From e28b72e356bbd500a65d3569b1765554a5b6e470 Mon Sep 17 00:00:00 2001
From: WerWolv <werwolv98@gmail.com>
Date: Thu, 22 Feb 2024 21:31:53 +0100
Subject: [PATCH] feat: Added a basic C++ and MSVC detector yara signature

---
 plugins/yara_rules/romfs/rules/language.yar | 25 +++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 plugins/yara_rules/romfs/rules/language.yar

diff --git a/plugins/yara_rules/romfs/rules/language.yar b/plugins/yara_rules/romfs/rules/language.yar
new file mode 100644
index 000000000..1b5af9567
--- /dev/null
+++ b/plugins/yara_rules/romfs/rules/language.yar
@@ -0,0 +1,25 @@
+rule CppExecutable {
+    meta:
+        category = "Programming Language"
+        name = "C++"
+
+    strings:
+        $exception_windows = "_CxxThrowException" ascii fullword
+        $iostreams = "iostream" ascii
+        
+    condition:
+        any of them
+}
+
+rule CppMSVC {
+    meta:
+        category = "Compiler"
+        name = "MSVC"
+
+    strings:
+        $iostreams_mangled_name = "$basic_iostream@DU" ascii
+        $std_namespace = "@@std@@" ascii
+
+    condition:
+        any of them and CppExecutable
+}
\ No newline at end of file