DBG+GUI: fixed yara reference logic

2016-07-25 23:27:21 +02:00 · 2016-07-25 23:27:21 +02:00 · 31e53073f0
parent c6bf7b6570
commit 31e53073f0
4 changed files with 35 additions and 23 deletions
--- a/src/dbg/instruction.cpp
+++ b/src/dbg/instruction.cpp
@ -1904,9 +1904,10 @@ struct YaraScanInfo
    int index;
    bool rawFile;
    const char* modname;
+    bool debug;

-    YaraScanInfo(duint base, bool rawFile, const char* modname)
-        : base(base), index(0), rawFile(rawFile), modname(modname)
+    YaraScanInfo(duint base, bool rawFile, const char* modname, bool debug)
+        : base(base), index(0), rawFile(rawFile), modname(modname), debug(debug)
    {
    }
 };
@ -1914,6 +1915,7 @@ struct YaraScanInfo
 static int yaraScanCallback(int message, void* message_data, void* user_data)
 {
    YaraScanInfo* scanInfo = (YaraScanInfo*)user_data;
+    bool debug = scanInfo->debug;
    switch(message)
    {
    case CALLBACK_MSG_RULE_MATCHING:
@ -1942,13 +1944,14 @@ static int yaraScanCallback(int message, void* message_data, void* user_data)

        if(STRING_IS_NULL(yrRule->strings))
        {
-            dprintf("[YARA] Global rule \"%s\' matched!\n", yrRule->identifier);
-            GuiReferenceSetRowCount(1);
+            if(debug)
+                dprintf("[YARA] Global rule \"%s\' matched!\n", yrRule->identifier);
            addReference(base, nullptr, "");
        }
        else
        {
-            dprintf("[YARA] Rule \"%s\" matched:\n", yrRule->identifier);
+            if(debug)
+                dprintf("[YARA] Rule \"%s\" matched:\n", yrRule->identifier);
            YR_STRING* string;
            yr_rule_strings_foreach(yrRule, string)
            {
@ -1967,7 +1970,8 @@ static int yaraScanCallback(int message, void* message_data, void* user_data)
                    else
                        addr = base + offset;

-                    dprintf("[YARA] String \"%s\" : %s on 0x%" fext "X\n", string->identifier, pattern.c_str(), addr);
+                    if(debug)
+                        dprintf("[YARA] String \"%s\" : %s on 0x%" fext "X\n", string->identifier, pattern.c_str(), addr);

                    addReference(addr, string->identifier, pattern);
                }
@ -1979,20 +1983,23 @@ static int yaraScanCallback(int message, void* message_data, void* user_data)
    case CALLBACK_MSG_RULE_NOT_MATCHING:
    {
        YR_RULE* yrRule = (YR_RULE*)message_data;
-        dprintf("[YARA] Rule \"%s\" did not match!\n", yrRule->identifier);
+        if(debug)
+            dprintf("[YARA] Rule \"%s\" did not match!\n", yrRule->identifier);
    }
    break;

    case CALLBACK_MSG_SCAN_FINISHED:
    {
-        dputs("[YARA] Scan finished!");
+        if(debug)
+            dputs("[YARA] Scan finished!");
    }
    break;

    case CALLBACK_MSG_IMPORT_MODULE:
    {
        YR_MODULE_IMPORT* yrModuleImport = (YR_MODULE_IMPORT*)message_data;
-        dprintf("[YARA] Imported module \"%s\"!\n", yrModuleImport->module_name);
+        if(debug)
+            dprintf("[YARA] Imported module \"%s\"!\n", yrModuleImport->module_name);
    }
    break;
    }
@ -2098,7 +2105,7 @@ CMDRESULT cbInstrYara(int argc, char* argv[])
                GuiReferenceAddColumn(0, "Data");
                GuiReferenceSetRowCount(0);
                GuiReferenceReloadData();
-                YaraScanInfo scanInfo(base, rawFile, argv[2]);
+                YaraScanInfo scanInfo(base, rawFile, argv[2], settingboolget("Engine", "YaraDebug"));
                duint ticks = GetTickCount();
                dputs("[YARA] Scan started...");
                int err = yr_rules_scan_mem(yrRules, data(), size, 0, yaraScanCallback, &scanInfo, 0);
--- a/src/gui/Src/BasicView/ReferenceView.cpp
+++ b/src/gui/Src/BasicView/ReferenceView.cpp
@ -47,16 +47,6 @@ ReferenceView::ReferenceView(bool sourceView, QWidget* parent) : SearchListView(
    {
        // Add the progress bar and label to the main layout
        layout()->addWidget(progressWidget);
-
-        // Setup signals
-        connect(Bridge::getBridge(), SIGNAL(referenceAddColumnAt(int, QString)), this, SLOT(addColumnAt(int, QString)));
-        connect(Bridge::getBridge(), SIGNAL(referenceSetRowCount(dsint)), this, SLOT(setRowCount(dsint)));
-        connect(Bridge::getBridge(), SIGNAL(referenceSetCellContent(int, int, QString)), this, SLOT(setCellContent(int, int, QString)));
-        connect(Bridge::getBridge(), SIGNAL(referenceReloadData()), this, SLOT(reloadData()));
-        connect(Bridge::getBridge(), SIGNAL(referenceSetSingleSelection(int, bool)), this, SLOT(setSingleSelection(int, bool)));
-        connect(Bridge::getBridge(), SIGNAL(referenceSetProgress(int)), this, SLOT(referenceSetProgressSlot(int)));
-        connect(Bridge::getBridge(), SIGNAL(referenceSetCurrentTaskProgress(int, QString)), this, SLOT(referenceSetCurrentTaskProgressSlot(int, QString)));
-        connect(Bridge::getBridge(), SIGNAL(referenceSetSearchStartCol(int)), this, SLOT(setSearchStartCol(int)));
    }
    connect(this, SIGNAL(listContextMenuSignal(QMenu*)), this, SLOT(referenceContextMenu(QMenu*)));
    connect(this, SIGNAL(enterPressedSignal()), this, SLOT(followGenericAddress()));
@ -95,19 +85,28 @@ void ReferenceView::setupContextMenu()
    mRemoveBreakpointOnAllCommands = new QAction(tr("Remove breakpoint on all commands"), this);
    connect(mRemoveBreakpointOnAllCommands, SIGNAL(triggered()), this, SLOT(removeBreakpointOnAllCommands()));

-
    mSetBreakpointOnAllApiCalls = new QAction(tr("Set breakpoint on all api calls"), this);
    connect(mSetBreakpointOnAllApiCalls, SIGNAL(triggered()), this, SLOT(setBreakpointOnAllApiCalls()));

    mRemoveBreakpointOnAllApiCalls = new QAction(tr("Remove breakpoint on all api calls"), this);
    connect(mRemoveBreakpointOnAllApiCalls, SIGNAL(triggered()), this, SLOT(removeBreakpointOnAllApiCalls()));

-
-
    refreshShortcutsSlot();
    connect(Config(), SIGNAL(shortcutsUpdated()), this, SLOT(refreshShortcutsSlot()));
 }

+void ReferenceView::connectBridge()
+{
+    connect(Bridge::getBridge(), SIGNAL(referenceAddColumnAt(int, QString)), this, SLOT(addColumnAt(int, QString)));
+    connect(Bridge::getBridge(), SIGNAL(referenceSetRowCount(dsint)), this, SLOT(setRowCount(dsint)));
+    connect(Bridge::getBridge(), SIGNAL(referenceSetCellContent(int, int, QString)), this, SLOT(setCellContent(int, int, QString)));
+    connect(Bridge::getBridge(), SIGNAL(referenceReloadData()), this, SLOT(reloadData()));
+    connect(Bridge::getBridge(), SIGNAL(referenceSetSingleSelection(int, bool)), this, SLOT(setSingleSelection(int, bool)));
+    connect(Bridge::getBridge(), SIGNAL(referenceSetProgress(int)), this, SLOT(referenceSetProgressSlot(int)));
+    connect(Bridge::getBridge(), SIGNAL(referenceSetCurrentTaskProgress(int, QString)), this, SLOT(referenceSetCurrentTaskProgressSlot(int, QString)));
+    connect(Bridge::getBridge(), SIGNAL(referenceSetSearchStartCol(int)), this, SLOT(setSearchStartCol(int)));
+}
+
 void ReferenceView::disconnectBridge()
 {
    disconnect(Bridge::getBridge(), SIGNAL(referenceAddColumnAt(int, QString)), this, SLOT(addColumnAt(int, QString)));
@ -116,6 +115,7 @@ void ReferenceView::disconnectBridge()
    disconnect(Bridge::getBridge(), SIGNAL(referenceReloadData()), this, SLOT(reloadData()));
    disconnect(Bridge::getBridge(), SIGNAL(referenceSetSingleSelection(int, bool)), this, SLOT(setSingleSelection(int, bool)));
    disconnect(Bridge::getBridge(), SIGNAL(referenceSetProgress(int)), mSearchTotalProgress, SLOT(setValue(int)));
+    disconnect(Bridge::getBridge(), SIGNAL(referenceSetCurrentTaskProgress(int, QString)), this, SLOT(referenceSetCurrentTaskProgressSlot(int, QString)));
    disconnect(Bridge::getBridge(), SIGNAL(referenceSetSearchStartCol(int)), this, SLOT(setSearchStartCol(int)));
 }

@ -141,6 +141,7 @@ void ReferenceView::referenceSetCurrentTaskProgressSlot(int progress, QString ta

 void ReferenceView::addColumnAt(int width, QString title)
 {
+    printf("addColumnAt(%d, %s)\n", width, title.toUtf8().constData());
    int charwidth = mList->getCharWidth();
    if(width)
        width = charwidth * width + 8;
@ -158,6 +159,7 @@ void ReferenceView::addColumnAt(int width, QString title)

 void ReferenceView::setRowCount(dsint count)
 {
+    printf("setRowCount(%d)\n", count);
    emit mCountTotalLabel->setText(QString("%1").arg(count));
    mSearchBox->setText("");
    mList->setRowCount(count);
@ -165,6 +167,7 @@ void ReferenceView::setRowCount(dsint count)

 void ReferenceView::setCellContent(int r, int c, QString s)
 {
+    printf("setCellContent(%d, %d, %s)\n", r, c, s.toUtf8().constData());
    mSearchBox->setText("");
    mList->setCellContent(r, c, s);
 }
--- a/src/gui/Src/BasicView/ReferenceView.h
+++ b/src/gui/Src/BasicView/ReferenceView.h
@ -12,6 +12,7 @@ class ReferenceView : public SearchListView
 public:
    ReferenceView(bool sourceView = false, QWidget* parent = nullptr);
    void setupContextMenu();
+    void connectBridge();
    void disconnectBridge();

 protected slots:
--- a/src/gui/Src/Gui/ReferenceManager.cpp
+++ b/src/gui/Src/Gui/ReferenceManager.cpp
@ -29,6 +29,7 @@ void ReferenceManager::newReferenceView(QString name)
    if(mCurrentReferenceView) //disconnect previous reference view
        mCurrentReferenceView->disconnectBridge();
    mCurrentReferenceView = new ReferenceView();
+    mCurrentReferenceView->connectBridge();
    connect(mCurrentReferenceView, SIGNAL(showCpu()), this, SIGNAL(showCpu()));
    insertTab(0, mCurrentReferenceView, name);
    setCurrentIndex(0);