retdec
|
#include <pattern_detector.h>
Public Member Functions | |
PatternDetector (const retdec::fileformat::FileFormat *fparser, FileInformation &finfo) | |
Detection methods | |
void | addFilePaths (const std::string &category, const std::set< std::string > &paths) |
void | analyze () |
Private Types | |
using | patternCategoriesIterator = std::vector< std::pair< std::string, std::set< std::string > >>::const_iterator |
Private Member Functions | |
Iterators | |
patternCategoriesIterator | begin () const |
patternCategoriesIterator | end () const |
Auxiliary methods | |
void | createPatternFromRule (Pattern &pattern, const yaracpp::YaraRule &rule) |
void | saveCryptoRule (const yaracpp::YaraRule &rule) |
void | saveMalwareRule (const yaracpp::YaraRule &rule) |
void | saveOtherRule (const yaracpp::YaraRule &rule) |
Private Attributes | |
const retdec::fileformat::FileFormat * | fileParser |
parser of input file More... | |
FileInformation & | fileinfo |
information about input file More... | |
std::vector< std::pair< std::string, std::set< std::string > > > | categories |
paths to YARA rules More... | |
Detector of YARA patterns
|
private |
retdec::fileinfo::PatternDetector::PatternDetector | ( | const retdec::fileformat::FileFormat * | fparser, |
FileInformation & | finfo | ||
) |
Constructor
fparser | Pointer to file parser |
finfo | Reference to information about input file |
void retdec::fileinfo::PatternDetector::addFilePaths | ( | const std::string & | category, |
const std::set< std::string > & | paths | ||
) |
Add paths to files with YARA patterns
category | Name of YARA patterns category (e.g. malware, crypto) |
paths | Set of paths to files and/or directories with YARA pattern files. From directory is taken every file with .yar or .yara extension. |
void retdec::fileinfo::PatternDetector::analyze | ( | ) |
Analyze input file and try to find YARA patterns
|
private |
Get begin iterator
|
private |
Create pattern from YARA rule
pattern | Into this parameter is stored resulted pattern |
rule | Detected YARA rule |
|
private |
Get end iterator
|
private |
Save detected cryptography rule
rule | Detected cryptography rule |
|
private |
Save detected cryptography rule
rule | Detected cryptography rule |
|
private |
Save detected cryptography rule
rule | Detected cryptography rule |
|
private |
paths to YARA rules
|
private |
information about input file
|
private |
parser of input file