/// <summary> /// Begin a scan /// </summary> /// <param name="targ">Target to scan</param> /// <param name="reload">If rules should be reloaded</param> public void StartDetectItEasyScan(BinaryTarget targ, bool reload = false) { targ.ClearSignatureHits(CONSTANTS.eSignatureType.DIE); if (rgatState.ConnectedToRemote && rgatState.NetworkBridge.GUIMode) { JObject cmdparams = new JObject(); cmdparams.Add("Type", "DIE"); cmdparams.Add("TargetSHA1", targ.GetSHA1Hash()); cmdparams.Add("Reload", reload); rgatState.NetworkBridge.SendCommand("StartSigScan", null, null, cmdparams); return; } if (reload) { string scriptsPath = GetScriptsPath(GlobalConfig.GetSettingPath(CONSTANTS.PathKey.DiESigsDirectory)); dielib.ReloadScriptDatabase(scriptsPath, out string?error); if (error is not null) { Logging.RecordError($"Error loading database: {error}"); } } if (!dielib.DatabaseLoaded) { return; } if (!File.Exists(targ.FilePath)) { return; } ulong handle = 0; lock (scansLock) { handle = dielib.CreateScanHandle(); if (DIEScanHandles.ContainsKey(targ)) { DIEScanHandles[targ] = handle; } else { DIEScanHandles.Add(targ, handle); } } List <object> args = new List <object>() { dielib, targ, handle }; Thread DIEThread = new Thread(new ParameterizedThreadStart(DetectItScanThread)); DIEThread.Name = "DetectItEasy_" + targ.FileName; DIEThread.Start(args); }
/// <summary> /// Scan a target binary file /// </summary> /// <param name="targ">File path</param> /// <param name="reload">reload the signatures first</param> public void StartYARATargetScan(BinaryTarget targ, bool reload = false) { targ.ClearSignatureHits(CONSTANTS.eSignatureType.YARA); if (rgatState.ConnectedToRemote && rgatState.NetworkBridge.GUIMode) { JObject cmdparams = new JObject(); cmdparams.Add("Type", "YARA"); cmdparams.Add("Reload", reload); cmdparams.Add("TargetSHA1", targ.GetSHA1Hash()); rgatState.NetworkBridge.SendCommand("StartSigScan", null, null, cmdparams); return; } try { if (reload) { RefreshRules(GlobalConfig.GetSettingPath(CONSTANTS.PathKey.YaraRulesDirectory), forceRecompile: true); } if (!File.Exists(targ.FilePath)) { return; } List <object> args = new List <object>() { targ }; Thread YaraThread = new Thread(new ParameterizedThreadStart(YARATargetScanThread)); YaraThread.Name = "YARA_F_" + targ.FileName; YaraThread.Start(args); } catch (Exception e) { Logging.RecordException($"Error starting YARA scan: {e.Message}", e); } }