Merge remote-tracking branch 'origin/develop'

README.md

@@ -11,6 +11,8 @@ or pattern matching based on a given set of rules.
 
 Notes:
 
+- (05/28/2015) yextend version 1.2 will only work with yara 3.3 and above
+
 - This software was written for yara v3 so make sure you are on v3 if you want to use this.
 
 - This software was written and tested on Linux (both Fedora and Debian). Ports to other platforms are currently TBD.

bayshore_yara_wrapper.c

@@ -1,7 +1,7 @@
 /*****************************************************************************
  *
  * YEXTEND: Help for YARA users.
- * Copyright (C) 2014 by Bayshore Networks, Inc. All Rights Reserved.
+ * Copyright (C) 2014-2015 by Bayshore Networks, Inc. All Rights Reserved.
  *
  * This file is part of yextend.
  *
@@ -109,7 +109,8 @@ void print_compiler_error(
 		int error_level,
 		const char* file_name,
 		int line_number,
-		const char* message
+		const char* message,
+		void* user_data
 		)
 {
 	if (error_level == YARA_ERROR_LEVEL_ERROR)
@@ -283,7 +284,8 @@ YR_RULES *bayshore_yara_preprocess_rules (const char *rule_filename)
 		rules = NULL;
 
 		if (yr_compiler_create(&compiler) == ERROR_SUCCESS) {
-			yr_compiler_set_callback (compiler, print_compiler_error);
+
+			yr_compiler_set_callback (compiler, print_compiler_error, NULL);
 
 			// add the externals if any
 			while (external) {
@@ -477,7 +479,7 @@ int bayshore_yara_wrapper_api(
 				}
 			}
 
-			yr_compiler_set_callback(compiler, print_compiler_error);
+			yr_compiler_set_callback(compiler, print_compiler_error, NULL);
 			rule_file = fopen(yara_ruleset_filename, "r");
 
 			if (rule_file == NULL)

bayshore_yara_wrapper.h

@@ -1,7 +1,7 @@
 /*****************************************************************************
  *
  * YEXTEND: Help for YARA users.
- * Copyright (C) 2014 by Bayshore Networks, Inc. All Rights Reserved.
+ * Copyright (C) 2014-2015 by Bayshore Networks, Inc. All Rights Reserved.
  *
  * This file is part of yextend.
  *
@@ -30,6 +30,7 @@
 
 
 #define MAX_YARA_RES_BUF 2048
+#define YEXTEND_VERSION 1.2
 
 /* 
  * When calling bayshore_yara_wrapper_api, the next-to-last parameter is a

main.cpp

@@ -1,7 +1,7 @@
 /*****************************************************************************
  *
  * YEXTEND: Help for YARA users.
- * Copyright (C) 2014 by Bayshore Networks, Inc. All Rights Reserved.
+ * Copyright (C) 2014-2015 by Bayshore Networks, Inc. All Rights Reserved.
  *
  * This file is part of yextend.
  *
@@ -103,6 +103,41 @@ bool does_this_file_exist(const char *fn)
 	return ( fn && *fn && (stat (fn, &st) == 0) && (S_ISREG(st.st_mode)) );
 }
 
+double get_yara_version()
+{
+    FILE *fp;
+    int tok_cnt = 0;
+    double yara_version = 0.0;
+    char yver[10];
+    const char t[2] = " ";
+    char *token;
+
+    fp = popen("yara -v", "r");
+    /*
+    if (fp == NULL) {
+        printf("Failed to run command\n" );
+        exit;
+    }
+	*/
+    if (fp != NULL) {
+		fgets(yver, sizeof(yver)-1, fp);
+		if (yver != NULL) {
+			token = strtok(yver, t);
+			while( token != NULL )
+			{
+				if (tok_cnt == 1) {
+					yara_version = strtod(token, NULL);
+				}
+				token = strtok(NULL, t);
+				tok_cnt++;
+			}
+		}
+    }
+    pclose(fp);
+
+    return yara_version;
+}
+
 static const char *output_labels[] = {
 		"Filename: ",
 		"File Size: ",
@@ -129,6 +164,19 @@ int main(int argc, char* argv[])
 		std::cout << std::endl << "usage: ./yextend RULES_FILE [FILE|DIR]" << std::endl << std::endl;
 		exit(0);
 	}
+
+	// get yara runtime version
+	double yara_version = get_yara_version();
+	// version checks
+	if (YEXTEND_VERSION >= 1.2 && yara_version < 3.3) {
+		std::cout << std::endl << "Version issue: yextend version " << YEXTEND_VERSION << "+ will not run with yara versions below 3.3" << std::endl << std::endl;
+		std::cout << "Your env has yextend version ";
+		printf("%.1f\n", YEXTEND_VERSION);
+		std::cout << "Your env has yara version ";
+		printf("%.1f", yara_version);
+		std::cout << std::endl << std::endl;
+		exit(0);
+	}
 	const char *yara_ruleset_file_name = argv[1];
 	const char *target_resource = argv[2];
 	char fs[300];