---- 6 files changed, 12 insertions(+), 4 deletions(-) diff --git a/include/views/view_yara.hpp b/include/views/view_yara.hpp index 2a1b03496..1c422b5d9 100644 --- a/include/views/view_yara.hpp +++ b/include/views/view_yara.hpp @@ -18,6 +18,7 @@ namespace hex { private: struct YaraMatch { std::string identifier; + std::string variable; s64 address; s32 size; bool wholeDataMatch; diff --git a/plugins/builtin/source/lang/de_DE.cpp b/plugins/builtin/source/lang/de_DE.cpp index 06239af5e..cea6fb026 100644 --- a/plugins/builtin/source/lang/de_DE.cpp +++ b/plugins/builtin/source/lang/de_DE.cpp @@ -301,6 +301,7 @@ namespace hex::plugin::builtin { { "hex.view.yara.error", "Yara Kompilerfehler: " }, { "hex.view.yara.header.matches", "Funde" }, { "hex.view.yara.matches.identifier", "Kennung" }, + { "hex.view.yara.matches.variable", "Variabel" }, { "hex.view.yara.whole_data", "Gesammte Daten Übereinstimmung!" }, { "hex.view.yara.no_rules", "Keine Yara Regeln gefunden. Platziere sie in ImHex's 'yara' Ordner" }, diff --git a/plugins/builtin/source/lang/en_US.cpp b/plugins/builtin/source/lang/en_US.cpp index 9986fffa4..1216b06c4 100644 --- a/plugins/builtin/source/lang/en_US.cpp +++ b/plugins/builtin/source/lang/en_US.cpp @@ -304,6 +304,7 @@ namespace hex::plugin::builtin { { "hex.view.yara.error", "Yara Compiler error: " }, { "hex.view.yara.header.matches", "Matches" }, { "hex.view.yara.matches.identifier", "Identifier" }, + { "hex.view.yara.matches.variable", "Variable" }, { "hex.view.yara.whole_data", "Whole file matches!" }, { "hex.view.yara.no_rules", "No YARA rules found. Put them in ImHex's 'yara' folder" }, diff --git a/plugins/builtin/source/lang/it_IT.cpp b/plugins/builtin/source/lang/it_IT.cpp index 5c7df01cd..35c612572 100644 --- a/plugins/builtin/source/lang/it_IT.cpp +++ b/plugins/builtin/source/lang/it_IT.cpp @@ -301,6 +301,7 @@ namespace hex::plugin::builtin { { "hex.view.yara.error", "Errore compilazione Yara: " }, { "hex.view.yara.header.matches", "Abbinamenti" }, { "hex.view.yara.matches.identifier", "Identificatore" }, + //{ "hex.view.yara.matches.variable", "Variable" }, { "hex.view.yara.whole_data", "Tutti i file combaciano!" }, { "hex.view.yara.no_rules", "Nessuna regola di YARA. Aggiungile in nella cartella 'yara' di 'ImHex'" }, diff --git a/plugins/builtin/source/lang/zh_CN.cpp b/plugins/builtin/source/lang/zh_CN.cpp index ee95d843a..14826a119 100644 --- a/plugins/builtin/source/lang/zh_CN.cpp +++ b/plugins/builtin/source/lang/zh_CN.cpp @@ -301,6 +301,7 @@ namespace hex::plugin::builtin { { "hex.view.yara.error", "Yara编译器错误: " }, { "hex.view.yara.header.matches", "匹配" }, { "hex.view.yara.matches.identifier", "标识符" }, + //{ "hex.view.yara.matches.variable", "Variable" }, { "hex.view.yara.whole_data", "全文件匹配!" }, { "hex.view.yara.no_rules", "没有找到YARA规则。请将规则放到ImHex的'yara'目录下。" }, diff --git a/source/views/view_yara.cpp b/source/views/view_yara.cpp index 2af194dd5..16ef7f410 100644 --- a/source/views/view_yara.cpp +++ b/source/views/view_yara.cpp @@ -69,9 +69,10 @@ namespace hex { ImGui::TextUnformatted("hex.view.yara.header.matches"_lang); ImGui::Separator(); - if (ImGui::BeginTable("matches", 3, ImGuiTableFlags_Borders | ImGuiTableFlags_Resizable | ImGuiTableFlags_Sortable | ImGuiTableFlags_Reorderable | ImGuiTableFlags_RowBg | ImGuiTableFlags_ScrollY)) { + if (ImGui::BeginTable("matches", 4, ImGuiTableFlags_Borders | ImGuiTableFlags_Resizable | ImGuiTableFlags_Sortable | ImGuiTableFlags_Reorderable | ImGuiTableFlags_RowBg | ImGuiTableFlags_ScrollY)) { ImGui::TableSetupScrollFreeze(0, 1); ImGui::TableSetupColumn("hex.view.yara.matches.identifier"_lang); + ImGui::TableSetupColumn("hex.view.yara.matches.variable"_lang); ImGui::TableSetupColumn("hex.common.address"_lang); ImGui::TableSetupColumn("hex.common.size"_lang); @@ -82,7 +83,7 @@ namespace hex { while (clipper.Step()) { for (u32 i = clipper.DisplayStart; i < clipper.DisplayEnd; i++) { - auto &[identifier, address, size, wholeDataMatch] = this->m_matches[i]; + auto &[identifier, variableName, address, size, wholeDataMatch] = this->m_matches[i]; ImGui::TableNextRow(); ImGui::TableNextColumn(); ImGui::PushID(i); @@ -92,6 +93,8 @@ namespace hex { ImGui::PopID(); ImGui::SameLine(); ImGui::TextUnformatted(identifier.c_str()); + ImGui::TableNextColumn(); + ImGui::TextUnformatted(variableName.c_str()); if (!wholeDataMatch) { ImGui::TableNextColumn(); @@ -250,11 +253,11 @@ namespace hex { if (rule->strings != nullptr) { yr_rule_strings_foreach(rule, string) { yr_string_matches_foreach(context, string, match) { - newMatches.push_back({ rule->identifier, match->offset, match->match_length, false }); + newMatches.push_back({ rule->identifier, string->identifier, match->offset, match->match_length, false }); } } } else { - newMatches.push_back({ rule->identifier, 0, 0, true }); + newMatches.push_back({ rule->identifier, "", 0, 0, true }); } }