From a33ce9afbab89d5e7e754f1e51fe5db556075f3a Mon Sep 17 00:00:00 2001
From: Nukem <Nukem@outlook.com>
Date: Thu, 2 Apr 2015 23:30:06 -0400
Subject: [PATCH] Strip Yara code. Already present in x64dbg.

---
 sigmake/Dialog/SigMakeDialog.cpp |  19 ++---
 sigmake/Plugin.cpp               |   5 --
 sigmake/Plugin.h                 |   1 -
 sigmake/Yara.cpp                 | 130 -------------------------------
 sigmake/Yara.h                   |   3 -
 sigmake/sigmake.vcxproj          |   6 +-
 sigmake/sigmake.vcxproj.filters  |   6 --
 sigmake/stdafx.h                 |  10 ---
 8 files changed, 12 insertions(+), 168 deletions(-)
 delete mode 100644 sigmake/Yara.cpp
 delete mode 100644 sigmake/Yara.h

diff --git a/sigmake/Dialog/SigMakeDialog.cpp b/sigmake/Dialog/SigMakeDialog.cpp
index 719dc8d..8603f6b 100644
--- a/sigmake/Dialog/SigMakeDialog.cpp
+++ b/sigmake/Dialog/SigMakeDialog.cpp
@@ -112,22 +112,23 @@ void MakeSigDialogExecute(HWND hwndDlg)
 	GetWindowText(GetDlgItem(hwndDlg, IDC_SIGMAKE_EDIT1), data, dataLen);
 	GetWindowText(GetDlgItem(hwndDlg, IDC_SIGMAKE_EDIT2), mask, maskLen);
 
-	std::vector<duint> results;
-	SIG_DESCRIPTOR *desc = nullptr;
-
 	//
 	// Convert the string to a code descriptor
 	//
-	if (Settings::LastType == SIG_CODE)
-		desc = DescriptorFromCode(data, mask);
-	else if (Settings::LastType == SIG_IDA)
-		desc = DescriptorFromIDA(data);
-	else if (Settings::LastType == SIG_CRC)
-		desc = DescriptorFromCRC(data);
+	SIG_DESCRIPTOR *desc = nullptr;
+
+	switch (Settings::LastType)
+	{
+	case SIG_CODE:	desc = DescriptorFromCode(data, mask);	break;
+	case SIG_IDA:	desc = DescriptorFromIDA(data);			break;
+	case SIG_CRC:	desc = DescriptorFromCRC(data);			break;
+	}
 
 	//
 	// Scan
 	//
+	std::vector<duint> results;
+
 	PatternScan(desc, results);
 
 	//
diff --git a/sigmake/Plugin.cpp b/sigmake/Plugin.cpp
index b0dea6b..7639e77 100644
--- a/sigmake/Plugin.cpp
+++ b/sigmake/Plugin.cpp
@@ -42,10 +42,6 @@ void MenuEntryCallback(CBTYPE Type, PLUG_CB_MENUENTRY *Info)
 		OpenSigMakeDialog();
 		break;
 
-	case PLUGIN_MENU_YARASIG:
-		OpenYaraDialog();
-		break;
-
 	case PLUGIN_MENU_SETTINGS:
 		OpenSettingsDialog();
 		break;
@@ -92,7 +88,6 @@ DLL_EXPORT void plugsetup(PLUG_SETUPSTRUCT *SetupStruct)
 
 	// Initialize the menu
 	_plugin_menuaddentry(g_MenuHandle, PLUGIN_MENU_MAKESIG, "&Create signature");
-	_plugin_menuaddentry(g_MenuHandle, PLUGIN_MENU_YARASIG, "&Yara signature");
 	_plugin_menuaddseparator(g_MenuHandle);
 	_plugin_menuaddentry(g_MenuHandle, PLUGIN_MENU_SETTINGS, "&Settings");
 	_plugin_menuaddentry(g_MenuHandle, PLUGIN_MENU_ABOUT, "&About");
diff --git a/sigmake/Plugin.h b/sigmake/Plugin.h
index 1de2d13..8a380d1 100644
--- a/sigmake/Plugin.h
+++ b/sigmake/Plugin.h
@@ -11,7 +11,6 @@ duint DbgGetCurrentModule();
 enum
 {
 	PLUGIN_MENU_MAKESIG,
-	PLUGIN_MENU_YARASIG,
 	PLUGIN_MENU_CONVERTSIG,
 	PLUGIN_MENU_SETTINGS,
 	PLUGIN_MENU_ABOUT,
diff --git a/sigmake/Yara.cpp b/sigmake/Yara.cpp
deleted file mode 100644
index 9caf801..0000000
--- a/sigmake/Yara.cpp
+++ /dev/null
@@ -1,130 +0,0 @@
-#include "stdafx.h"
-
-bool g_YaraInitialized;
-
-bool OpenSelectionDialog(const char *Title, const char *Filter, char *Buffer, size_t BufferSize)
-{
-	//
-	// Get the currently selected module
-	//
-	duint moduleBase = DbgGetCurrentModule();
-
-	if (moduleBase <= 0)
-		return false;
-
-	//
-	// Open a file dialog to select the yara file
-	//
-	OPENFILENAMEA ofn;
-	memset(&ofn, 0, sizeof(OPENFILENAMEA));
-
-	ofn.lStructSize = sizeof(OPENFILENAMEA);
-	ofn.hwndOwner	= GuiGetWindowHandle();
-	ofn.lpstrFilter	= Filter;
-	ofn.lpstrFile	= Buffer;
-	ofn.nMaxFile	= BufferSize;
-	ofn.lpstrTitle	= Title;
-	ofn.Flags		= OFN_FILEMUSTEXIST;
-
-	if (!GetOpenFileNameA(&ofn))
-		return false;
-
-	return true;
-}
-
-void YaraOutputCallback(int ErrorLevel, const char *FileName, int LineNumber, const char *Message)
-{
-	_plugin_logprintf("%s(%d): %d: %s\n", FileName, LineNumber, ErrorLevel, Message);
-}
-
-int YaraScanCallback(int Message, void *MessageData, void *UserData)
-{
-	return CALLBACK_CONTINUE;
-}
-
-void OpenYaraDialog()
-{
-	//
-	// Initialize Yara
-	//
-	if (!g_YaraInitialized)
-	{
-		if (yr_initialize() != ERROR_SUCCESS)
-		{
-			_plugin_logprintf("Failed to initialize Yara library\n");
-			return;
-		}
-
-		g_YaraInitialized = true;
-	}
-
-	//
-	// Create the code compiler
-	//
-	YR_COMPILER *compiler	= nullptr;
-	YR_RULES *rules			= nullptr;
-
-	if (yr_compiler_create(&compiler) != ERROR_SUCCESS)
-	{
-		_plugin_logprintf("Yara compiler initialization failed\n");
-		return;
-	}
-
-	//
-	// Set the compiler output callback
-	//
-	yr_compiler_set_callback(compiler, YaraOutputCallback);
-
-	//
-	// Open a selection dialog and get the user input file
-	//
-	char fileName[MAX_PATH];
-	FILE *fileHandle = nullptr;
-
-	{
-		if (!OpenSelectionDialog("Open a Yara signature file", "Yara files (*.map)\0*.yara\0\0", fileName, ARRAYSIZE(fileName)))
-			goto __cleanup;
-
-		fopen_s(&fileHandle, fileName, "w");
-	}
-
-	if (yr_compiler_add_file(compiler, fileHandle, nullptr, strrchr(fileName, '\\') + 1) > 0)
-	{
-		_plugin_logprintf("Compilation errors found, exiting\n");
-		goto __cleanup;
-	}
-
-	//
-	// Allocate rules
-	//
-	yr_compiler_get_rules(compiler, &rules);
-
-	//
-	// Scan memory
-	//
-	duint dataVA	= 0;
-	BYTE *data		= nullptr;
-	size_t dataLen	= 0;
-
-	if (yr_rules_scan_mem(rules, data, dataLen, 0, YaraScanCallback, (void *)dataVA, 0) != ERROR_SUCCESS)
-	{
-		_plugin_logprintf("An error occurred while scanning\n");
-		goto __cleanup;
-	}
-
-__cleanup:
-	if (compiler)
-		yr_compiler_destroy(compiler);
-
-	if (rules)
-		yr_rules_destroy(rules);
-
-	if (fileHandle)
-		fclose(fileHandle);
-}
-
-void DestroyYaraDialog()
-{
-	if (g_YaraInitialized)
-		yr_finalize();
-}
\ No newline at end of file
diff --git a/sigmake/Yara.h b/sigmake/Yara.h
deleted file mode 100644
index 06bf889..0000000
--- a/sigmake/Yara.h
+++ /dev/null
@@ -1,3 +0,0 @@
-#pragma once
-
-void OpenYaraDialog();
\ No newline at end of file
diff --git a/sigmake/sigmake.vcxproj b/sigmake/sigmake.vcxproj
index 4ee46bb..19bbe8a 100644
--- a/sigmake/sigmake.vcxproj
+++ b/sigmake/sigmake.vcxproj
@@ -72,7 +72,7 @@
     <LinkIncremental>true</LinkIncremental>
     <TargetName>$(ProjectName)_debug</TargetName>
     <IntDir>$(Platform)\$(Configuration)\</IntDir>
-    <IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(ProjectDir)\yara</IncludePath>
+    <IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath)</IncludePath>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
@@ -87,7 +87,7 @@
     <OutDir>$(SolutionDir)x32\plugins\</OutDir>
     <TargetExt>.dp32</TargetExt>
     <IntDir>$(Platform)\$(Configuration)\</IntDir>
-    <IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);$(ProjectDir)\yara</IncludePath>
+    <IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath)</IncludePath>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
@@ -176,7 +176,6 @@
     <ClInclude Include="SigMake.h" />
     <ClInclude Include="Dialog\SigMakeDialog.h" />
     <ClInclude Include="stdafx.h" />
-    <ClInclude Include="Yara.h" />
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="Descriptor.cpp" />
@@ -260,7 +259,6 @@
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
     </ClCompile>
-    <ClCompile Include="Yara.cpp" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="sigmake.rc" />
diff --git a/sigmake/sigmake.vcxproj.filters b/sigmake/sigmake.vcxproj.filters
index bad5cd4..5452234 100644
--- a/sigmake/sigmake.vcxproj.filters
+++ b/sigmake/sigmake.vcxproj.filters
@@ -68,9 +68,6 @@
     <ClInclude Include="Descriptor.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="Yara.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
     <ClInclude Include="Dialog\SigMakeDialog.h">
       <Filter>Dialog</Filter>
     </ClInclude>
@@ -121,9 +118,6 @@
     <ClCompile Include="Descriptor.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="Yara.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
     <ClCompile Include="Dialog\SettingsDialog.cpp">
       <Filter>Dialog</Filter>
     </ClCompile>
diff --git a/sigmake/stdafx.h b/sigmake/stdafx.h
index 91c9eab..23ee73e 100644
--- a/sigmake/stdafx.h
+++ b/sigmake/stdafx.h
@@ -16,14 +16,6 @@ extern "C"
 #include "distorm/prefix.h"
 }
 
-//
-// YARA
-//
-extern "C"
-{
-#include <yara.h>
-}
-
 //
 // X64DBG
 //
@@ -49,7 +41,6 @@ extern "C"
 #include "pluginsdk/_dbgfunctions.h"
 #include "pluginsdk/TitanEngine/TitanEngine.h"
 
-
 //
 // PLUGIN
 //
@@ -59,7 +50,6 @@ extern "C"
 #include "Plugin.h"
 #include "Descriptor.h"
 #include "SigMake.h"
-#include "Yara.h"
 #include "Dialog/SigMakeDialog.h"
 #include "Dialog/Settings.h"
 #include "Dialog/SettingsDialog.h"