private void Generate(string cmd, string fileName, bool yx = false)
{
using (var json = rizin.CommandJson(cmd))
{
Generate(json, fileName, yx);
}
}
private static bool CheckIsNotExecutable(Rizin rizin)
{
using (var json = rizin.CommandJson("aflj"))
{
if (json == null || json.RootElement.GetArrayLength() < 1)
{
return(true);
}
}
return(false);
}
private void DumpRangeToFile(decimal vaddr, decimal size, Stream stream)
{
using (JsonDocument json = rizin.CommandJson($"pxj {size} @{vaddr}"))
{
int length = json.RootElement.GetArrayLength();
byte[] data = new byte[length];
int i = 0;
foreach (var elem in json.RootElement.EnumerateArray())
{
data[i++] = elem.GetByte();
}
stream.Write(data, 0, length);
}
}
private static bool CheckIsCilExecutable(Rizin rizin)
{
using (var json = rizin.CommandJson("ij"))
{
if (json != null)
{
JsonElement elem = json.RootElement;
if (elem.TryGetProperty("bin", out elem))
{
if (elem.TryGetProperty("lang", out elem))
{
if (elem.GetString() == "cil")
{
return(true);
}
}
}
}
}
return(false);
}
private void IterateMatches(Utf8JsonWriter jsonWriter)
{
try
{
IEnumerable <string> ruleFiles = YaraRuleList();
if (!ruleFiles.Any())
{
return;
}
string filePath = null;
using (var json = rizin.CommandJson("ij"))
filePath = json.RootElement.GetProperty("core").GetProperty("file").GetString();
if (string.IsNullOrWhiteSpace(filePath))
{
return;
}
string result = ShellUtils.RunShellTextAsync("yara", $"-s -L -e -w {string.Join(" ", ruleFiles.Select(x => $"\"{x}\""))} \"{filePath}\"").GetAwaiter().GetResult();
using (var sr = new StringReader(result))
{
int cnt = 0;
string line, name = null;
while ((line = sr.ReadLine()) != null)
{
if (line.StartsWith("default:"))
{
if (name != null)
{
jsonWriter.WriteEndArray();
jsonWriter.WriteEndObject();
}
name = Regex.Match(line, @"default:(.*?)\s")?.Groups[1]?.Value;
jsonWriter.WriteStartObject();
jsonWriter.WriteString("match", name);
Console.WriteLine($"Yara hit \"{name}\"");
jsonWriter.WriteStartArray("hits");
}
else if (line.StartsWith("0x") && !string.IsNullOrWhiteSpace(name))
{
Match match = Regex.Match(line, @"(0x[a-f0-9]+)(:[0-9]+)?(:.*?)?[:\s]");
if (match.Success)
{
decimal offset;
string length, identifier, mark;
ParseMatch(name, match, out offset, out length, out identifier, out mark);
decimal?mappedOffset = MapYaraToRizinOffset(offset);
string rawdata = null;
string rawascii = null;
if (mappedOffset.HasValue)
{
GetRawData(length, mappedOffset, out rawdata, out rawascii);
MarkInsideRizin(cnt, name, offset, length, identifier, mark, mappedOffset);
}
WriteJson(jsonWriter, offset, length, identifier, rawdata, rawascii);
cnt++;
}
}
}
if (name != null)
{
jsonWriter.WriteEndArray();
jsonWriter.WriteEndObject();
}
}
}
catch (Exception)
{ }
}