private bool TryAddSsdeepHash(Utf8JsonWriter jsonWriter)
{
try
{
string filePath = null;
using (var json = rizin.CommandJson("ij"))
{
filePath = json.RootElement.GetProperty("core").GetProperty("file").GetString();
}
if (!string.IsNullOrWhiteSpace(filePath))
{
string data = ShellUtils.RunShellTextAsync("ssdeep", $"-c \"{filePath}\"")
.GetAwaiter()
.GetResult();
string hash = data.Split('\n')[1].Split(',').First();
jsonWriter.WriteString("ssdeep", hash);
}
}
catch (Exception)
{
return(false);
}
return(true);
}
private void IterateMatches(Utf8JsonWriter jsonWriter)
{
try
{
IEnumerable <string> ruleFiles = YaraRuleList();
if (!ruleFiles.Any())
{
return;
}
string filePath = null;
using (var json = rizin.CommandJson("ij"))
filePath = json.RootElement.GetProperty("core").GetProperty("file").GetString();
if (string.IsNullOrWhiteSpace(filePath))
{
return;
}
string result = ShellUtils.RunShellTextAsync("yara", $"-s -L -e -w {string.Join(" ", ruleFiles.Select(x => $"\"{x}\""))} \"{filePath}\"").GetAwaiter().GetResult();
using (var sr = new StringReader(result))
{
int cnt = 0;
string line, name = null;
while ((line = sr.ReadLine()) != null)
{
if (line.StartsWith("default:"))
{
if (name != null)
{
jsonWriter.WriteEndArray();
jsonWriter.WriteEndObject();
}
name = Regex.Match(line, @"default:(.*?)\s")?.Groups[1]?.Value;
jsonWriter.WriteStartObject();
jsonWriter.WriteString("match", name);
Console.WriteLine($"Yara hit \"{name}\"");
jsonWriter.WriteStartArray("hits");
}
else if (line.StartsWith("0x") && !string.IsNullOrWhiteSpace(name))
{
Match match = Regex.Match(line, @"(0x[a-f0-9]+)(:[0-9]+)?(:.*?)?[:\s]");
if (match.Success)
{
decimal offset;
string length, identifier, mark;
ParseMatch(name, match, out offset, out length, out identifier, out mark);
decimal?mappedOffset = MapYaraToRizinOffset(offset);
string rawdata = null;
string rawascii = null;
if (mappedOffset.HasValue)
{
GetRawData(length, mappedOffset, out rawdata, out rawascii);
MarkInsideRizin(cnt, name, offset, length, identifier, mark, mappedOffset);
}
WriteJson(jsonWriter, offset, length, identifier, rawdata, rawascii);
cnt++;
}
}
}
if (name != null)
{
jsonWriter.WriteEndArray();
jsonWriter.WriteEndObject();
}
}
}
catch (Exception)
{ }
}