Fixed the latest YARA rules with input from @Neo23x0.

Updated the documentation regarding reusing the PE parser.
Fixed the e-mail address markdown in README.md.

README.md

@@ -100,6 +100,6 @@ Examples:
 ````
 
 ## Contact
-[![E-Mail](http://manalyzer.org/static/mail.png)](mailto:justicerage *at* manalyzer.org)
-[![Tw](http://manalyzer.org/static/twitter.png)](https://twitter.com/JusticeRage)
+[![E-Mail](https://manalyzer.org/static/mail.png)](justicerage@manalyzer[.]org)
+[![Twitter](http://manalyzer.org/static/twitter.png)](https://twitter.com/JusticeRage)
 [![GnuPG](http://manalyzer.org/static/gpg.png)](https://pgp.mit.edu/pks/lookup?op=vindex&search=0x40E9F0A8F5EA8754)

bin/yara_rules/suspicious_strings.yara

@@ -790,7 +790,7 @@ rule Obfuscated_Strings
 		$a28 = { (5A | 7A) 78 69 (4D | 6D) 6F 72 7E (5C | 7C) 79 79 6F 78 6E 6E }
 		$a29 = { (59 | 79) 7B 6A (4E | 6E) 6C 71 7D (5F | 7F) 7A 7A 6C 7B 6D 6D }
 		$a30 = { (58 | 78) 7A 6B (4F | 6F) 6D 70 7C (5E | 7E) 7B 7B 6D 7A 6C 6C }
-		$a31 = { (67 | 47) 45 54 (70 | 50) 52 4F 43 (61 | 41) 44 44 52 45 53 53 }
+		// XOR 0x20 removed because it toggles capitalization and causes [Gg]ET[Pp]ROC[Aa]DDRESS to match.
 		$a32 = { (66 | 46) 44 55 (71 | 51) 53 4E 42 (60 | 40) 45 45 53 44 52 52 }
 		$a33 = { (65 | 45) 47 56 (72 | 52) 50 4D 41 (63 | 43) 46 46 50 47 51 51 }
 		$a34 = { (64 | 44) 46 57 (73 | 53) 51 4C 40 (62 | 42) 47 47 51 46 50 50 }
@@ -1044,7 +1044,7 @@ rule Obfuscated_Strings
 		$a282 = { (51 | 71) 72 7C 79 (51 | 71) 74 7F 6F 7C 6F 64 }
 		$a283 = { (52 | 72) 71 7F 7A (52 | 72) 77 7C 6C 7F 6C 67 }
 		$a284 = { (53 | 73) 70 7E 7B (53 | 73) 76 7D 6D 7E 6D 66 }
-		$a285 = { (6C | 4C) 4F 41 44 (6C | 4C) 49 42 52 41 52 59 }
+		// XOR 0x20 removed because it toggles capitalization and causes [lL]OAD[Ll]IBRARY to match.
 		$a286 = { (6D | 4D) 4E 40 45 (6D | 4D) 48 43 53 40 53 58 }
 		$a287 = { (6E | 4E) 4D 43 46 (6E | 4E) 4B 40 50 43 50 5B }
 		$a288 = { (6F | 4F) 4C 42 47 (6F | 4F) 4A 41 51 42 51 5A }

docs/reusing-manape.rst

@@ -2,7 +2,10 @@
 Reusing the PE parser
 *********************
 
-This section will explain how you can take the PE parser (ManaPE) out of Manalyze and re-use it in another project. We will focus on Linux environments, but the instructions given here should be easy to apply to other systems.
+Embedding the code
+==================
+
+This section will explain how you can take the PE parser (ManaPE) out of Manalyze and re-use it in another project. 
 
 Let's start by writing some sample code that would read a PE file using Manalyze's parser::
 
@@ -47,3 +50,37 @@ You don't have to follow the same folder structure, it's only given as an exampl
 	.rsrc
 
 Obviously, you'll want to write a Makefile or use CMake, but this should be enough to get you started. If you need detailed information on available methods that you can use from here, please see this section on :ref:`pe_objects`.
+
+Reusing binaries
+================
+
+On Linux
+--------
+
+Depending on your use-case, you may alternatively re-use the shared libraries which are distributed and/or generated with Manalyze and its build system.
+
+In that case, you still have to include the header files in your project as described above (except you only need the ``[...]/Manalyze/include/manape/`` directory). You also need to copy the shared objects::
+
+	~/code/project$ mkdir include lib
+	~/code/project$ cp -r [...]/Manalyze/include/manape/ include/
+	~/code/project$ cp [...]/Manalyze/bin/*.so lib/
+	
+Subsequently, add ``-Llib`` and ``-lmanape -lmanacommons`` to your compilation flags to indicate that the compiler should link against those libraries.
+
+On Windows
+----------
+
+Linking against DLLs requires a little more work on Windows. First, copy Manalyze's header files in your project directory as described above.
+
+Sadly, Visual Studio is *only* capable of linking against ``.lib`` files, even if the code will *in fine* be found in a DLL. Those files are generated when Manalyze is built but are not distributed with the program - this means that you have to checkout Manalyze's source code from GitHub and build it manually. Hopefully, this should be as simple as this::
+
+	$ git clone https://github.com/JusticeRage/Manalyze.git
+	$ cd Manalyze
+	$ cmake .
+
+...Then use Visual Studio to build everything. Following that, you will find a few ``.lib`` files in ``[...]\Manalyze\Debug\`` or ``[...]\Manalyze\Release\`` (use whichever matches your build profile). Copy ``*.lib`` to a ``lib`` folder in your project directory and configure VS so that they will be taken into account. This involves:
+
+- Adding the ``lib`` folder to ``Library Directories`` under ``VC++ Directories``.
+- Specifying ``manape.lib`` and ``manacommons.lib`` in ``Linker > Input > Additional Dependencies``
+
+From there, you should be able to write code relying on the PE parser!