├── CFFCapstone
├── CFFCapstone.aps
├── CFFCapstone.c
├── CFFCapstone.rc
├── CFFCapstone.vcxproj
├── CFFCapstone.vcxproj.filters
├── CFFExplorerSDK.h
├── Extension.h
├── LICENSE
├── README.md
├── capstone
│ ├── CREDITS.TXT
│ ├── ChangeLog
│ ├── LICENSE.TXT
│ ├── LICENSE_LLVM.TXT
│ ├── README
│ ├── RELEASE_NOTES
│ ├── include
│ │ ├── arm.h
│ │ ├── arm64.h
│ │ ├── capstone.h
│ │ ├── mips.h
│ │ ├── platform.h
│ │ ├── ppc.h
│ │ ├── sparc.h
│ │ ├── systemz.h
│ │ ├── x86.h
│ │ └── xcore.h
│ ├── x64
│ │ ├── capstone.dll
│ │ └── capstone.lib
│ └── x86
│ │ ├── capstone.dll
│ │ └── capstone.lib
├── cffcapstone.png
└── resource.h
├── CFFExtensions.sln
├── CFFHashes
├── CFFExplorerSDK.h
├── CFFHashes.aps
├── CFFHashes.c
├── CFFHashes.rc
├── CFFHashes.vcxproj
├── CFFHashes.vcxproj.filters
├── Extension.h
├── LICENSE
├── README.md
├── cffhashes.png
├── hash.c
├── hash.h
└── resource.h
├── CFFStrings
├── CFFExplorerSDK.h
├── CFFStrings.aps
├── CFFStrings.c
├── CFFStrings.rc
├── CFFStrings.vcxproj
├── CFFStrings.vcxproj.filters
├── Extension.h
├── LICENSE
├── README.md
├── cffstrings.png
├── resource.h
├── string.c
└── string.h
├── CFFYara
├── CFFExplorerSDK.h
├── CFFYara.aps
├── CFFYara.c
├── CFFYara.rc
├── CFFYara.vcxproj
├── CFFYara.vcxproj.filters
├── Extension.h
├── LICENSE
├── LICENSE_jansson
├── LICENSE_openssl
├── LICENSE_yara
├── README.md
├── cffyara.png
├── resource.h
└── yara
│ ├── include
│ ├── config.h
│ ├── jansson.h
│ ├── jansson_config.h
│ ├── openssl
│ │ ├── aes.h
│ │ ├── asn1.h
│ │ ├── asn1_mac.h
│ │ ├── asn1t.h
│ │ ├── bio.h
│ │ ├── blowfish.h
│ │ ├── bn.h
│ │ ├── buffer.h
│ │ ├── camellia.h
│ │ ├── cast.h
│ │ ├── cmac.h
│ │ ├── cms.h
│ │ ├── comp.h
│ │ ├── conf.h
│ │ ├── conf_api.h
│ │ ├── crypto.h
│ │ ├── des.h
│ │ ├── des_old.h
│ │ ├── dh.h
│ │ ├── dsa.h
│ │ ├── dso.h
│ │ ├── dtls1.h
│ │ ├── e_os2.h
│ │ ├── ebcdic.h
│ │ ├── ec.h
│ │ ├── ecdh.h
│ │ ├── ecdsa.h
│ │ ├── engine.h
│ │ ├── err.h
│ │ ├── evp.h
│ │ ├── hmac.h
│ │ ├── idea.h
│ │ ├── krb5_asn.h
│ │ ├── kssl.h
│ │ ├── lhash.h
│ │ ├── md4.h
│ │ ├── md5.h
│ │ ├── mdc2.h
│ │ ├── modes.h
│ │ ├── obj_mac.h
│ │ ├── objects.h
│ │ ├── ocsp.h
│ │ ├── opensslconf.h
│ │ ├── opensslv.h
│ │ ├── ossl_typ.h
│ │ ├── pem.h
│ │ ├── pem2.h
│ │ ├── pkcs12.h
│ │ ├── pkcs7.h
│ │ ├── pqueue.h
│ │ ├── rand.h
│ │ ├── rc2.h
│ │ ├── rc4.h
│ │ ├── ripemd.h
│ │ ├── rsa.h
│ │ ├── safestack.h
│ │ ├── seed.h
│ │ ├── sha.h
│ │ ├── srp.h
│ │ ├── srtp.h
│ │ ├── ssl.h
│ │ ├── ssl2.h
│ │ ├── ssl23.h
│ │ ├── ssl3.h
│ │ ├── stack.h
│ │ ├── symhacks.h
│ │ ├── tls1.h
│ │ ├── ts.h
│ │ ├── txt_db.h
│ │ ├── ui.h
│ │ ├── ui_compat.h
│ │ ├── whrlpool.h
│ │ ├── x509.h
│ │ ├── x509_vfy.h
│ │ └── x509v3.h
│ ├── yara.h
│ └── yara
│ │ ├── ahocorasick.h
│ │ ├── arena.h
│ │ ├── atoms.h
│ │ ├── compiler.h
│ │ ├── elf.h
│ │ ├── error.h
│ │ ├── exec.h
│ │ ├── exefiles.h
│ │ ├── filemap.h
│ │ ├── globals.h
│ │ ├── hash.h
│ │ ├── hex_lexer.h
│ │ ├── integers.h
│ │ ├── lexer.h
│ │ ├── libyara.h
│ │ ├── limits.h
│ │ ├── mem.h
│ │ ├── modules.h
│ │ ├── object.h
│ │ ├── parser.h
│ │ ├── pe.h
│ │ ├── proc.h
│ │ ├── re.h
│ │ ├── re_lexer.h
│ │ ├── rules.h
│ │ ├── scan.h
│ │ ├── sizedstr.h
│ │ ├── stream.h
│ │ ├── strutils.h
│ │ ├── threading.h
│ │ ├── types.h
│ │ └── utils.h
│ └── lib
│ ├── jansson32.lib
│ ├── jansson64.lib
│ ├── libeay32.lib
│ ├── libeay64.lib
│ ├── libyara32.lib
│ └── libyara64.lib
├── LICENSE
├── README.md
├── bin
├── CFFExtensions_1.0.0_setup.exe
├── CFFExtensions_1.0.1_setup.exe
├── CFFExtensions_1.0.2_setup.exe
├── CFFExtensions_1.0.3_setup.exe
├── CFFExtensions_1.0.4_setup.exe
├── x64
│ ├── Debug
│ │ ├── CFFCapstone.dll
│ │ ├── CFFCapstone.exp
│ │ ├── CFFCapstone.lib
│ │ ├── CFFCapstone.pdb
│ │ ├── CFFHashes.dll
│ │ ├── CFFHashes.exp
│ │ ├── CFFHashes.lib
│ │ ├── CFFHashes.pdb
│ │ ├── CFFStrings.dll
│ │ ├── CFFStrings.exp
│ │ ├── CFFStrings.lib
│ │ ├── CFFStrings.pdb
│ │ ├── CFFYara.dll
│ │ ├── CFFYara.exp
│ │ ├── CFFYara.lib
│ │ └── CFFYara.pdb
│ └── Release
│ │ ├── CFFCapstone.dll
│ │ ├── CFFCapstone.exp
│ │ ├── CFFCapstone.lib
│ │ ├── CFFCapstone.pdb
│ │ ├── CFFHashes.dll
│ │ ├── CFFHashes.exp
│ │ ├── CFFHashes.lib
│ │ ├── CFFHashes.pdb
│ │ ├── CFFStrings.dll
│ │ ├── CFFStrings.exp
│ │ ├── CFFStrings.lib
│ │ ├── CFFStrings.pdb
│ │ ├── CFFYara.dll
│ │ ├── CFFYara.exp
│ │ ├── CFFYara.lib
│ │ └── CFFYara.pdb
└── x86
│ ├── Debug
│ ├── CFFCapstone.dll
│ ├── CFFCapstone.exp
│ ├── CFFCapstone.lib
│ ├── CFFCapstone.pdb
│ ├── CFFHashes.dll
│ ├── CFFHashes.exp
│ ├── CFFHashes.lib
│ ├── CFFHashes.pdb
│ ├── CFFStrings.dll
│ ├── CFFStrings.exp
│ ├── CFFStrings.lib
│ ├── CFFStrings.pdb
│ ├── CFFYara.dll
│ ├── CFFYara.exp
│ ├── CFFYara.lib
│ └── CFFYara.pdb
│ └── Release
│ ├── CFFCapstone.dll
│ ├── CFFCapstone.exp
│ ├── CFFCapstone.lib
│ ├── CFFCapstone.pdb
│ ├── CFFHashes.dll
│ ├── CFFHashes.exp
│ ├── CFFHashes.lib
│ ├── CFFHashes.pdb
│ ├── CFFStrings.dll
│ ├── CFFStrings.exp
│ ├── CFFStrings.lib
│ ├── CFFStrings.pdb
│ ├── CFFYara.dll
│ ├── CFFYara.exp
│ ├── CFFYara.lib
│ └── CFFYara.pdb
└── setup_script.iss
/CFFCapstone/CFFCapstone.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFCapstone/CFFCapstone.aps
--------------------------------------------------------------------------------
/CFFCapstone/CFFCapstone.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFCapstone/CFFCapstone.rc
--------------------------------------------------------------------------------
/CFFCapstone/CFFCapstone.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 | Header Files
26 |
27 |
28 |
29 |
30 | Resource Files
31 |
32 |
33 |
34 |
35 | Source Files
36 |
37 |
38 |
--------------------------------------------------------------------------------
/CFFCapstone/Extension.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #ifndef EXTINITDATA
4 | typedef struct _EXTINITDATA
5 | {
6 | VOID (__cdecl *RetrieveExtensionApi)(UINT *ApiMask, VOID *pApi);
7 |
8 | } EXTINITDATA, *PEXTINITDATA;
9 | #endif
--------------------------------------------------------------------------------
/CFFCapstone/LICENSE:
--------------------------------------------------------------------------------
1 | This code is available under MIT License.
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy
4 | of this software and associated documentation files (the "Software"), to deal
5 | in the Software without restriction, including without limitation the rights
6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 | copies of the Software, and to permit persons to whom the Software is
8 | furnished to do so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in
11 | all copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19 | THE SOFTWARE.
--------------------------------------------------------------------------------
/CFFCapstone/README.md:
--------------------------------------------------------------------------------
1 | # CFFCapstone #
2 |
3 | ----------
4 |
5 | CFFCapstone is a simple extension to CFF Explorer ( [http://www.ntcore.com/exsuite.php](http://www.ntcore.com/exsuite.php) ) by Daniel Pistelli. This extension provides Capstone ( [http://www.capstone-engine.org/](http://www.capstone-engine.org/) ) disassembly support on any area of the file.
6 |
7 | ## Usage ##
8 |
9 | When you launch CFF Explorer, a new 'Capstone' item will be displayed. You can quickly disassemble any area of the file by providing the file offset and disassembly length (both values should be specified in hex)
10 |
11 | 
12 |
--------------------------------------------------------------------------------
/CFFCapstone/capstone/CREDITS.TXT:
--------------------------------------------------------------------------------
1 | This file credits all the contributors of the Capstone engine project.
2 |
3 | Key developers
4 | ==============
5 | 1. Nguyen Anh Quynh
6 | - Core engine
7 | - Bindings: Python, Ruby, OCaml, Java, C#
8 |
9 | 2. Tan Sheng Di
10 | - Bindings: Ruby
11 |
12 | 3. Ben Nagy
13 | - Bindings: Ruby, Go
14 |
15 | 4. Dang Hoang Vu
16 | - Bindings: Java
17 |
18 |
19 | Beta testers (in random order)
20 | ==============================
21 | Pancake
22 | Van Hauser
23 | FX of Phenoelit
24 | The Grugq, The Grugq <-- our hero for submitting the first ever patch!
25 | Isaac Dawson, Veracode Inc
26 | Patroklos Argyroudis, Census Inc. (http://census-labs.com)
27 | Attila Suszter
28 | Le Dinh Long
29 | Nicolas Ruff
30 | Gunther
31 | Alex Ionescu, Winsider Seminars & Solutions Inc.
32 | Snare
33 | Daniel Godas-Lopez
34 | Joshua J. Drake
35 | Edgar Barbosa
36 | Ralf-Philipp Weinmann
37 | Hugo Fortier
38 | Joxean Koret
39 | Bruce Dang
40 | Andrew Dunham
41 |
42 |
43 | Contributors (in no particular order)
44 | =====================================
45 | (Please let us know if you want to have your name here)
46 |
47 | Ole André Vadla Ravnås (author of the 100th Pull-Request in our Github repo, thanks!)
48 | Axel "0vercl0k" Souchet (@0vercl0k) & Alex Ionescu: port to MSVC.
49 | Daniel Pistelli: Cmake support.
50 | Peter Hlavaty: integrate Capstone for Windows kernel drivers.
51 | Guillaume Jeanne: Ocaml binding.
52 | Martin Tofall, Obsidium Software: Optimize X86 performance & size.
53 | David Martínez Moreno & Hilko Bengen: Debian package.
54 | Félix Cloutier: Xcode project.
55 | Benoit Lecocq: OpenBSD package.
56 | Christophe Avoinne (Hlide): Improve memory management for better performance.
57 | Michael Cohen & Nguyen Tan Cong: Python module installer.
58 | Adel Gadllah, Francisco Alonso & Stefan Cornelius: RPM package.
59 | Felix Gröbert (Google): fuzz testing harness.
60 |
--------------------------------------------------------------------------------
/CFFCapstone/capstone/LICENSE.TXT:
--------------------------------------------------------------------------------
1 | This is the software license for Capstone disassembly framework.
2 | Capstone has been designed & implemented by Nguyen Anh Quynh
3 |
4 | See http://www.capstone-engine.org for further information.
5 |
6 | Copyright (c) 2013, COSEINC.
7 | All rights reserved.
8 |
9 | Redistribution and use in source and binary forms, with or without
10 | modification, are permitted provided that the following conditions are met:
11 |
12 | * Redistributions of source code must retain the above copyright notice,
13 | this list of conditions and the following disclaimer.
14 | * Redistributions in binary form must reproduce the above copyright notice,
15 | this list of conditions and the following disclaimer in the documentation
16 | and/or other materials provided with the distribution.
17 | * Neither the name of the developer(s) nor the names of its
18 | contributors may be used to endorse or promote products derived from this
19 | software without specific prior written permission.
20 |
21 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
22 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
25 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31 | POSSIBILITY OF SUCH DAMAGE.
32 |
--------------------------------------------------------------------------------
/CFFCapstone/capstone/LICENSE_LLVM.TXT:
--------------------------------------------------------------------------------
1 | ==============================================================================
2 | LLVM Release License
3 | ==============================================================================
4 | University of Illinois/NCSA
5 | Open Source License
6 |
7 | Copyright (c) 2003-2013 University of Illinois at Urbana-Champaign.
8 | All rights reserved.
9 |
10 | Developed by:
11 |
12 | LLVM Team
13 |
14 | University of Illinois at Urbana-Champaign
15 |
16 | http://llvm.org
17 |
18 | Permission is hereby granted, free of charge, to any person obtaining a copy of
19 | this software and associated documentation files (the "Software"), to deal with
20 | the Software without restriction, including without limitation the rights to
21 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
22 | of the Software, and to permit persons to whom the Software is furnished to do
23 | so, subject to the following conditions:
24 |
25 | * Redistributions of source code must retain the above copyright notice,
26 | this list of conditions and the following disclaimers.
27 |
28 | * Redistributions in binary form must reproduce the above copyright notice,
29 | this list of conditions and the following disclaimers in the
30 | documentation and/or other materials provided with the distribution.
31 |
32 | * Neither the names of the LLVM Team, University of Illinois at
33 | Urbana-Champaign, nor the names of its contributors may be used to
34 | endorse or promote products derived from this Software without specific
35 | prior written permission.
36 |
37 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
38 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
39 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
40 | CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
41 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
42 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE
43 | SOFTWARE.
44 |
45 | ==============================================================================
46 | Copyrights and Licenses for Third Party Software Distributed with LLVM:
47 | ==============================================================================
48 | The LLVM software contains code written by third parties. Such software will
49 | have its own individual LICENSE.TXT file in the directory in which it appears.
50 | This file will describe the copyrights, license, and restrictions which apply
51 | to that code.
52 |
53 | The disclaimer of warranty in the University of Illinois Open Source License
54 | applies to all code in the LLVM Distribution, and nothing in any of the
55 | other licenses gives permission to use the names of the LLVM Team or the
56 | University of Illinois to endorse or promote products derived from this
57 | Software.
58 |
59 | The following pieces of software have additional or alternate copyrights,
60 | licenses, and/or restrictions:
61 |
62 | Program Directory
63 | ------- ---------
64 | Autoconf llvm/autoconf
65 | llvm/projects/ModuleMaker/autoconf
66 | llvm/projects/sample/autoconf
67 | Google Test llvm/utils/unittest/googletest
68 | OpenBSD regex llvm/lib/Support/{reg*, COPYRIGHT.regex}
69 | pyyaml tests llvm/test/YAMLParser/{*.data, LICENSE.TXT}
70 | ARM contributions llvm/lib/Target/ARM/LICENSE.TXT
71 | md5 contributions llvm/lib/Support/MD5.cpp llvm/include/llvm/Support/MD5.h
72 |
--------------------------------------------------------------------------------
/CFFCapstone/capstone/README:
--------------------------------------------------------------------------------
1 | Capstone is a disassembly framework with the target of becoming the ultimate
2 | disasm engine for binary analysis and reversing in the security community.
3 |
4 | Created by Nguyen Anh Quynh, then developed and maintained by a small community,
5 | Capstone offers some unparalleled features:
6 |
7 | - Support multiple hardware architectures: ARM, ARM64 (ARMv8), Mips, PPC, Sparc,
8 | SystemZ, XCore and X86 (including X86_64).
9 |
10 | - Having clean/simple/lightweight/intuitive architecture-neutral API.
11 |
12 | - Provide details on disassembled instruction (called “decomposer” by others).
13 |
14 | - Provide semantics of the disassembled instruction, such as list of implicit
15 | registers read & written.
16 |
17 | - Implemented in pure C language, with lightweight wrappers for C++, C#, Go,
18 | Java, Lua, NodeJS, Ocaml, Python, Ruby, Rust & Vala ready (available in
19 | main code, or provided externally by the community).
20 |
21 | - Native support for all popular platforms: Windows, Mac OSX, iOS, Android,
22 | Linux, *BSD, Solaris, etc.
23 |
24 | - Thread-safe by design.
25 |
26 | - Special support for embedding into firmware or OS kernel.
27 |
28 | - High performance & suitable for malware analysis (capable of handling various
29 | X86 malware tricks).
30 |
31 | - Distributed under the open source BSD license.
32 |
33 | Further information is available at http://www.capstone-engine.org
34 |
35 |
36 | [Compile]
37 |
38 | See COMPILE.TXT file for how to compile and install Capstone.
39 |
40 |
41 | [Documentation]
42 |
43 | See docs/README for how to customize & program your own tools with Capstone.
44 |
45 |
46 | [Hack]
47 |
48 | See HACK.TXT file for the structuture of the source code.
49 |
50 |
51 | [License]
52 |
53 | This project is released under the BSD license. If you redistribute the binary
54 | or source code of Capstone, please attach file LICENSE.TXT with your products.
55 |
--------------------------------------------------------------------------------
/CFFCapstone/capstone/RELEASE_NOTES:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFCapstone/capstone/RELEASE_NOTES
--------------------------------------------------------------------------------
/CFFCapstone/capstone/include/platform.h:
--------------------------------------------------------------------------------
1 | /* Capstone Disassembly Engine */
2 | /* By Axel Souchet & Nguyen Anh Quynh, 2014 */
3 |
4 | // handle C99 issue (for pre-2013 VisualStudio)
5 | #ifndef CAPSTONE_PLATFORM_H
6 | #define CAPSTONE_PLATFORM_H
7 |
8 | #if !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64))
9 | // MSVC
10 |
11 | // stdbool.h
12 | #if (_MSC_VER < 1800)
13 | #ifndef __cplusplus
14 | typedef unsigned char bool;
15 | #define false 0
16 | #define true 1
17 | #endif
18 |
19 | #else
20 | // VisualStudio 2013+ -> C99 is supported
21 | #include
22 | #endif
23 |
24 | #else // not MSVC -> C99 is supported
25 | #include
26 | #endif
27 |
28 | #endif
29 |
--------------------------------------------------------------------------------
/CFFCapstone/capstone/x64/capstone.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFCapstone/capstone/x64/capstone.dll
--------------------------------------------------------------------------------
/CFFCapstone/capstone/x64/capstone.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFCapstone/capstone/x64/capstone.lib
--------------------------------------------------------------------------------
/CFFCapstone/capstone/x86/capstone.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFCapstone/capstone/x86/capstone.dll
--------------------------------------------------------------------------------
/CFFCapstone/capstone/x86/capstone.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFCapstone/capstone/x86/capstone.lib
--------------------------------------------------------------------------------
/CFFCapstone/cffcapstone.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFCapstone/cffcapstone.png
--------------------------------------------------------------------------------
/CFFCapstone/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFCapstone/resource.h
--------------------------------------------------------------------------------
/CFFExtensions.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 2013
4 | VisualStudioVersion = 12.0.30723.0
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CFFHashes", "CFFHashes\CFFHashes.vcxproj", "{283F72A9-1F8B-4231-AEF4-4F2AC8200096}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CFFStrings", "CFFStrings\CFFStrings.vcxproj", "{6AE1EF93-D14C-41E7-9948-BC315DF76BD0}"
9 | EndProject
10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CFFYara", "CFFYara\CFFYara.vcxproj", "{2E1DBE9C-7E48-472E-B062-72E88A978C88}"
11 | EndProject
12 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CFFCapstone", "CFFCapstone\CFFCapstone.vcxproj", "{D9A58F27-6E74-4FC7-983D-1F048C2B265B}"
13 | EndProject
14 | Global
15 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
16 | Debug|Win32 = Debug|Win32
17 | Debug|x64 = Debug|x64
18 | Release|Win32 = Release|Win32
19 | Release|x64 = Release|x64
20 | EndGlobalSection
21 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
22 | {283F72A9-1F8B-4231-AEF4-4F2AC8200096}.Debug|Win32.ActiveCfg = Debug|Win32
23 | {283F72A9-1F8B-4231-AEF4-4F2AC8200096}.Debug|Win32.Build.0 = Debug|Win32
24 | {283F72A9-1F8B-4231-AEF4-4F2AC8200096}.Debug|x64.ActiveCfg = Debug|x64
25 | {283F72A9-1F8B-4231-AEF4-4F2AC8200096}.Debug|x64.Build.0 = Debug|x64
26 | {283F72A9-1F8B-4231-AEF4-4F2AC8200096}.Release|Win32.ActiveCfg = Release|Win32
27 | {283F72A9-1F8B-4231-AEF4-4F2AC8200096}.Release|Win32.Build.0 = Release|Win32
28 | {283F72A9-1F8B-4231-AEF4-4F2AC8200096}.Release|x64.ActiveCfg = Release|x64
29 | {283F72A9-1F8B-4231-AEF4-4F2AC8200096}.Release|x64.Build.0 = Release|x64
30 | {6AE1EF93-D14C-41E7-9948-BC315DF76BD0}.Debug|Win32.ActiveCfg = Debug|Win32
31 | {6AE1EF93-D14C-41E7-9948-BC315DF76BD0}.Debug|Win32.Build.0 = Debug|Win32
32 | {6AE1EF93-D14C-41E7-9948-BC315DF76BD0}.Debug|x64.ActiveCfg = Debug|x64
33 | {6AE1EF93-D14C-41E7-9948-BC315DF76BD0}.Debug|x64.Build.0 = Debug|x64
34 | {6AE1EF93-D14C-41E7-9948-BC315DF76BD0}.Release|Win32.ActiveCfg = Release|Win32
35 | {6AE1EF93-D14C-41E7-9948-BC315DF76BD0}.Release|Win32.Build.0 = Release|Win32
36 | {6AE1EF93-D14C-41E7-9948-BC315DF76BD0}.Release|x64.ActiveCfg = Release|x64
37 | {6AE1EF93-D14C-41E7-9948-BC315DF76BD0}.Release|x64.Build.0 = Release|x64
38 | {2E1DBE9C-7E48-472E-B062-72E88A978C88}.Debug|Win32.ActiveCfg = Debug|Win32
39 | {2E1DBE9C-7E48-472E-B062-72E88A978C88}.Debug|Win32.Build.0 = Debug|Win32
40 | {2E1DBE9C-7E48-472E-B062-72E88A978C88}.Debug|x64.ActiveCfg = Debug|x64
41 | {2E1DBE9C-7E48-472E-B062-72E88A978C88}.Debug|x64.Build.0 = Debug|x64
42 | {2E1DBE9C-7E48-472E-B062-72E88A978C88}.Release|Win32.ActiveCfg = Release|Win32
43 | {2E1DBE9C-7E48-472E-B062-72E88A978C88}.Release|Win32.Build.0 = Release|Win32
44 | {2E1DBE9C-7E48-472E-B062-72E88A978C88}.Release|x64.ActiveCfg = Release|x64
45 | {2E1DBE9C-7E48-472E-B062-72E88A978C88}.Release|x64.Build.0 = Release|x64
46 | {D9A58F27-6E74-4FC7-983D-1F048C2B265B}.Debug|Win32.ActiveCfg = Debug|Win32
47 | {D9A58F27-6E74-4FC7-983D-1F048C2B265B}.Debug|Win32.Build.0 = Debug|Win32
48 | {D9A58F27-6E74-4FC7-983D-1F048C2B265B}.Debug|x64.ActiveCfg = Debug|x64
49 | {D9A58F27-6E74-4FC7-983D-1F048C2B265B}.Debug|x64.Build.0 = Debug|x64
50 | {D9A58F27-6E74-4FC7-983D-1F048C2B265B}.Release|Win32.ActiveCfg = Release|Win32
51 | {D9A58F27-6E74-4FC7-983D-1F048C2B265B}.Release|Win32.Build.0 = Release|Win32
52 | {D9A58F27-6E74-4FC7-983D-1F048C2B265B}.Release|x64.ActiveCfg = Release|x64
53 | EndGlobalSection
54 | GlobalSection(SolutionProperties) = preSolution
55 | HideSolutionNode = FALSE
56 | EndGlobalSection
57 | EndGlobal
58 |
--------------------------------------------------------------------------------
/CFFHashes/CFFHashes.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFHashes/CFFHashes.aps
--------------------------------------------------------------------------------
/CFFHashes/CFFHashes.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFHashes/CFFHashes.rc
--------------------------------------------------------------------------------
/CFFHashes/CFFHashes.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 | Header Files
26 |
27 |
28 | Header Files
29 |
30 |
31 |
32 |
33 | Source Files
34 |
35 |
36 | Source Files
37 |
38 |
39 |
40 |
41 | Resource Files
42 |
43 |
44 |
--------------------------------------------------------------------------------
/CFFHashes/Extension.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #ifndef EXTINITDATA
4 | typedef struct _EXTINITDATA
5 | {
6 | VOID (__cdecl *RetrieveExtensionApi)(UINT *ApiMask, VOID *pApi);
7 |
8 | } EXTINITDATA, *PEXTINITDATA;
9 | #endif
--------------------------------------------------------------------------------
/CFFHashes/LICENSE:
--------------------------------------------------------------------------------
1 | This code is available under MIT License.
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy
4 | of this software and associated documentation files (the "Software"), to deal
5 | in the Software without restriction, including without limitation the rights
6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 | copies of the Software, and to permit persons to whom the Software is
8 | furnished to do so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in
11 | all copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19 | THE SOFTWARE.
--------------------------------------------------------------------------------
/CFFHashes/README.md:
--------------------------------------------------------------------------------
1 | # CFFHashes #
2 |
3 | ----------
4 |
5 | CFFHashes is a simple extension to CFF Explorer ( [http://www.ntcore.com/exsuite.php](http://www.ntcore.com/exsuite.php) ) by Daniel Pistelli. This extension provides CRC32, MD5, SHA1 and SHA256 hashes of various parts of PE file. You can also perform a custom hash on any area of the file.
6 |
7 | A 'Check VirusTotal' button is provided to quickly check and see if the calculated SHA256 has been reported previously.
8 |
9 | ## Usage ##
10 |
11 | When you launch CFF Explorer, a new 'Hashes' item will be displayed. You can quickly view hashes of common file areas, or simply specify your own file offset and length (in hex) to calculate the hashes of a custom range in the file.
12 |
13 | 
--------------------------------------------------------------------------------
/CFFHashes/cffhashes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFHashes/cffhashes.png
--------------------------------------------------------------------------------
/CFFHashes/hash.h:
--------------------------------------------------------------------------------
1 |
2 | #include
3 |
4 |
5 | #define MD5_HASH_LEN 32
6 | #define SHA1_HASH_LEN 40
7 | #define SHA256_HASH_LEN 64
8 | #define CRC32_HASH_LEN 8
9 |
10 | BOOL
11 | md5_hash
12 | (
13 | BYTE* data,
14 | DWORD len,
15 | CHAR md5[MD5_HASH_LEN]
16 | );
17 |
18 | BOOL
19 | sha1_hash
20 | (
21 | BYTE* data,
22 | DWORD len,
23 | CHAR sha1[SHA1_HASH_LEN]
24 | );
25 |
26 | BOOL
27 | sha256_hash
28 | (
29 | BYTE* data,
30 | DWORD len,
31 | CHAR sha256[SHA256_HASH_LEN]
32 | );
33 |
34 |
35 | BOOL
36 | crc32_hash
37 | (
38 | BYTE* data,
39 | DWORD len,
40 | CHAR crc32[CRC32_HASH_LEN]
41 | );
--------------------------------------------------------------------------------
/CFFHashes/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFHashes/resource.h
--------------------------------------------------------------------------------
/CFFStrings/CFFStrings.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFStrings/CFFStrings.aps
--------------------------------------------------------------------------------
/CFFStrings/CFFStrings.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFStrings/CFFStrings.rc
--------------------------------------------------------------------------------
/CFFStrings/CFFStrings.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 | Header Files
26 |
27 |
28 | Header Files
29 |
30 |
31 |
32 |
33 | Source Files
34 |
35 |
36 | Source Files
37 |
38 |
39 |
40 |
41 | Resource Files
42 |
43 |
44 |
--------------------------------------------------------------------------------
/CFFStrings/Extension.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #ifndef EXTINITDATA
4 | typedef struct _EXTINITDATA
5 | {
6 | VOID (__cdecl *RetrieveExtensionApi)(UINT *ApiMask, VOID *pApi);
7 |
8 | } EXTINITDATA, *PEXTINITDATA;
9 | #endif
--------------------------------------------------------------------------------
/CFFStrings/LICENSE:
--------------------------------------------------------------------------------
1 | This code is available under MIT License.
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy
4 | of this software and associated documentation files (the "Software"), to deal
5 | in the Software without restriction, including without limitation the rights
6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 | copies of the Software, and to permit persons to whom the Software is
8 | furnished to do so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in
11 | all copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19 | THE SOFTWARE.
--------------------------------------------------------------------------------
/CFFStrings/README.md:
--------------------------------------------------------------------------------
1 | # CFFStrings #
2 |
3 | ----------
4 |
5 | CFFStrings is a simple extension to CFF Explorer ( [http://www.ntcore.com/exsuite.php](http://www.ntcore.com/exsuite.php) ) by Daniel Pistelli. This extension can parse all ASCII and Unicode strings from any file and optionally save them to disk.
6 |
7 | ## Usage ##
8 |
9 | When you launch CFF Explorer, a new 'Strings' item will be displayed. You can quickly view strings of any length (min 3) by simple hitting the 'Find Strings' button.
10 |
11 | 
--------------------------------------------------------------------------------
/CFFStrings/cffstrings.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFStrings/cffstrings.png
--------------------------------------------------------------------------------
/CFFStrings/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFStrings/resource.h
--------------------------------------------------------------------------------
/CFFStrings/string.c:
--------------------------------------------------------------------------------
1 |
2 |
3 | #include "string.h"
4 |
5 | #define ESCAPED_CHAR(c) ( (c) == 0x0D ? 'r' : ( (c) == 0x0A ? 'n' : 't' ) )
6 | #define ISESCAPED(c) ( (c) == 0x09 || (c) == 0x0A || (c) == 0x0D )
7 | #define ASCII(c) ( (c) < 0x7F && ((c) >= 0x20 || ISESCAPED((c)) ) )
8 |
9 | int
10 | string
11 | (
12 | char* input,
13 | int inputSize,
14 | int offset,
15 | char wide,
16 | char* string,
17 | int stringLen,
18 | char* isWide
19 | )
20 | {
21 | int len = 0;
22 | int retVal = 0;
23 |
24 | if (0 == input || 0 == inputSize ||
25 | 0 == string || 0 == stringLen ||
26 | offset >= inputSize - 1 || 0 == isWide)
27 | {
28 |
29 | }
30 | else
31 | {
32 | if (ASCII(input[offset]))
33 | {
34 | //bug here?.. will assume ascii.. and then skip valid wide char on next char.. consider 'KD.I.S.'
35 | //will never see 'D.I.S.' :(
36 | if (wide && '\0' == input[offset + 1])
37 | {
38 | while ( len < stringLen -1 &&
39 | offset < inputSize - 1 &&
40 | ASCII(input[offset]) &&
41 | '\0' == input[offset+1])
42 | {
43 | if (ISESCAPED(input[offset]))
44 | {
45 | string[len] = '\\';
46 | string[len + 1] = ESCAPED_CHAR(input[offset]);
47 | len += 2;
48 | }
49 | else
50 | {
51 | string[len] = input[offset];
52 | len++;
53 | }
54 | retVal++;
55 | offset+=2;
56 | }
57 | *isWide = 1;
58 | }
59 | else if (!wide)
60 | {
61 | while ( len < stringLen - 1 &&
62 | offset < inputSize &&
63 | ASCII(input[offset]))
64 | {
65 | if (ISESCAPED(input[offset]))
66 | {
67 | string[len] = '\\';
68 | string[len + 1] = ESCAPED_CHAR(input[offset]);
69 | len += 2;
70 | }
71 | else
72 | {
73 | string[len] = input[offset];
74 | len++;
75 | }
76 | retVal++;
77 | offset++;
78 | }
79 | *isWide = 0;
80 | }
81 | }
82 | }
83 |
84 | return retVal++;
85 | }
--------------------------------------------------------------------------------
/CFFStrings/string.h:
--------------------------------------------------------------------------------
1 |
2 |
3 | int
4 | string
5 | (
6 | char* input,
7 | int inputSize,
8 | int offset,
9 | char unicode,
10 | char* string,
11 | int stringLen,
12 | char* isUnicode
13 | );
--------------------------------------------------------------------------------
/CFFYara/CFFYara.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFYara/CFFYara.aps
--------------------------------------------------------------------------------
/CFFYara/CFFYara.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFYara/CFFYara.rc
--------------------------------------------------------------------------------
/CFFYara/CFFYara.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 | Header Files
26 |
27 |
28 |
29 |
30 | Source Files
31 |
32 |
33 |
34 |
35 | Resource Files
36 |
37 |
38 |
--------------------------------------------------------------------------------
/CFFYara/Extension.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #ifndef EXTINITDATA
4 | typedef struct _EXTINITDATA
5 | {
6 | VOID (__cdecl *RetrieveExtensionApi)(UINT *ApiMask, VOID *pApi);
7 |
8 | } EXTINITDATA, *PEXTINITDATA;
9 | #endif
--------------------------------------------------------------------------------
/CFFYara/LICENSE:
--------------------------------------------------------------------------------
1 | This code is available under MIT License.
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy
4 | of this software and associated documentation files (the "Software"), to deal
5 | in the Software without restriction, including without limitation the rights
6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 | copies of the Software, and to permit persons to whom the Software is
8 | furnished to do so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in
11 | all copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19 | THE SOFTWARE.
--------------------------------------------------------------------------------
/CFFYara/LICENSE_jansson:
--------------------------------------------------------------------------------
1 | Copyright (c) 2009-2014 Petri Lehtinen
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy
4 | of this software and associated documentation files (the "Software"), to deal
5 | in the Software without restriction, including without limitation the rights
6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 | copies of the Software, and to permit persons to whom the Software is
8 | furnished to do so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in
11 | all copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19 | THE SOFTWARE.
20 |
--------------------------------------------------------------------------------
/CFFYara/README.md:
--------------------------------------------------------------------------------
1 | # CFFYara #
2 |
3 | ----------
4 |
5 | CFFYara is a simple extension to CFF Explorer ( [http://www.ntcore.com/exsuite.php](http://www.ntcore.com/exsuite.php) ) by Daniel Pistelli. This extension leverages YARA ( [http://plusvic.github.io/yara/](http://plusvic.github.io/yara/ "http://plusvic.github.io/yara/") ) to enable YARA rule scanning directly within CFF Explorer.
6 |
7 | Currently supports Yara 3.5.0
8 |
9 | ## Usage ##
10 |
11 | When you launch CFF Explorer, a new 'Yara' item will be displayed. Here you can load/save YARA rules and perform scanning by simple hitting the 'Run Yara Scan' button.
12 |
13 | 
--------------------------------------------------------------------------------
/CFFYara/cffyara.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFYara/cffyara.png
--------------------------------------------------------------------------------
/CFFYara/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFYara/resource.h
--------------------------------------------------------------------------------
/CFFYara/yara/include/config.h:
--------------------------------------------------------------------------------
1 |
2 | /* Name of package */
3 | #define PACKAGE "yara"
4 |
5 | /* Define to the address where bug reports for this package should be sent. */
6 | #define PACKAGE_BUGREPORT "vmalvarez@virustotal.com"
7 |
8 | /* Define to the full name of this package. */
9 | #define PACKAGE_NAME "yara"
10 |
11 | /* Define to the full name and version of this package. */
12 | #define PACKAGE_STRING "yara 3.5.0"
13 |
14 | /* Define to the version of this package. */
15 | #define PACKAGE_VERSION "3.5.0"
16 |
17 | /* Version number of package */
18 | #define VERSION "3.5.0"
19 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/jansson_config.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2010-2014 Petri Lehtinen
3 | *
4 | * Jansson is free software; you can redistribute it and/or modify
5 | * it under the terms of the MIT license. See LICENSE for details.
6 | *
7 | *
8 | * This file specifies a part of the site-specific configuration for
9 | * Jansson, namely those things that affect the public API in
10 | * jansson.h.
11 | *
12 | * The CMake system will generate the jansson_config.h file and
13 | * copy it to the build and install directories.
14 | */
15 |
16 | #ifndef JANSSON_CONFIG_H
17 | #define JANSSON_CONFIG_H
18 |
19 | /* Define this so that we can disable scattered automake configuration in source files */
20 | #ifndef JANSSON_USING_CMAKE
21 | #define JANSSON_USING_CMAKE
22 | #endif
23 |
24 | /* Note: when using cmake, JSON_INTEGER_IS_LONG_LONG is not defined nor used,
25 | * as we will also check for __int64 etc types.
26 | * (the definition was used in the automake system) */
27 |
28 | /* Bring in the cmake-detected defines */
29 | #define HAVE_STDINT_H 1
30 | /* #undef HAVE_INTTYPES_H */
31 | /* #undef HAVE_SYS_TYPES_H */
32 |
33 | /* Include our standard type header for the integer typedef */
34 |
35 | #if defined(HAVE_STDINT_H)
36 | # include
37 | #elif defined(HAVE_INTTYPES_H)
38 | # include
39 | #elif defined(HAVE_SYS_TYPES_H)
40 | # include
41 | #endif
42 |
43 |
44 | /* If your compiler supports the inline keyword in C, JSON_INLINE is
45 | defined to `inline', otherwise empty. In C++, the inline is always
46 | supported. */
47 | #ifdef __cplusplus
48 | #define JSON_INLINE inline
49 | #else
50 | #define JSON_INLINE __inline
51 | #endif
52 |
53 |
54 | #define json_int_t long long
55 | #define json_strtoint strtoll
56 | #define JSON_INTEGER_FORMAT "I64d"
57 |
58 |
59 | /* If locale.h and localeconv() are available, define to 1, otherwise to 0. */
60 | #define JSON_HAVE_LOCALECONV 1
61 |
62 |
63 |
64 | #endif
65 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/buffer.h:
--------------------------------------------------------------------------------
1 | /* crypto/buffer/buffer.h */
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 | * All rights reserved.
4 | *
5 | * This package is an SSL implementation written
6 | * by Eric Young (eay@cryptsoft.com).
7 | * The implementation was written so as to conform with Netscapes SSL.
8 | *
9 | * This library is free for commercial and non-commercial use as long as
10 | * the following conditions are aheared to. The following conditions
11 | * apply to all code found in this distribution, be it the RC4, RSA,
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 | * included with this distribution is covered by the same copyright terms
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 | *
16 | * Copyright remains Eric Young's, and as such any Copyright notices in
17 | * the code are not to be removed.
18 | * If this package is used in a product, Eric Young should be given attribution
19 | * as the author of the parts of the library used.
20 | * This can be in the form of a textual message at program startup or
21 | * in documentation (online or textual) provided with the package.
22 | *
23 | * Redistribution and use in source and binary forms, with or without
24 | * modification, are permitted provided that the following conditions
25 | * are met:
26 | * 1. Redistributions of source code must retain the copyright
27 | * notice, this list of conditions and the following disclaimer.
28 | * 2. Redistributions in binary form must reproduce the above copyright
29 | * notice, this list of conditions and the following disclaimer in the
30 | * documentation and/or other materials provided with the distribution.
31 | * 3. All advertising materials mentioning features or use of this software
32 | * must display the following acknowledgement:
33 | * "This product includes cryptographic software written by
34 | * Eric Young (eay@cryptsoft.com)"
35 | * The word 'cryptographic' can be left out if the rouines from the library
36 | * being used are not cryptographic related :-).
37 | * 4. If you include any Windows specific code (or a derivative thereof) from
38 | * the apps directory (application code) you must include an acknowledgement:
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 | *
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 | * SUCH DAMAGE.
52 | *
53 | * The licence and distribution terms for any publically available version or
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be
55 | * copied and put under another distribution licence
56 | * [including the GNU Public Licence.]
57 | */
58 |
59 | #ifndef HEADER_BUFFER_H
60 | #define HEADER_BUFFER_H
61 |
62 | #include
63 |
64 | #ifdef __cplusplus
65 | extern "C" {
66 | #endif
67 |
68 | #include
69 |
70 | #if !defined(NO_SYS_TYPES_H)
71 | #include
72 | #endif
73 |
74 | /* Already declared in ossl_typ.h */
75 | /* typedef struct buf_mem_st BUF_MEM; */
76 |
77 | struct buf_mem_st
78 | {
79 | size_t length; /* current number of bytes */
80 | char *data;
81 | size_t max; /* size of buffer */
82 | };
83 |
84 | BUF_MEM *BUF_MEM_new(void);
85 | void BUF_MEM_free(BUF_MEM *a);
86 | int BUF_MEM_grow(BUF_MEM *str, size_t len);
87 | int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
88 | char * BUF_strdup(const char *str);
89 | char * BUF_strndup(const char *str, size_t siz);
90 | void * BUF_memdup(const void *data, size_t siz);
91 | void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
92 |
93 | /* safe string functions */
94 | size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
95 | size_t BUF_strlcat(char *dst,const char *src,size_t siz);
96 |
97 |
98 | /* BEGIN ERROR CODES */
99 | /* The following lines are auto generated by the script mkerr.pl. Any changes
100 | * made after this point may be overwritten when the script is next run.
101 | */
102 | void ERR_load_BUF_strings(void);
103 |
104 | /* Error codes for the BUF functions. */
105 |
106 | /* Function codes. */
107 | #define BUF_F_BUF_MEMDUP 103
108 | #define BUF_F_BUF_MEM_GROW 100
109 | #define BUF_F_BUF_MEM_GROW_CLEAN 105
110 | #define BUF_F_BUF_MEM_NEW 101
111 | #define BUF_F_BUF_STRDUP 102
112 | #define BUF_F_BUF_STRNDUP 104
113 |
114 | /* Reason codes. */
115 |
116 | #ifdef __cplusplus
117 | }
118 | #endif
119 | #endif
120 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/cast.h:
--------------------------------------------------------------------------------
1 | /* crypto/cast/cast.h */
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 | * All rights reserved.
4 | *
5 | * This package is an SSL implementation written
6 | * by Eric Young (eay@cryptsoft.com).
7 | * The implementation was written so as to conform with Netscapes SSL.
8 | *
9 | * This library is free for commercial and non-commercial use as long as
10 | * the following conditions are aheared to. The following conditions
11 | * apply to all code found in this distribution, be it the RC4, RSA,
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 | * included with this distribution is covered by the same copyright terms
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 | *
16 | * Copyright remains Eric Young's, and as such any Copyright notices in
17 | * the code are not to be removed.
18 | * If this package is used in a product, Eric Young should be given attribution
19 | * as the author of the parts of the library used.
20 | * This can be in the form of a textual message at program startup or
21 | * in documentation (online or textual) provided with the package.
22 | *
23 | * Redistribution and use in source and binary forms, with or without
24 | * modification, are permitted provided that the following conditions
25 | * are met:
26 | * 1. Redistributions of source code must retain the copyright
27 | * notice, this list of conditions and the following disclaimer.
28 | * 2. Redistributions in binary form must reproduce the above copyright
29 | * notice, this list of conditions and the following disclaimer in the
30 | * documentation and/or other materials provided with the distribution.
31 | * 3. All advertising materials mentioning features or use of this software
32 | * must display the following acknowledgement:
33 | * "This product includes cryptographic software written by
34 | * Eric Young (eay@cryptsoft.com)"
35 | * The word 'cryptographic' can be left out if the rouines from the library
36 | * being used are not cryptographic related :-).
37 | * 4. If you include any Windows specific code (or a derivative thereof) from
38 | * the apps directory (application code) you must include an acknowledgement:
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 | *
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 | * SUCH DAMAGE.
52 | *
53 | * The licence and distribution terms for any publically available version or
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be
55 | * copied and put under another distribution licence
56 | * [including the GNU Public Licence.]
57 | */
58 |
59 | #ifndef HEADER_CAST_H
60 | #define HEADER_CAST_H
61 |
62 | #ifdef __cplusplus
63 | extern "C" {
64 | #endif
65 |
66 | #include
67 |
68 | #ifdef OPENSSL_NO_CAST
69 | #error CAST is disabled.
70 | #endif
71 |
72 | #define CAST_ENCRYPT 1
73 | #define CAST_DECRYPT 0
74 |
75 | #define CAST_LONG unsigned int
76 |
77 | #define CAST_BLOCK 8
78 | #define CAST_KEY_LENGTH 16
79 |
80 | typedef struct cast_key_st
81 | {
82 | CAST_LONG data[32];
83 | int short_key; /* Use reduced rounds for short key */
84 | } CAST_KEY;
85 |
86 | #ifdef OPENSSL_FIPS
87 | void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
88 | #endif
89 | void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
90 | void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
91 | int enc);
92 | void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
93 | void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
94 | void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
95 | const CAST_KEY *ks, unsigned char *iv, int enc);
96 | void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
97 | long length, const CAST_KEY *schedule, unsigned char *ivec,
98 | int *num, int enc);
99 | void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
100 | long length, const CAST_KEY *schedule, unsigned char *ivec,
101 | int *num);
102 |
103 | #ifdef __cplusplus
104 | }
105 | #endif
106 |
107 | #endif
108 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/cmac.h:
--------------------------------------------------------------------------------
1 | /* crypto/cmac/cmac.h */
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 | * project.
4 | */
5 | /* ====================================================================
6 | * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
7 | *
8 | * Redistribution and use in source and binary forms, with or without
9 | * modification, are permitted provided that the following conditions
10 | * are met:
11 | *
12 | * 1. Redistributions of source code must retain the above copyright
13 | * notice, this list of conditions and the following disclaimer.
14 | *
15 | * 2. Redistributions in binary form must reproduce the above copyright
16 | * notice, this list of conditions and the following disclaimer in
17 | * the documentation and/or other materials provided with the
18 | * distribution.
19 | *
20 | * 3. All advertising materials mentioning features or use of this
21 | * software must display the following acknowledgment:
22 | * "This product includes software developed by the OpenSSL Project
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 | *
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 | * endorse or promote products derived from this software without
27 | * prior written permission. For written permission, please contact
28 | * licensing@OpenSSL.org.
29 | *
30 | * 5. Products derived from this software may not be called "OpenSSL"
31 | * nor may "OpenSSL" appear in their names without prior written
32 | * permission of the OpenSSL Project.
33 | *
34 | * 6. Redistributions of any form whatsoever must retain the following
35 | * acknowledgment:
36 | * "This product includes software developed by the OpenSSL Project
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 | *
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 | * OF THE POSSIBILITY OF SUCH DAMAGE.
51 | * ====================================================================
52 | */
53 |
54 |
55 | #ifndef HEADER_CMAC_H
56 | #define HEADER_CMAC_H
57 |
58 | #ifdef __cplusplus
59 | extern "C" {
60 | #endif
61 |
62 | #include
63 |
64 | /* Opaque */
65 | typedef struct CMAC_CTX_st CMAC_CTX;
66 |
67 | CMAC_CTX *CMAC_CTX_new(void);
68 | void CMAC_CTX_cleanup(CMAC_CTX *ctx);
69 | void CMAC_CTX_free(CMAC_CTX *ctx);
70 | EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
71 | int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
72 |
73 | int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
74 | const EVP_CIPHER *cipher, ENGINE *impl);
75 | int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
76 | int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
77 | int CMAC_resume(CMAC_CTX *ctx);
78 |
79 | #ifdef __cplusplus
80 | }
81 | #endif
82 | #endif
83 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/comp.h:
--------------------------------------------------------------------------------
1 |
2 | #ifndef HEADER_COMP_H
3 | #define HEADER_COMP_H
4 |
5 | #include
6 |
7 | #ifdef __cplusplus
8 | extern "C" {
9 | #endif
10 |
11 | typedef struct comp_ctx_st COMP_CTX;
12 |
13 | typedef struct comp_method_st
14 | {
15 | int type; /* NID for compression library */
16 | const char *name; /* A text string to identify the library */
17 | int (*init)(COMP_CTX *ctx);
18 | void (*finish)(COMP_CTX *ctx);
19 | int (*compress)(COMP_CTX *ctx,
20 | unsigned char *out, unsigned int olen,
21 | unsigned char *in, unsigned int ilen);
22 | int (*expand)(COMP_CTX *ctx,
23 | unsigned char *out, unsigned int olen,
24 | unsigned char *in, unsigned int ilen);
25 | /* The following two do NOTHING, but are kept for backward compatibility */
26 | long (*ctrl)(void);
27 | long (*callback_ctrl)(void);
28 | } COMP_METHOD;
29 |
30 | struct comp_ctx_st
31 | {
32 | COMP_METHOD *meth;
33 | unsigned long compress_in;
34 | unsigned long compress_out;
35 | unsigned long expand_in;
36 | unsigned long expand_out;
37 |
38 | CRYPTO_EX_DATA ex_data;
39 | };
40 |
41 |
42 | COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
43 | void COMP_CTX_free(COMP_CTX *ctx);
44 | int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
45 | unsigned char *in, int ilen);
46 | int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
47 | unsigned char *in, int ilen);
48 | COMP_METHOD *COMP_rle(void );
49 | COMP_METHOD *COMP_zlib(void );
50 | void COMP_zlib_cleanup(void);
51 |
52 | #ifdef HEADER_BIO_H
53 | #ifdef ZLIB
54 | BIO_METHOD *BIO_f_zlib(void);
55 | #endif
56 | #endif
57 |
58 | /* BEGIN ERROR CODES */
59 | /* The following lines are auto generated by the script mkerr.pl. Any changes
60 | * made after this point may be overwritten when the script is next run.
61 | */
62 | void ERR_load_COMP_strings(void);
63 |
64 | /* Error codes for the COMP functions. */
65 |
66 | /* Function codes. */
67 | #define COMP_F_BIO_ZLIB_FLUSH 99
68 | #define COMP_F_BIO_ZLIB_NEW 100
69 | #define COMP_F_BIO_ZLIB_READ 101
70 | #define COMP_F_BIO_ZLIB_WRITE 102
71 |
72 | /* Reason codes. */
73 | #define COMP_R_ZLIB_DEFLATE_ERROR 99
74 | #define COMP_R_ZLIB_INFLATE_ERROR 100
75 | #define COMP_R_ZLIB_NOT_SUPPORTED 101
76 |
77 | #ifdef __cplusplus
78 | }
79 | #endif
80 | #endif
81 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/conf_api.h:
--------------------------------------------------------------------------------
1 | /* conf_api.h */
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 | * All rights reserved.
4 | *
5 | * This package is an SSL implementation written
6 | * by Eric Young (eay@cryptsoft.com).
7 | * The implementation was written so as to conform with Netscapes SSL.
8 | *
9 | * This library is free for commercial and non-commercial use as long as
10 | * the following conditions are aheared to. The following conditions
11 | * apply to all code found in this distribution, be it the RC4, RSA,
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 | * included with this distribution is covered by the same copyright terms
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 | *
16 | * Copyright remains Eric Young's, and as such any Copyright notices in
17 | * the code are not to be removed.
18 | * If this package is used in a product, Eric Young should be given attribution
19 | * as the author of the parts of the library used.
20 | * This can be in the form of a textual message at program startup or
21 | * in documentation (online or textual) provided with the package.
22 | *
23 | * Redistribution and use in source and binary forms, with or without
24 | * modification, are permitted provided that the following conditions
25 | * are met:
26 | * 1. Redistributions of source code must retain the copyright
27 | * notice, this list of conditions and the following disclaimer.
28 | * 2. Redistributions in binary form must reproduce the above copyright
29 | * notice, this list of conditions and the following disclaimer in the
30 | * documentation and/or other materials provided with the distribution.
31 | * 3. All advertising materials mentioning features or use of this software
32 | * must display the following acknowledgement:
33 | * "This product includes cryptographic software written by
34 | * Eric Young (eay@cryptsoft.com)"
35 | * The word 'cryptographic' can be left out if the rouines from the library
36 | * being used are not cryptographic related :-).
37 | * 4. If you include any Windows specific code (or a derivative thereof) from
38 | * the apps directory (application code) you must include an acknowledgement:
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 | *
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 | * SUCH DAMAGE.
52 | *
53 | * The licence and distribution terms for any publically available version or
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be
55 | * copied and put under another distribution licence
56 | * [including the GNU Public Licence.]
57 | */
58 |
59 | #ifndef HEADER_CONF_API_H
60 | #define HEADER_CONF_API_H
61 |
62 | #include
63 | #include
64 |
65 | #ifdef __cplusplus
66 | extern "C" {
67 | #endif
68 |
69 | /* Up until OpenSSL 0.9.5a, this was new_section */
70 | CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
71 | /* Up until OpenSSL 0.9.5a, this was get_section */
72 | CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
73 | /* Up until OpenSSL 0.9.5a, this was CONF_get_section */
74 | STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
75 | const char *section);
76 |
77 | int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
78 | char *_CONF_get_string(const CONF *conf, const char *section,
79 | const char *name);
80 | long _CONF_get_number(const CONF *conf, const char *section, const char *name);
81 |
82 | int _CONF_new_data(CONF *conf);
83 | void _CONF_free_data(CONF *conf);
84 |
85 | #ifdef __cplusplus
86 | }
87 | #endif
88 | #endif
89 |
90 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/ebcdic.h:
--------------------------------------------------------------------------------
1 | /* crypto/ebcdic.h */
2 |
3 | #ifndef HEADER_EBCDIC_H
4 | #define HEADER_EBCDIC_H
5 |
6 | #include
7 |
8 | #ifdef __cplusplus
9 | extern "C" {
10 | #endif
11 |
12 | /* Avoid name clashes with other applications */
13 | #define os_toascii _openssl_os_toascii
14 | #define os_toebcdic _openssl_os_toebcdic
15 | #define ebcdic2ascii _openssl_ebcdic2ascii
16 | #define ascii2ebcdic _openssl_ascii2ebcdic
17 |
18 | extern const unsigned char os_toascii[256];
19 | extern const unsigned char os_toebcdic[256];
20 | void *ebcdic2ascii(void *dest, const void *srce, size_t count);
21 | void *ascii2ebcdic(void *dest, const void *srce, size_t count);
22 |
23 | #ifdef __cplusplus
24 | }
25 | #endif
26 | #endif
27 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/hmac.h:
--------------------------------------------------------------------------------
1 | /* crypto/hmac/hmac.h */
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 | * All rights reserved.
4 | *
5 | * This package is an SSL implementation written
6 | * by Eric Young (eay@cryptsoft.com).
7 | * The implementation was written so as to conform with Netscapes SSL.
8 | *
9 | * This library is free for commercial and non-commercial use as long as
10 | * the following conditions are aheared to. The following conditions
11 | * apply to all code found in this distribution, be it the RC4, RSA,
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 | * included with this distribution is covered by the same copyright terms
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 | *
16 | * Copyright remains Eric Young's, and as such any Copyright notices in
17 | * the code are not to be removed.
18 | * If this package is used in a product, Eric Young should be given attribution
19 | * as the author of the parts of the library used.
20 | * This can be in the form of a textual message at program startup or
21 | * in documentation (online or textual) provided with the package.
22 | *
23 | * Redistribution and use in source and binary forms, with or without
24 | * modification, are permitted provided that the following conditions
25 | * are met:
26 | * 1. Redistributions of source code must retain the copyright
27 | * notice, this list of conditions and the following disclaimer.
28 | * 2. Redistributions in binary form must reproduce the above copyright
29 | * notice, this list of conditions and the following disclaimer in the
30 | * documentation and/or other materials provided with the distribution.
31 | * 3. All advertising materials mentioning features or use of this software
32 | * must display the following acknowledgement:
33 | * "This product includes cryptographic software written by
34 | * Eric Young (eay@cryptsoft.com)"
35 | * The word 'cryptographic' can be left out if the rouines from the library
36 | * being used are not cryptographic related :-).
37 | * 4. If you include any Windows specific code (or a derivative thereof) from
38 | * the apps directory (application code) you must include an acknowledgement:
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 | *
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 | * SUCH DAMAGE.
52 | *
53 | * The licence and distribution terms for any publically available version or
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be
55 | * copied and put under another distribution licence
56 | * [including the GNU Public Licence.]
57 | */
58 | #ifndef HEADER_HMAC_H
59 | #define HEADER_HMAC_H
60 |
61 | #include
62 |
63 | #ifdef OPENSSL_NO_HMAC
64 | #error HMAC is disabled.
65 | #endif
66 |
67 | #include
68 |
69 | #define HMAC_MAX_MD_CBLOCK 128 /* largest known is SHA512 */
70 |
71 | #ifdef __cplusplus
72 | extern "C" {
73 | #endif
74 |
75 | typedef struct hmac_ctx_st
76 | {
77 | const EVP_MD *md;
78 | EVP_MD_CTX md_ctx;
79 | EVP_MD_CTX i_ctx;
80 | EVP_MD_CTX o_ctx;
81 | unsigned int key_length;
82 | unsigned char key[HMAC_MAX_MD_CBLOCK];
83 | } HMAC_CTX;
84 |
85 | #define HMAC_size(e) (EVP_MD_size((e)->md))
86 |
87 |
88 | void HMAC_CTX_init(HMAC_CTX *ctx);
89 | void HMAC_CTX_cleanup(HMAC_CTX *ctx);
90 |
91 | #define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
92 |
93 | int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
94 | const EVP_MD *md); /* deprecated */
95 | int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
96 | const EVP_MD *md, ENGINE *impl);
97 | int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
98 | int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
99 | unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
100 | const unsigned char *d, size_t n, unsigned char *md,
101 | unsigned int *md_len);
102 | int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
103 |
104 | void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
105 |
106 | #ifdef __cplusplus
107 | }
108 | #endif
109 |
110 | #endif
111 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/idea.h:
--------------------------------------------------------------------------------
1 | /* crypto/idea/idea.h */
2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 | * All rights reserved.
4 | *
5 | * This package is an SSL implementation written
6 | * by Eric Young (eay@cryptsoft.com).
7 | * The implementation was written so as to conform with Netscapes SSL.
8 | *
9 | * This library is free for commercial and non-commercial use as long as
10 | * the following conditions are aheared to. The following conditions
11 | * apply to all code found in this distribution, be it the RC4, RSA,
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 | * included with this distribution is covered by the same copyright terms
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 | *
16 | * Copyright remains Eric Young's, and as such any Copyright notices in
17 | * the code are not to be removed.
18 | * If this package is used in a product, Eric Young should be given attribution
19 | * as the author of the parts of the library used.
20 | * This can be in the form of a textual message at program startup or
21 | * in documentation (online or textual) provided with the package.
22 | *
23 | * Redistribution and use in source and binary forms, with or without
24 | * modification, are permitted provided that the following conditions
25 | * are met:
26 | * 1. Redistributions of source code must retain the copyright
27 | * notice, this list of conditions and the following disclaimer.
28 | * 2. Redistributions in binary form must reproduce the above copyright
29 | * notice, this list of conditions and the following disclaimer in the
30 | * documentation and/or other materials provided with the distribution.
31 | * 3. All advertising materials mentioning features or use of this software
32 | * must display the following acknowledgement:
33 | * "This product includes cryptographic software written by
34 | * Eric Young (eay@cryptsoft.com)"
35 | * The word 'cryptographic' can be left out if the rouines from the library
36 | * being used are not cryptographic related :-).
37 | * 4. If you include any Windows specific code (or a derivative thereof) from
38 | * the apps directory (application code) you must include an acknowledgement:
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 | *
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 | * SUCH DAMAGE.
52 | *
53 | * The licence and distribution terms for any publically available version or
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be
55 | * copied and put under another distribution licence
56 | * [including the GNU Public Licence.]
57 | */
58 |
59 | #ifndef HEADER_IDEA_H
60 | #define HEADER_IDEA_H
61 |
62 | #include /* IDEA_INT, OPENSSL_NO_IDEA */
63 |
64 | #ifdef OPENSSL_NO_IDEA
65 | #error IDEA is disabled.
66 | #endif
67 |
68 | #define IDEA_ENCRYPT 1
69 | #define IDEA_DECRYPT 0
70 |
71 | #define IDEA_BLOCK 8
72 | #define IDEA_KEY_LENGTH 16
73 |
74 | #ifdef __cplusplus
75 | extern "C" {
76 | #endif
77 |
78 | typedef struct idea_key_st
79 | {
80 | IDEA_INT data[9][6];
81 | } IDEA_KEY_SCHEDULE;
82 |
83 | const char *idea_options(void);
84 | void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
85 | IDEA_KEY_SCHEDULE *ks);
86 | #ifdef OPENSSL_FIPS
87 | void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
88 | #endif
89 | void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
90 | void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
91 | void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
92 | long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
93 | void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
94 | long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
95 | int *num,int enc);
96 | void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
97 | long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);
98 | void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
99 | #ifdef __cplusplus
100 | }
101 | #endif
102 |
103 | #endif
104 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/mdc2.h:
--------------------------------------------------------------------------------
1 | /* crypto/mdc2/mdc2.h */
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 | * All rights reserved.
4 | *
5 | * This package is an SSL implementation written
6 | * by Eric Young (eay@cryptsoft.com).
7 | * The implementation was written so as to conform with Netscapes SSL.
8 | *
9 | * This library is free for commercial and non-commercial use as long as
10 | * the following conditions are aheared to. The following conditions
11 | * apply to all code found in this distribution, be it the RC4, RSA,
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 | * included with this distribution is covered by the same copyright terms
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 | *
16 | * Copyright remains Eric Young's, and as such any Copyright notices in
17 | * the code are not to be removed.
18 | * If this package is used in a product, Eric Young should be given attribution
19 | * as the author of the parts of the library used.
20 | * This can be in the form of a textual message at program startup or
21 | * in documentation (online or textual) provided with the package.
22 | *
23 | * Redistribution and use in source and binary forms, with or without
24 | * modification, are permitted provided that the following conditions
25 | * are met:
26 | * 1. Redistributions of source code must retain the copyright
27 | * notice, this list of conditions and the following disclaimer.
28 | * 2. Redistributions in binary form must reproduce the above copyright
29 | * notice, this list of conditions and the following disclaimer in the
30 | * documentation and/or other materials provided with the distribution.
31 | * 3. All advertising materials mentioning features or use of this software
32 | * must display the following acknowledgement:
33 | * "This product includes cryptographic software written by
34 | * Eric Young (eay@cryptsoft.com)"
35 | * The word 'cryptographic' can be left out if the rouines from the library
36 | * being used are not cryptographic related :-).
37 | * 4. If you include any Windows specific code (or a derivative thereof) from
38 | * the apps directory (application code) you must include an acknowledgement:
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 | *
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 | * SUCH DAMAGE.
52 | *
53 | * The licence and distribution terms for any publically available version or
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be
55 | * copied and put under another distribution licence
56 | * [including the GNU Public Licence.]
57 | */
58 |
59 | #ifndef HEADER_MDC2_H
60 | #define HEADER_MDC2_H
61 |
62 | #include
63 |
64 | #ifdef __cplusplus
65 | extern "C" {
66 | #endif
67 |
68 | #ifdef OPENSSL_NO_MDC2
69 | #error MDC2 is disabled.
70 | #endif
71 |
72 | #define MDC2_BLOCK 8
73 | #define MDC2_DIGEST_LENGTH 16
74 |
75 | typedef struct mdc2_ctx_st
76 | {
77 | unsigned int num;
78 | unsigned char data[MDC2_BLOCK];
79 | DES_cblock h,hh;
80 | int pad_type; /* either 1 or 2, default 1 */
81 | } MDC2_CTX;
82 |
83 |
84 | #ifdef OPENSSL_FIPS
85 | int private_MDC2_Init(MDC2_CTX *c);
86 | #endif
87 | int MDC2_Init(MDC2_CTX *c);
88 | int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
89 | int MDC2_Final(unsigned char *md, MDC2_CTX *c);
90 | unsigned char *MDC2(const unsigned char *d, size_t n,
91 | unsigned char *md);
92 |
93 | #ifdef __cplusplus
94 | }
95 | #endif
96 |
97 | #endif
98 |
99 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/opensslv.h:
--------------------------------------------------------------------------------
1 | #ifndef HEADER_OPENSSLV_H
2 | #define HEADER_OPENSSLV_H
3 |
4 | #ifdef __cplusplus
5 | extern "C" {
6 | #endif
7 |
8 | /* Numeric release version identifier:
9 | * MNNFFPPS: major minor fix patch status
10 | * The status nibble has one of the values 0 for development, 1 to e for betas
11 | * 1 to 14, and f for release. The patch level is exactly that.
12 | * For example:
13 | * 0.9.3-dev 0x00903000
14 | * 0.9.3-beta1 0x00903001
15 | * 0.9.3-beta2-dev 0x00903002
16 | * 0.9.3-beta2 0x00903002 (same as ...beta2-dev)
17 | * 0.9.3 0x0090300f
18 | * 0.9.3a 0x0090301f
19 | * 0.9.4 0x0090400f
20 | * 1.2.3z 0x102031af
21 | *
22 | * For continuity reasons (because 0.9.5 is already out, and is coded
23 | * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
24 | * part is slightly different, by setting the highest bit. This means
25 | * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start
26 | * with 0x0090600S...
27 | *
28 | * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
29 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
30 | * major minor fix final patch/beta)
31 | */
32 | #define OPENSSL_VERSION_NUMBER 0x100010afL
33 | #ifdef OPENSSL_FIPS
34 | #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014"
35 | #else
36 | #define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j 15 Oct 2014"
37 | #endif
38 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
39 |
40 |
41 | /* The macros below are to be used for shared library (.so, .dll, ...)
42 | * versioning. That kind of versioning works a bit differently between
43 | * operating systems. The most usual scheme is to set a major and a minor
44 | * number, and have the runtime loader check that the major number is equal
45 | * to what it was at application link time, while the minor number has to
46 | * be greater or equal to what it was at application link time. With this
47 | * scheme, the version number is usually part of the file name, like this:
48 | *
49 | * libcrypto.so.0.9
50 | *
51 | * Some unixen also make a softlink with the major verson number only:
52 | *
53 | * libcrypto.so.0
54 | *
55 | * On Tru64 and IRIX 6.x it works a little bit differently. There, the
56 | * shared library version is stored in the file, and is actually a series
57 | * of versions, separated by colons. The rightmost version present in the
58 | * library when linking an application is stored in the application to be
59 | * matched at run time. When the application is run, a check is done to
60 | * see if the library version stored in the application matches any of the
61 | * versions in the version string of the library itself.
62 | * This version string can be constructed in any way, depending on what
63 | * kind of matching is desired. However, to implement the same scheme as
64 | * the one used in the other unixen, all compatible versions, from lowest
65 | * to highest, should be part of the string. Consecutive builds would
66 | * give the following versions strings:
67 | *
68 | * 3.0
69 | * 3.0:3.1
70 | * 3.0:3.1:3.2
71 | * 4.0
72 | * 4.0:4.1
73 | *
74 | * Notice how version 4 is completely incompatible with version, and
75 | * therefore give the breach you can see.
76 | *
77 | * There may be other schemes as well that I haven't yet discovered.
78 | *
79 | * So, here's the way it works here: first of all, the library version
80 | * number doesn't need at all to match the overall OpenSSL version.
81 | * However, it's nice and more understandable if it actually does.
82 | * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
83 | * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
84 | * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
85 | * we need to keep a history of version numbers, which is done in the
86 | * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and
87 | * should only keep the versions that are binary compatible with the current.
88 | */
89 | #define SHLIB_VERSION_HISTORY ""
90 | #define SHLIB_VERSION_NUMBER "1.0.0"
91 |
92 |
93 | #ifdef __cplusplus
94 | }
95 | #endif
96 | #endif /* HEADER_OPENSSLV_H */
97 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/pem2.h:
--------------------------------------------------------------------------------
1 | /* ====================================================================
2 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
3 | *
4 | * Redistribution and use in source and binary forms, with or without
5 | * modification, are permitted provided that the following conditions
6 | * are met:
7 | *
8 | * 1. Redistributions of source code must retain the above copyright
9 | * notice, this list of conditions and the following disclaimer.
10 | *
11 | * 2. Redistributions in binary form must reproduce the above copyright
12 | * notice, this list of conditions and the following disclaimer in
13 | * the documentation and/or other materials provided with the
14 | * distribution.
15 | *
16 | * 3. All advertising materials mentioning features or use of this
17 | * software must display the following acknowledgment:
18 | * "This product includes software developed by the OpenSSL Project
19 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20 | *
21 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 | * endorse or promote products derived from this software without
23 | * prior written permission. For written permission, please contact
24 | * licensing@OpenSSL.org.
25 | *
26 | * 5. Products derived from this software may not be called "OpenSSL"
27 | * nor may "OpenSSL" appear in their names without prior written
28 | * permission of the OpenSSL Project.
29 | *
30 | * 6. Redistributions of any form whatsoever must retain the following
31 | * acknowledgment:
32 | * "This product includes software developed by the OpenSSL Project
33 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34 | *
35 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 | * OF THE POSSIBILITY OF SUCH DAMAGE.
47 | * ====================================================================
48 | *
49 | * This product includes cryptographic software written by Eric Young
50 | * (eay@cryptsoft.com). This product includes software written by Tim
51 | * Hudson (tjh@cryptsoft.com).
52 | *
53 | */
54 |
55 | /*
56 | * This header only exists to break a circular dependency between pem and err
57 | * Ben 30 Jan 1999.
58 | */
59 |
60 | #ifdef __cplusplus
61 | extern "C" {
62 | #endif
63 |
64 | #ifndef HEADER_PEM_H
65 | void ERR_load_PEM_strings(void);
66 | #endif
67 |
68 | #ifdef __cplusplus
69 | }
70 | #endif
71 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/pqueue.h:
--------------------------------------------------------------------------------
1 | /* crypto/pqueue/pqueue.h */
2 | /*
3 | * DTLS implementation written by Nagendra Modadugu
4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 | */
6 | /* ====================================================================
7 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 | *
9 | * Redistribution and use in source and binary forms, with or without
10 | * modification, are permitted provided that the following conditions
11 | * are met:
12 | *
13 | * 1. Redistributions of source code must retain the above copyright
14 | * notice, this list of conditions and the following disclaimer.
15 | *
16 | * 2. Redistributions in binary form must reproduce the above copyright
17 | * notice, this list of conditions and the following disclaimer in
18 | * the documentation and/or other materials provided with the
19 | * distribution.
20 | *
21 | * 3. All advertising materials mentioning features or use of this
22 | * software must display the following acknowledgment:
23 | * "This product includes software developed by the OpenSSL Project
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 | *
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 | * endorse or promote products derived from this software without
28 | * prior written permission. For written permission, please contact
29 | * openssl-core@OpenSSL.org.
30 | *
31 | * 5. Products derived from this software may not be called "OpenSSL"
32 | * nor may "OpenSSL" appear in their names without prior written
33 | * permission of the OpenSSL Project.
34 | *
35 | * 6. Redistributions of any form whatsoever must retain the following
36 | * acknowledgment:
37 | * "This product includes software developed by the OpenSSL Project
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 | *
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 | * OF THE POSSIBILITY OF SUCH DAMAGE.
52 | * ====================================================================
53 | *
54 | * This product includes cryptographic software written by Eric Young
55 | * (eay@cryptsoft.com). This product includes software written by Tim
56 | * Hudson (tjh@cryptsoft.com).
57 | *
58 | */
59 |
60 | #ifndef HEADER_PQUEUE_H
61 | #define HEADER_PQUEUE_H
62 |
63 | #include
64 | #include
65 | #include
66 |
67 | #ifdef __cplusplus
68 | extern "C" {
69 | #endif
70 | typedef struct _pqueue *pqueue;
71 |
72 | typedef struct _pitem
73 | {
74 | unsigned char priority[8]; /* 64-bit value in big-endian encoding */
75 | void *data;
76 | struct _pitem *next;
77 | } pitem;
78 |
79 | typedef struct _pitem *piterator;
80 |
81 | pitem *pitem_new(unsigned char *prio64be, void *data);
82 | void pitem_free(pitem *item);
83 |
84 | pqueue pqueue_new(void);
85 | void pqueue_free(pqueue pq);
86 |
87 | pitem *pqueue_insert(pqueue pq, pitem *item);
88 | pitem *pqueue_peek(pqueue pq);
89 | pitem *pqueue_pop(pqueue pq);
90 | pitem *pqueue_find(pqueue pq, unsigned char *prio64be);
91 | pitem *pqueue_iterator(pqueue pq);
92 | pitem *pqueue_next(piterator *iter);
93 |
94 | void pqueue_print(pqueue pq);
95 | int pqueue_size(pqueue pq);
96 |
97 | #ifdef __cplusplus
98 | }
99 | #endif
100 | #endif /* ! HEADER_PQUEUE_H */
101 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/rc2.h:
--------------------------------------------------------------------------------
1 | /* crypto/rc2/rc2.h */
2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 | * All rights reserved.
4 | *
5 | * This package is an SSL implementation written
6 | * by Eric Young (eay@cryptsoft.com).
7 | * The implementation was written so as to conform with Netscapes SSL.
8 | *
9 | * This library is free for commercial and non-commercial use as long as
10 | * the following conditions are aheared to. The following conditions
11 | * apply to all code found in this distribution, be it the RC4, RSA,
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 | * included with this distribution is covered by the same copyright terms
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 | *
16 | * Copyright remains Eric Young's, and as such any Copyright notices in
17 | * the code are not to be removed.
18 | * If this package is used in a product, Eric Young should be given attribution
19 | * as the author of the parts of the library used.
20 | * This can be in the form of a textual message at program startup or
21 | * in documentation (online or textual) provided with the package.
22 | *
23 | * Redistribution and use in source and binary forms, with or without
24 | * modification, are permitted provided that the following conditions
25 | * are met:
26 | * 1. Redistributions of source code must retain the copyright
27 | * notice, this list of conditions and the following disclaimer.
28 | * 2. Redistributions in binary form must reproduce the above copyright
29 | * notice, this list of conditions and the following disclaimer in the
30 | * documentation and/or other materials provided with the distribution.
31 | * 3. All advertising materials mentioning features or use of this software
32 | * must display the following acknowledgement:
33 | * "This product includes cryptographic software written by
34 | * Eric Young (eay@cryptsoft.com)"
35 | * The word 'cryptographic' can be left out if the rouines from the library
36 | * being used are not cryptographic related :-).
37 | * 4. If you include any Windows specific code (or a derivative thereof) from
38 | * the apps directory (application code) you must include an acknowledgement:
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 | *
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 | * SUCH DAMAGE.
52 | *
53 | * The licence and distribution terms for any publically available version or
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be
55 | * copied and put under another distribution licence
56 | * [including the GNU Public Licence.]
57 | */
58 |
59 | #ifndef HEADER_RC2_H
60 | #define HEADER_RC2_H
61 |
62 | #include /* OPENSSL_NO_RC2, RC2_INT */
63 | #ifdef OPENSSL_NO_RC2
64 | #error RC2 is disabled.
65 | #endif
66 |
67 | #define RC2_ENCRYPT 1
68 | #define RC2_DECRYPT 0
69 |
70 | #define RC2_BLOCK 8
71 | #define RC2_KEY_LENGTH 16
72 |
73 | #ifdef __cplusplus
74 | extern "C" {
75 | #endif
76 |
77 | typedef struct rc2_key_st
78 | {
79 | RC2_INT data[64];
80 | } RC2_KEY;
81 |
82 | #ifdef OPENSSL_FIPS
83 | void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
84 | #endif
85 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
86 | void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
87 | int enc);
88 | void RC2_encrypt(unsigned long *data,RC2_KEY *key);
89 | void RC2_decrypt(unsigned long *data,RC2_KEY *key);
90 | void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
91 | RC2_KEY *ks, unsigned char *iv, int enc);
92 | void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
93 | long length, RC2_KEY *schedule, unsigned char *ivec,
94 | int *num, int enc);
95 | void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
96 | long length, RC2_KEY *schedule, unsigned char *ivec,
97 | int *num);
98 |
99 | #ifdef __cplusplus
100 | }
101 | #endif
102 |
103 | #endif
104 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/rc4.h:
--------------------------------------------------------------------------------
1 | /* crypto/rc4/rc4.h */
2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 | * All rights reserved.
4 | *
5 | * This package is an SSL implementation written
6 | * by Eric Young (eay@cryptsoft.com).
7 | * The implementation was written so as to conform with Netscapes SSL.
8 | *
9 | * This library is free for commercial and non-commercial use as long as
10 | * the following conditions are aheared to. The following conditions
11 | * apply to all code found in this distribution, be it the RC4, RSA,
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 | * included with this distribution is covered by the same copyright terms
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 | *
16 | * Copyright remains Eric Young's, and as such any Copyright notices in
17 | * the code are not to be removed.
18 | * If this package is used in a product, Eric Young should be given attribution
19 | * as the author of the parts of the library used.
20 | * This can be in the form of a textual message at program startup or
21 | * in documentation (online or textual) provided with the package.
22 | *
23 | * Redistribution and use in source and binary forms, with or without
24 | * modification, are permitted provided that the following conditions
25 | * are met:
26 | * 1. Redistributions of source code must retain the copyright
27 | * notice, this list of conditions and the following disclaimer.
28 | * 2. Redistributions in binary form must reproduce the above copyright
29 | * notice, this list of conditions and the following disclaimer in the
30 | * documentation and/or other materials provided with the distribution.
31 | * 3. All advertising materials mentioning features or use of this software
32 | * must display the following acknowledgement:
33 | * "This product includes cryptographic software written by
34 | * Eric Young (eay@cryptsoft.com)"
35 | * The word 'cryptographic' can be left out if the rouines from the library
36 | * being used are not cryptographic related :-).
37 | * 4. If you include any Windows specific code (or a derivative thereof) from
38 | * the apps directory (application code) you must include an acknowledgement:
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 | *
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 | * SUCH DAMAGE.
52 | *
53 | * The licence and distribution terms for any publically available version or
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be
55 | * copied and put under another distribution licence
56 | * [including the GNU Public Licence.]
57 | */
58 |
59 | #ifndef HEADER_RC4_H
60 | #define HEADER_RC4_H
61 |
62 | #include /* OPENSSL_NO_RC4, RC4_INT */
63 | #ifdef OPENSSL_NO_RC4
64 | #error RC4 is disabled.
65 | #endif
66 |
67 | #include
68 |
69 | #ifdef __cplusplus
70 | extern "C" {
71 | #endif
72 |
73 | typedef struct rc4_key_st
74 | {
75 | RC4_INT x,y;
76 | RC4_INT data[256];
77 | } RC4_KEY;
78 |
79 |
80 | const char *RC4_options(void);
81 | void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
82 | void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
83 | void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
84 | unsigned char *outdata);
85 |
86 | #ifdef __cplusplus
87 | }
88 | #endif
89 |
90 | #endif
91 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/ripemd.h:
--------------------------------------------------------------------------------
1 | /* crypto/ripemd/ripemd.h */
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 | * All rights reserved.
4 | *
5 | * This package is an SSL implementation written
6 | * by Eric Young (eay@cryptsoft.com).
7 | * The implementation was written so as to conform with Netscapes SSL.
8 | *
9 | * This library is free for commercial and non-commercial use as long as
10 | * the following conditions are aheared to. The following conditions
11 | * apply to all code found in this distribution, be it the RC4, RSA,
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 | * included with this distribution is covered by the same copyright terms
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 | *
16 | * Copyright remains Eric Young's, and as such any Copyright notices in
17 | * the code are not to be removed.
18 | * If this package is used in a product, Eric Young should be given attribution
19 | * as the author of the parts of the library used.
20 | * This can be in the form of a textual message at program startup or
21 | * in documentation (online or textual) provided with the package.
22 | *
23 | * Redistribution and use in source and binary forms, with or without
24 | * modification, are permitted provided that the following conditions
25 | * are met:
26 | * 1. Redistributions of source code must retain the copyright
27 | * notice, this list of conditions and the following disclaimer.
28 | * 2. Redistributions in binary form must reproduce the above copyright
29 | * notice, this list of conditions and the following disclaimer in the
30 | * documentation and/or other materials provided with the distribution.
31 | * 3. All advertising materials mentioning features or use of this software
32 | * must display the following acknowledgement:
33 | * "This product includes cryptographic software written by
34 | * Eric Young (eay@cryptsoft.com)"
35 | * The word 'cryptographic' can be left out if the rouines from the library
36 | * being used are not cryptographic related :-).
37 | * 4. If you include any Windows specific code (or a derivative thereof) from
38 | * the apps directory (application code) you must include an acknowledgement:
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 | *
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 | * SUCH DAMAGE.
52 | *
53 | * The licence and distribution terms for any publically available version or
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be
55 | * copied and put under another distribution licence
56 | * [including the GNU Public Licence.]
57 | */
58 |
59 | #ifndef HEADER_RIPEMD_H
60 | #define HEADER_RIPEMD_H
61 |
62 | #include
63 | #include
64 |
65 | #ifdef __cplusplus
66 | extern "C" {
67 | #endif
68 |
69 | #ifdef OPENSSL_NO_RIPEMD
70 | #error RIPEMD is disabled.
71 | #endif
72 |
73 | #if defined(__LP32__)
74 | #define RIPEMD160_LONG unsigned long
75 | #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
76 | #define RIPEMD160_LONG unsigned long
77 | #define RIPEMD160_LONG_LOG2 3
78 | #else
79 | #define RIPEMD160_LONG unsigned int
80 | #endif
81 |
82 | #define RIPEMD160_CBLOCK 64
83 | #define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4)
84 | #define RIPEMD160_DIGEST_LENGTH 20
85 |
86 | typedef struct RIPEMD160state_st
87 | {
88 | RIPEMD160_LONG A,B,C,D,E;
89 | RIPEMD160_LONG Nl,Nh;
90 | RIPEMD160_LONG data[RIPEMD160_LBLOCK];
91 | unsigned int num;
92 | } RIPEMD160_CTX;
93 |
94 | #ifdef OPENSSL_FIPS
95 | int private_RIPEMD160_Init(RIPEMD160_CTX *c);
96 | #endif
97 | int RIPEMD160_Init(RIPEMD160_CTX *c);
98 | int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
99 | int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
100 | unsigned char *RIPEMD160(const unsigned char *d, size_t n,
101 | unsigned char *md);
102 | void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
103 | #ifdef __cplusplus
104 | }
105 | #endif
106 |
107 | #endif
108 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/ssl23.h:
--------------------------------------------------------------------------------
1 | /* ssl/ssl23.h */
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 | * All rights reserved.
4 | *
5 | * This package is an SSL implementation written
6 | * by Eric Young (eay@cryptsoft.com).
7 | * The implementation was written so as to conform with Netscapes SSL.
8 | *
9 | * This library is free for commercial and non-commercial use as long as
10 | * the following conditions are aheared to. The following conditions
11 | * apply to all code found in this distribution, be it the RC4, RSA,
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 | * included with this distribution is covered by the same copyright terms
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 | *
16 | * Copyright remains Eric Young's, and as such any Copyright notices in
17 | * the code are not to be removed.
18 | * If this package is used in a product, Eric Young should be given attribution
19 | * as the author of the parts of the library used.
20 | * This can be in the form of a textual message at program startup or
21 | * in documentation (online or textual) provided with the package.
22 | *
23 | * Redistribution and use in source and binary forms, with or without
24 | * modification, are permitted provided that the following conditions
25 | * are met:
26 | * 1. Redistributions of source code must retain the copyright
27 | * notice, this list of conditions and the following disclaimer.
28 | * 2. Redistributions in binary form must reproduce the above copyright
29 | * notice, this list of conditions and the following disclaimer in the
30 | * documentation and/or other materials provided with the distribution.
31 | * 3. All advertising materials mentioning features or use of this software
32 | * must display the following acknowledgement:
33 | * "This product includes cryptographic software written by
34 | * Eric Young (eay@cryptsoft.com)"
35 | * The word 'cryptographic' can be left out if the rouines from the library
36 | * being used are not cryptographic related :-).
37 | * 4. If you include any Windows specific code (or a derivative thereof) from
38 | * the apps directory (application code) you must include an acknowledgement:
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 | *
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 | * SUCH DAMAGE.
52 | *
53 | * The licence and distribution terms for any publically available version or
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be
55 | * copied and put under another distribution licence
56 | * [including the GNU Public Licence.]
57 | */
58 |
59 | #ifndef HEADER_SSL23_H
60 | #define HEADER_SSL23_H
61 |
62 | #ifdef __cplusplus
63 | extern "C" {
64 | #endif
65 |
66 | /*client */
67 | /* write to server */
68 | #define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
69 | #define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
70 | /* read from server */
71 | #define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
72 | #define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
73 |
74 | /* server */
75 | /* read from client */
76 | #define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
77 | #define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
78 |
79 | #ifdef __cplusplus
80 | }
81 | #endif
82 | #endif
83 |
84 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/stack.h:
--------------------------------------------------------------------------------
1 | /* crypto/stack/stack.h */
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 | * All rights reserved.
4 | *
5 | * This package is an SSL implementation written
6 | * by Eric Young (eay@cryptsoft.com).
7 | * The implementation was written so as to conform with Netscapes SSL.
8 | *
9 | * This library is free for commercial and non-commercial use as long as
10 | * the following conditions are aheared to. The following conditions
11 | * apply to all code found in this distribution, be it the RC4, RSA,
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 | * included with this distribution is covered by the same copyright terms
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 | *
16 | * Copyright remains Eric Young's, and as such any Copyright notices in
17 | * the code are not to be removed.
18 | * If this package is used in a product, Eric Young should be given attribution
19 | * as the author of the parts of the library used.
20 | * This can be in the form of a textual message at program startup or
21 | * in documentation (online or textual) provided with the package.
22 | *
23 | * Redistribution and use in source and binary forms, with or without
24 | * modification, are permitted provided that the following conditions
25 | * are met:
26 | * 1. Redistributions of source code must retain the copyright
27 | * notice, this list of conditions and the following disclaimer.
28 | * 2. Redistributions in binary form must reproduce the above copyright
29 | * notice, this list of conditions and the following disclaimer in the
30 | * documentation and/or other materials provided with the distribution.
31 | * 3. All advertising materials mentioning features or use of this software
32 | * must display the following acknowledgement:
33 | * "This product includes cryptographic software written by
34 | * Eric Young (eay@cryptsoft.com)"
35 | * The word 'cryptographic' can be left out if the rouines from the library
36 | * being used are not cryptographic related :-).
37 | * 4. If you include any Windows specific code (or a derivative thereof) from
38 | * the apps directory (application code) you must include an acknowledgement:
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 | *
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 | * SUCH DAMAGE.
52 | *
53 | * The licence and distribution terms for any publically available version or
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be
55 | * copied and put under another distribution licence
56 | * [including the GNU Public Licence.]
57 | */
58 |
59 | #ifndef HEADER_STACK_H
60 | #define HEADER_STACK_H
61 |
62 | #ifdef __cplusplus
63 | extern "C" {
64 | #endif
65 |
66 | typedef struct stack_st
67 | {
68 | int num;
69 | char **data;
70 | int sorted;
71 |
72 | int num_alloc;
73 | int (*comp)(const void *, const void *);
74 | } _STACK; /* Use STACK_OF(...) instead */
75 |
76 | #define M_sk_num(sk) ((sk) ? (sk)->num:-1)
77 | #define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL)
78 |
79 | int sk_num(const _STACK *);
80 | void *sk_value(const _STACK *, int);
81 |
82 | void *sk_set(_STACK *, int, void *);
83 |
84 | _STACK *sk_new(int (*cmp)(const void *, const void *));
85 | _STACK *sk_new_null(void);
86 | void sk_free(_STACK *);
87 | void sk_pop_free(_STACK *st, void (*func)(void *));
88 | int sk_insert(_STACK *sk, void *data, int where);
89 | void *sk_delete(_STACK *st, int loc);
90 | void *sk_delete_ptr(_STACK *st, void *p);
91 | int sk_find(_STACK *st, void *data);
92 | int sk_find_ex(_STACK *st, void *data);
93 | int sk_push(_STACK *st, void *data);
94 | int sk_unshift(_STACK *st, void *data);
95 | void *sk_shift(_STACK *st);
96 | void *sk_pop(_STACK *st);
97 | void sk_zero(_STACK *st);
98 | int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))
99 | (const void *, const void *);
100 | _STACK *sk_dup(_STACK *st);
101 | void sk_sort(_STACK *st);
102 | int sk_is_sorted(const _STACK *st);
103 |
104 | #ifdef __cplusplus
105 | }
106 | #endif
107 |
108 | #endif
109 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/txt_db.h:
--------------------------------------------------------------------------------
1 | /* crypto/txt_db/txt_db.h */
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 | * All rights reserved.
4 | *
5 | * This package is an SSL implementation written
6 | * by Eric Young (eay@cryptsoft.com).
7 | * The implementation was written so as to conform with Netscapes SSL.
8 | *
9 | * This library is free for commercial and non-commercial use as long as
10 | * the following conditions are aheared to. The following conditions
11 | * apply to all code found in this distribution, be it the RC4, RSA,
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 | * included with this distribution is covered by the same copyright terms
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 | *
16 | * Copyright remains Eric Young's, and as such any Copyright notices in
17 | * the code are not to be removed.
18 | * If this package is used in a product, Eric Young should be given attribution
19 | * as the author of the parts of the library used.
20 | * This can be in the form of a textual message at program startup or
21 | * in documentation (online or textual) provided with the package.
22 | *
23 | * Redistribution and use in source and binary forms, with or without
24 | * modification, are permitted provided that the following conditions
25 | * are met:
26 | * 1. Redistributions of source code must retain the copyright
27 | * notice, this list of conditions and the following disclaimer.
28 | * 2. Redistributions in binary form must reproduce the above copyright
29 | * notice, this list of conditions and the following disclaimer in the
30 | * documentation and/or other materials provided with the distribution.
31 | * 3. All advertising materials mentioning features or use of this software
32 | * must display the following acknowledgement:
33 | * "This product includes cryptographic software written by
34 | * Eric Young (eay@cryptsoft.com)"
35 | * The word 'cryptographic' can be left out if the rouines from the library
36 | * being used are not cryptographic related :-).
37 | * 4. If you include any Windows specific code (or a derivative thereof) from
38 | * the apps directory (application code) you must include an acknowledgement:
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 | *
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 | * SUCH DAMAGE.
52 | *
53 | * The licence and distribution terms for any publically available version or
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be
55 | * copied and put under another distribution licence
56 | * [including the GNU Public Licence.]
57 | */
58 |
59 | #ifndef HEADER_TXT_DB_H
60 | #define HEADER_TXT_DB_H
61 |
62 | #include
63 | #ifndef OPENSSL_NO_BIO
64 | #include
65 | #endif
66 | #include
67 | #include
68 |
69 | #define DB_ERROR_OK 0
70 | #define DB_ERROR_MALLOC 1
71 | #define DB_ERROR_INDEX_CLASH 2
72 | #define DB_ERROR_INDEX_OUT_OF_RANGE 3
73 | #define DB_ERROR_NO_INDEX 4
74 | #define DB_ERROR_INSERT_INDEX_CLASH 5
75 |
76 | #ifdef __cplusplus
77 | extern "C" {
78 | #endif
79 |
80 | typedef OPENSSL_STRING *OPENSSL_PSTRING;
81 | DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
82 |
83 | typedef struct txt_db_st
84 | {
85 | int num_fields;
86 | STACK_OF(OPENSSL_PSTRING) *data;
87 | LHASH_OF(OPENSSL_STRING) **index;
88 | int (**qual)(OPENSSL_STRING *);
89 | long error;
90 | long arg1;
91 | long arg2;
92 | OPENSSL_STRING *arg_row;
93 | } TXT_DB;
94 |
95 | #ifndef OPENSSL_NO_BIO
96 | TXT_DB *TXT_DB_read(BIO *in, int num);
97 | long TXT_DB_write(BIO *out, TXT_DB *db);
98 | #else
99 | TXT_DB *TXT_DB_read(char *in, int num);
100 | long TXT_DB_write(char *out, TXT_DB *db);
101 | #endif
102 | int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(OPENSSL_STRING *),
103 | LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
104 | void TXT_DB_free(TXT_DB *db);
105 | OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value);
106 | int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
107 |
108 | #ifdef __cplusplus
109 | }
110 | #endif
111 |
112 | #endif
113 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/ui_compat.h:
--------------------------------------------------------------------------------
1 | /* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
2 | /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
3 | * project 2001.
4 | */
5 | /* ====================================================================
6 | * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 | *
8 | * Redistribution and use in source and binary forms, with or without
9 | * modification, are permitted provided that the following conditions
10 | * are met:
11 | *
12 | * 1. Redistributions of source code must retain the above copyright
13 | * notice, this list of conditions and the following disclaimer.
14 | *
15 | * 2. Redistributions in binary form must reproduce the above copyright
16 | * notice, this list of conditions and the following disclaimer in
17 | * the documentation and/or other materials provided with the
18 | * distribution.
19 | *
20 | * 3. All advertising materials mentioning features or use of this
21 | * software must display the following acknowledgment:
22 | * "This product includes software developed by the OpenSSL Project
23 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 | *
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 | * endorse or promote products derived from this software without
27 | * prior written permission. For written permission, please contact
28 | * openssl-core@openssl.org.
29 | *
30 | * 5. Products derived from this software may not be called "OpenSSL"
31 | * nor may "OpenSSL" appear in their names without prior written
32 | * permission of the OpenSSL Project.
33 | *
34 | * 6. Redistributions of any form whatsoever must retain the following
35 | * acknowledgment:
36 | * "This product includes software developed by the OpenSSL Project
37 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 | *
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 | * OF THE POSSIBILITY OF SUCH DAMAGE.
51 | * ====================================================================
52 | *
53 | * This product includes cryptographic software written by Eric Young
54 | * (eay@cryptsoft.com). This product includes software written by Tim
55 | * Hudson (tjh@cryptsoft.com).
56 | *
57 | */
58 |
59 | #ifndef HEADER_UI_COMPAT_H
60 | #define HEADER_UI_COMPAT_H
61 |
62 | #include
63 | #include
64 |
65 | #ifdef __cplusplus
66 | extern "C" {
67 | #endif
68 |
69 | /* The following functions were previously part of the DES section,
70 | and are provided here for backward compatibility reasons. */
71 |
72 | #define des_read_pw_string(b,l,p,v) \
73 | _ossl_old_des_read_pw_string((b),(l),(p),(v))
74 | #define des_read_pw(b,bf,s,p,v) \
75 | _ossl_old_des_read_pw((b),(bf),(s),(p),(v))
76 |
77 | int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify);
78 | int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
79 |
80 | #ifdef __cplusplus
81 | }
82 | #endif
83 | #endif
84 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/openssl/whrlpool.h:
--------------------------------------------------------------------------------
1 | #ifndef HEADER_WHRLPOOL_H
2 | #define HEADER_WHRLPOOL_H
3 |
4 | #include
5 | #include
6 |
7 | #ifdef __cplusplus
8 | extern "C" {
9 | #endif
10 |
11 | #define WHIRLPOOL_DIGEST_LENGTH (512/8)
12 | #define WHIRLPOOL_BBLOCK 512
13 | #define WHIRLPOOL_COUNTER (256/8)
14 |
15 | typedef struct {
16 | union {
17 | unsigned char c[WHIRLPOOL_DIGEST_LENGTH];
18 | /* double q is here to ensure 64-bit alignment */
19 | double q[WHIRLPOOL_DIGEST_LENGTH/sizeof(double)];
20 | } H;
21 | unsigned char data[WHIRLPOOL_BBLOCK/8];
22 | unsigned int bitoff;
23 | size_t bitlen[WHIRLPOOL_COUNTER/sizeof(size_t)];
24 | } WHIRLPOOL_CTX;
25 |
26 | #ifndef OPENSSL_NO_WHIRLPOOL
27 | #ifdef OPENSSL_FIPS
28 | int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
29 | #endif
30 | int WHIRLPOOL_Init (WHIRLPOOL_CTX *c);
31 | int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes);
32 | void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits);
33 | int WHIRLPOOL_Final (unsigned char *md,WHIRLPOOL_CTX *c);
34 | unsigned char *WHIRLPOOL(const void *inp,size_t bytes,unsigned char *md);
35 | #endif
36 |
37 | #ifdef __cplusplus
38 | }
39 | #endif
40 |
41 | #endif
42 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007-2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_YARA_H
31 | #define YR_YARA_H
32 |
33 | #include "yara/utils.h"
34 | #include "yara/filemap.h"
35 | #include "yara/compiler.h"
36 | #include "yara/modules.h"
37 | #include "yara/object.h"
38 | #include "yara/libyara.h"
39 | #include "yara/error.h"
40 | #include "yara/stream.h"
41 | #include "yara/hash.h"
42 |
43 | #endif
44 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/ahocorasick.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef _AHOCORASICK_H
31 | #define _AHOCORASICK_H
32 |
33 | #include
34 | #include
35 | #include
36 |
37 |
38 | #define YR_AC_ROOT_STATE 0
39 | #define YR_AC_NEXT_STATE(t) (t >> 32)
40 | #define YR_AC_INVALID_TRANSITION(t, c) (((t) & 0xFFFF) != c)
41 |
42 | #define YR_AC_MAKE_TRANSITION(state, code, flags) \
43 | ((uint64_t)((((uint64_t) state) << 32) | ((flags) << 16) | (code)))
44 |
45 | #define YR_AC_USED_FLAG 0x1
46 |
47 | #define YR_AC_USED_TRANSITION_SLOT(x) ((x) & (YR_AC_USED_FLAG << 16))
48 | #define YR_AC_UNUSED_TRANSITION_SLOT(x) (!YR_AC_USED_TRANSITION_SLOT(x))
49 |
50 |
51 | typedef struct _YR_AC_TABLES
52 | {
53 | YR_AC_TRANSITION* transitions;
54 | YR_AC_MATCH_TABLE_ENTRY* matches;
55 |
56 | } YR_AC_TABLES;
57 |
58 |
59 | int yr_ac_automaton_create(
60 | YR_AC_AUTOMATON** automaton);
61 |
62 |
63 | int yr_ac_automaton_destroy(
64 | YR_AC_AUTOMATON* automaton);
65 |
66 |
67 | int yr_ac_add_string(
68 | YR_AC_AUTOMATON* automaton,
69 | YR_STRING* string,
70 | YR_ATOM_LIST_ITEM* atom,
71 | YR_ARENA* matches_arena);
72 |
73 |
74 | int yr_ac_compile(
75 | YR_AC_AUTOMATON* automaton,
76 | YR_ARENA* arena,
77 | YR_AC_TABLES* tables);
78 |
79 |
80 | void yr_ac_print_automaton(
81 | YR_AC_AUTOMATON* automaton);
82 |
83 |
84 | #endif
85 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/arena.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_ARENA_H
31 | #define YR_ARENA_H
32 |
33 | #include
34 |
35 | #include
36 | #include
37 |
38 | #define ARENA_FLAGS_FIXED_SIZE 1
39 | #define ARENA_FLAGS_COALESCED 2
40 | #define ARENA_FILE_VERSION 11
41 |
42 | #define EOL ((size_t) -1)
43 |
44 |
45 | typedef struct _YR_RELOC
46 | {
47 | uint32_t offset;
48 | struct _YR_RELOC* next;
49 |
50 | } YR_RELOC;
51 |
52 |
53 | typedef struct _YR_ARENA_PAGE
54 | {
55 |
56 | uint8_t* new_address;
57 | uint8_t* address;
58 |
59 | size_t size;
60 | size_t used;
61 |
62 | YR_RELOC* reloc_list_head;
63 | YR_RELOC* reloc_list_tail;
64 |
65 | struct _YR_ARENA_PAGE* next;
66 | struct _YR_ARENA_PAGE* prev;
67 |
68 | } YR_ARENA_PAGE;
69 |
70 |
71 | typedef struct _YR_ARENA
72 | {
73 | int flags;
74 |
75 | YR_ARENA_PAGE* page_list_head;
76 | YR_ARENA_PAGE* current_page;
77 |
78 | } YR_ARENA;
79 |
80 |
81 | int yr_arena_create(
82 | size_t initial_size,
83 | int flags,
84 | YR_ARENA** arena);
85 |
86 |
87 | void yr_arena_destroy(
88 | YR_ARENA* arena);
89 |
90 |
91 | void* yr_arena_base_address(
92 | YR_ARENA* arena);
93 |
94 |
95 | void* yr_arena_next_address(
96 | YR_ARENA* arena,
97 | void* address,
98 | size_t offset);
99 |
100 |
101 | int yr_arena_coalesce(
102 | YR_ARENA* arena);
103 |
104 |
105 | int yr_arena_reserve_memory(
106 | YR_ARENA* arena,
107 | size_t size);
108 |
109 |
110 | int yr_arena_allocate_memory(
111 | YR_ARENA* arena,
112 | size_t size,
113 | void** allocated_memory);
114 |
115 |
116 | int yr_arena_allocate_struct(
117 | YR_ARENA* arena,
118 | size_t size,
119 | void** allocated_memory,
120 | ...);
121 |
122 |
123 | int yr_arena_make_relocatable(
124 | YR_ARENA* arena,
125 | void* base,
126 | ...);
127 |
128 |
129 | int yr_arena_write_data(
130 | YR_ARENA* arena,
131 | void* data,
132 | size_t size,
133 | void** written_data);
134 |
135 |
136 | int yr_arena_write_string(
137 | YR_ARENA* arena,
138 | const char* string,
139 | char** written_string);
140 |
141 |
142 | int yr_arena_append(
143 | YR_ARENA* target_arena,
144 | YR_ARENA* source_arena);
145 |
146 |
147 | int yr_arena_load_stream(
148 | YR_STREAM* stream,
149 | YR_ARENA** arena);
150 |
151 |
152 | int yr_arena_save_stream(
153 | YR_ARENA* arena,
154 | YR_STREAM* stream);
155 |
156 |
157 | int yr_arena_duplicate(
158 | YR_ARENA* arena,
159 | YR_ARENA** duplicated);
160 |
161 |
162 | void yr_arena_print(
163 | YR_ARENA* arena);
164 |
165 | #endif
166 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/atoms.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_ATOMS_H
31 | #define YR_ATOMS_H
32 |
33 | #include
34 | #include
35 |
36 | #define ATOM_TREE_LEAF 1
37 | #define ATOM_TREE_AND 2
38 | #define ATOM_TREE_OR 3
39 |
40 |
41 | typedef struct _ATOM_TREE_NODE
42 | {
43 | uint8_t type;
44 | uint8_t atom_length;
45 | uint8_t atom[MAX_ATOM_LENGTH];
46 |
47 | uint8_t* forward_code;
48 | uint8_t* backward_code;
49 |
50 | RE_NODE* recent_nodes[MAX_ATOM_LENGTH];
51 |
52 | struct _ATOM_TREE_NODE* children_head;
53 | struct _ATOM_TREE_NODE* children_tail;
54 | struct _ATOM_TREE_NODE* next_sibling;
55 |
56 | } ATOM_TREE_NODE;
57 |
58 |
59 | typedef struct _ATOM_TREE
60 | {
61 | ATOM_TREE_NODE* current_leaf;
62 | ATOM_TREE_NODE* root_node;
63 |
64 | } ATOM_TREE;
65 |
66 |
67 | typedef struct _YR_ATOM_LIST_ITEM
68 | {
69 | uint8_t atom_length;
70 | uint8_t atom[MAX_ATOM_LENGTH];
71 |
72 | uint16_t backtrack;
73 |
74 | uint8_t* forward_code;
75 | uint8_t* backward_code;
76 |
77 | struct _YR_ATOM_LIST_ITEM* next;
78 |
79 | } YR_ATOM_LIST_ITEM;
80 |
81 |
82 | int yr_atoms_extract_from_re(
83 | RE* re,
84 | int flags,
85 | YR_ATOM_LIST_ITEM** atoms);
86 |
87 |
88 | int yr_atoms_extract_from_string(
89 | uint8_t* string,
90 | int string_length,
91 | int flags,
92 | YR_ATOM_LIST_ITEM** atoms);
93 |
94 |
95 | int yr_atoms_min_quality(
96 | YR_ATOM_LIST_ITEM* atom_list);
97 |
98 |
99 | void yr_atoms_list_destroy(
100 | YR_ATOM_LIST_ITEM* list_head);
101 |
102 | #endif
103 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/exefiles.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_EXEFILES_H
31 | #define YR_EXEFILES_H
32 |
33 | uint64_t yr_get_entry_point_offset(
34 | uint8_t* buffer,
35 | size_t buffer_length);
36 |
37 |
38 | uint64_t yr_get_entry_point_address(
39 | uint8_t* buffer,
40 | size_t buffer_length,
41 | size_t base_address);
42 |
43 | #endif
44 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/filemap.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_FILEMAP_H
31 | #define YR_FILEMAP_H
32 |
33 | #ifdef _MSC_VER
34 | #define off_t int64_t
35 | #else
36 | #include
37 | #endif
38 |
39 | #if defined(_WIN32) || defined(__CYGWIN__)
40 | #include
41 | #define YR_FILE_DESCRIPTOR HANDLE
42 | #else
43 | #define YR_FILE_DESCRIPTOR int
44 | #endif
45 |
46 | #include
47 |
48 | #include
49 | #include
50 |
51 |
52 | typedef struct _YR_MAPPED_FILE
53 | {
54 | YR_FILE_DESCRIPTOR file;
55 | size_t size;
56 | uint8_t* data;
57 | #if defined(_WIN32) || defined(__CYGWIN__)
58 | HANDLE mapping;
59 | #endif
60 |
61 | } YR_MAPPED_FILE;
62 |
63 |
64 | YR_API int yr_filemap_map(
65 | const char* file_path,
66 | YR_MAPPED_FILE* pmapped_file);
67 |
68 |
69 | YR_API int yr_filemap_map_fd(
70 | YR_FILE_DESCRIPTOR file,
71 | off_t offset,
72 | size_t size,
73 | YR_MAPPED_FILE* pmapped_file);
74 |
75 |
76 | YR_API int yr_filemap_map_ex(
77 | const char* file_path,
78 | off_t offset,
79 | size_t size,
80 | YR_MAPPED_FILE* pmapped_file);
81 |
82 |
83 | YR_API void yr_filemap_unmap(
84 | YR_MAPPED_FILE* pmapped_file);
85 |
86 |
87 | YR_API void yr_filemap_unmap_fd(
88 | YR_MAPPED_FILE* pmapped_file);
89 |
90 | #endif
91 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/globals.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_GLOBALS_H
31 | #define YR_GLOBALS_H
32 |
33 | extern char lowercase[256];
34 | extern char altercase[256];
35 |
36 | #endif
37 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/hash.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_HASH_H
31 | #define YR_HASH_H
32 |
33 | #include
34 |
35 | #include
36 |
37 | typedef struct _YR_HASH_TABLE_ENTRY
38 | {
39 | void* key;
40 | size_t key_length;
41 | char* ns;
42 | void* value;
43 |
44 | struct _YR_HASH_TABLE_ENTRY* next;
45 |
46 | } YR_HASH_TABLE_ENTRY;
47 |
48 |
49 | typedef struct _YR_HASH_TABLE
50 | {
51 | int size;
52 |
53 | YR_HASH_TABLE_ENTRY* buckets[1];
54 |
55 | } YR_HASH_TABLE;
56 |
57 |
58 | typedef int (*YR_HASH_TABLE_FREE_VALUE_FUNC)(void* value);
59 |
60 |
61 | YR_API int yr_hash_table_create(
62 | int size,
63 | YR_HASH_TABLE** table);
64 |
65 |
66 | YR_API void yr_hash_table_clean(
67 | YR_HASH_TABLE* table,
68 | YR_HASH_TABLE_FREE_VALUE_FUNC free_value);
69 |
70 |
71 | YR_API void yr_hash_table_destroy(
72 | YR_HASH_TABLE* table,
73 | YR_HASH_TABLE_FREE_VALUE_FUNC free_value);
74 |
75 |
76 | YR_API void* yr_hash_table_lookup(
77 | YR_HASH_TABLE* table,
78 | const char* key,
79 | const char* ns);
80 |
81 |
82 | YR_API int yr_hash_table_add(
83 | YR_HASH_TABLE* table,
84 | const char* key,
85 | const char* ns,
86 | void* value);
87 |
88 |
89 | YR_API void* yr_hash_table_lookup_raw_key(
90 | YR_HASH_TABLE* table,
91 | const void* key,
92 | size_t key_length,
93 | const char* ns);
94 |
95 |
96 | YR_API int yr_hash_table_add_raw_key(
97 | YR_HASH_TABLE* table,
98 | const void* key,
99 | size_t key_length,
100 | const char* ns,
101 | void* value);
102 |
103 | #endif
104 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/hex_lexer.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007. Victor M. Alvarez [plusvic@gmail.com].
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #include
31 |
32 | #undef yyparse
33 | #undef yylex
34 | #undef yyerror
35 | #undef yyfatal
36 | #undef yychar
37 | #undef yydebug
38 | #undef yynerrs
39 | #undef yyget_extra
40 | #undef yyget_lineno
41 |
42 | #undef YY_FATAL_ERROR
43 | #undef YY_DECL
44 | #undef LEX_ENV
45 |
46 | #define yyparse hex_yyparse
47 | #define yylex hex_yylex
48 | #define yyerror hex_yyerror
49 | #define yyfatal hex_yyfatal
50 | #define yychar hex_yychar
51 | #define yydebug hex_yydebug
52 | #define yynerrs hex_yynerrs
53 | #define yyget_extra hex_yyget_extra
54 | #define yyget_lineno hex_yyget_lineno
55 |
56 |
57 | #ifndef YY_TYPEDEF_YY_SCANNER_T
58 | #define YY_TYPEDEF_YY_SCANNER_T
59 | typedef void* yyscan_t;
60 | #endif
61 |
62 | #define YY_EXTRA_TYPE RE*
63 | #define YY_USE_CONST
64 |
65 |
66 | typedef struct _HEX_LEX_ENVIRONMENT
67 | {
68 | int token_count;
69 | int inside_or;
70 | int last_error_code;
71 | char last_error_message[256];
72 |
73 | } HEX_LEX_ENVIRONMENT;
74 |
75 |
76 | #define YY_FATAL_ERROR(msg) hex_yyfatal(yyscanner, msg)
77 |
78 | #define LEX_ENV ((HEX_LEX_ENVIRONMENT*) lex_env)
79 |
80 | #include
81 |
82 | #define YY_DECL int hex_yylex \
83 | (YYSTYPE * yylval_param , yyscan_t yyscanner, HEX_LEX_ENVIRONMENT* lex_env)
84 |
85 |
86 | YY_EXTRA_TYPE yyget_extra(
87 | yyscan_t yyscanner);
88 |
89 | int yylex(
90 | YYSTYPE* yylval_param,
91 | yyscan_t yyscanner,
92 | HEX_LEX_ENVIRONMENT* lex_env);
93 |
94 | int yyparse(
95 | void *yyscanner,
96 | HEX_LEX_ENVIRONMENT *lex_env);
97 |
98 | void yyerror(
99 | yyscan_t yyscanner,
100 | HEX_LEX_ENVIRONMENT* lex_env,
101 | const char *error_message);
102 |
103 | void yyfatal(
104 | yyscan_t yyscanner,
105 | const char *error_message);
106 |
107 | int yr_parse_hex_string(
108 | const char* hex_string,
109 | int flags,
110 | RE** re,
111 | RE_ERROR* error);
112 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/integers.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_INTEGERS_H
31 | #define YR_INTEGERS_H
32 |
33 | /* Integer type definitions
34 | */
35 | #if ( defined( _MSC_VER ) && ( _MSC_VER < 1600 ) ) || ( defined( __BORLANDC__ ) && ( __BORLANDC__ <= 0x0560 ) )
36 |
37 | #ifdef __cplusplus
38 | extern "C" {
39 | #endif
40 |
41 | /* Microsoft Visual Studio C++ before Visual Studio 2010 or earlier versions of the Borland C++ Builder
42 | * do not support the (u)int#_t type definitions but have __int# defintions instead
43 | */
44 | typedef __int8 int8_t;
45 | typedef unsigned __int8 uint8_t;
46 | typedef __int16 int16_t;
47 | typedef unsigned __int16 uint16_t;
48 | typedef __int32 int32_t;
49 | typedef unsigned __int32 uint32_t;
50 | typedef __int64 int64_t;
51 | typedef unsigned __int64 uint64_t;
52 |
53 | #ifdef __cplusplus
54 | }
55 | #endif
56 |
57 | #else
58 |
59 | /* Other "compilers" and later versions of Microsoft Visual Studio C++ and
60 | * Borland C/C++ define the types in
61 | */
62 | #include
63 |
64 | #endif
65 |
66 | #endif
67 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/lexer.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007. Victor M. Alvarez [plusvic@gmail.com].
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #include
31 |
32 |
33 | #undef yyparse
34 | #undef yylex
35 | #undef yyerror
36 | #undef yyfatal
37 | #undef yychar
38 | #undef yydebug
39 | #undef yynerrs
40 | #undef yyget_extra
41 | #undef yyget_lineno
42 |
43 | #undef YY_DECL
44 | #undef YY_FATAL_ERROR
45 | #undef YY_EXTRA_TYPE
46 |
47 | #define yyparse yara_yyparse
48 | #define yylex yara_yylex
49 | #define yyerror yara_yyerror
50 | #define yyfatal yara_yyfatal
51 | #define yywarning yara_yywarning
52 | #define yychar yara_yychar
53 | #define yydebug yara_yydebug
54 | #define yynerrs yara_yynerrs
55 | #define yyget_extra yara_yyget_extra
56 | #define yyget_lineno yara_yyget_lineno
57 |
58 |
59 | #ifndef YY_TYPEDEF_YY_SCANNER_T
60 | #define YY_TYPEDEF_YY_SCANNER_T
61 | typedef void* yyscan_t;
62 | #endif
63 |
64 | #ifndef YY_TYPEDEF_EXPRESSION_T
65 | #define YY_TYPEDEF_EXPRESSION_T
66 |
67 |
68 | // Expression type constants are powers of two because they are used as flags.
69 | // For example:
70 | // CHECK_TYPE(whatever, EXPRESSION_TYPE_INTEGER | EXPRESSION_TYPE_FLOAT)
71 | // The expression above is used to ensure that the type of "whatever" is either
72 | // integer or float.
73 |
74 | #define EXPRESSION_TYPE_BOOLEAN 1
75 | #define EXPRESSION_TYPE_INTEGER 2
76 | #define EXPRESSION_TYPE_STRING 4
77 | #define EXPRESSION_TYPE_REGEXP 8
78 | #define EXPRESSION_TYPE_OBJECT 16
79 | #define EXPRESSION_TYPE_FLOAT 32
80 |
81 | typedef struct _EXPRESSION
82 | {
83 | int type;
84 |
85 | union {
86 | int64_t integer;
87 | YR_OBJECT* object;
88 | SIZED_STRING* sized_string;
89 | } value;
90 |
91 | const char* identifier;
92 |
93 | } EXPRESSION;
94 |
95 | union YYSTYPE;
96 |
97 | #endif
98 |
99 |
100 | #define YY_DECL int yylex( \
101 | union YYSTYPE* yylval_param, yyscan_t yyscanner, YR_COMPILER* compiler)
102 |
103 |
104 | #define YY_FATAL_ERROR(msg) yara_yyfatal(yyscanner, msg)
105 |
106 |
107 | #define YY_EXTRA_TYPE YR_COMPILER*
108 | #define YY_USE_CONST
109 |
110 |
111 | int yyget_lineno(yyscan_t yyscanner);
112 |
113 | int yylex(
114 | union YYSTYPE* yylval_param,
115 | yyscan_t yyscanner,
116 | YR_COMPILER* compiler);
117 |
118 | int yyparse(
119 | void *yyscanner,
120 | YR_COMPILER* compiler);
121 |
122 | void yyerror(
123 | yyscan_t yyscanner,
124 | YR_COMPILER* compiler,
125 | const char *error_message);
126 |
127 | void yywarning(
128 | yyscan_t yyscanner,
129 | const char *message_fmt,
130 | ...);
131 |
132 | void yyfatal(
133 | yyscan_t yyscanner,
134 | const char *error_message);
135 |
136 | YY_EXTRA_TYPE yyget_extra(
137 | yyscan_t yyscanner);
138 |
139 | int yr_lex_parse_rules_string(
140 | const char* rules_string,
141 | YR_COMPILER* compiler);
142 |
143 | int yr_lex_parse_rules_file(
144 | FILE* rules_file,
145 | YR_COMPILER* compiler);
146 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/libyara.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_LIBYARA_H
31 | #define YR_LIBYARA_H
32 |
33 | #include
34 |
35 | #define YR_MAJOR_VERSION 3
36 | #define YR_MINOR_VERSION 5
37 | #define YR_MICRO_VERSION 0
38 |
39 | // Version as a string
40 | #define YR_VERSION "3.5.0"
41 |
42 |
43 | // Version as a single 4-byte hex number, e.g. 0x030401 == 3.4.1.
44 | #define YR_VERSION_HEX ((YR_MAJOR_VERSION << 16) | \
45 | (YR_MINOR_VERSION << 8) | \
46 | (YR_MICRO_VERSION << 0))
47 |
48 |
49 | // Enumerated type listing configuration options
50 | typedef enum _YR_CONFIG_NAME
51 | {
52 | YR_CONFIG_STACK_SIZE,
53 | YR_CONFIG_MAX
54 |
55 | } YR_CONFIG_NAME;
56 |
57 |
58 | #define DEFAULT_STACK_SIZE 16384
59 |
60 |
61 | YR_API int yr_initialize(void);
62 |
63 |
64 | YR_API int yr_finalize(void);
65 |
66 |
67 | YR_API void yr_finalize_thread(void);
68 |
69 |
70 | YR_API int yr_get_tidx(void);
71 |
72 |
73 | YR_API void yr_set_tidx(int);
74 |
75 |
76 | YR_API int yr_set_configuration(YR_CONFIG_NAME, void*);
77 |
78 |
79 | YR_API int yr_get_configuration(YR_CONFIG_NAME, void*);
80 |
81 | #endif
82 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/limits.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_LIMITS_H
31 | #define YR_LIMITS_H
32 |
33 | #if defined(_WIN32) || defined(__CYGWIN__)
34 | #include
35 | #endif
36 |
37 |
38 | // MAX_THREADS is the number of threads that can use a YR_RULES
39 | // object simultaneosly. This value is limited by the number of
40 | // bits in tidx_mask.
41 |
42 | #define MAX_THREADS 32
43 |
44 |
45 | #ifndef MAX_PATH
46 | #define MAX_PATH 1024
47 | #endif
48 |
49 | #define MAX_COMPILER_ERROR_EXTRA_INFO 256
50 | #define MAX_ATOM_LENGTH 4
51 | #define MAX_LOOP_NESTING 4
52 | #define MAX_ARENA_PAGES 32
53 | #define MAX_INCLUDE_DEPTH 16
54 | #define MAX_STRING_MATCHES 1000000
55 | #define MAX_FUNCTION_ARGS 128
56 | #define MAX_FAST_HEX_RE_STACK 300
57 | #define MAX_OVERLOADED_FUNCTIONS 10
58 | #define MAX_HEX_STRING_TOKENS 10000
59 | #define MAX_MATCH_DATA 4096
60 |
61 | #define LOOP_LOCAL_VARS 4
62 | #define STRING_CHAINING_THRESHOLD 200
63 | #define LEX_BUF_SIZE 8192
64 |
65 |
66 | #endif
67 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/mem.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_MEM_H
31 | #define YR_MEM_H
32 |
33 | #include
34 |
35 | #include "config.h"
36 |
37 | #ifdef DMALLOC
38 |
39 | #define yr_malloc malloc
40 | #define yr_calloc calloc
41 | #define yr_realloc realloc
42 | #define yr_free free
43 | #define yr_strdup strdup
44 | #define yr_strndup strndup
45 |
46 | #include
47 |
48 | #else
49 |
50 | void* yr_calloc(
51 | size_t count,
52 | size_t size);
53 |
54 | void* yr_malloc(
55 | size_t size);
56 |
57 | void* yr_realloc(
58 | void* ptr,
59 | size_t size);
60 |
61 | void yr_free(
62 | void *ptr);
63 |
64 | char* yr_strdup(
65 | const char *str);
66 |
67 | char* yr_strndup(
68 | const char *str, size_t n);
69 |
70 | #endif
71 |
72 | int yr_heap_alloc(void);
73 |
74 | int yr_heap_free(void);
75 |
76 | #endif
77 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/object.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_OBJECT_H
31 | #define YR_OBJECT_H
32 |
33 | #ifdef _MSC_VER
34 |
35 | #include
36 | #ifndef isnan
37 | #define isnan _isnan
38 | #endif
39 |
40 | #ifndef INFINITY
41 | #define INFINITY (DBL_MAX + DBL_MAX)
42 | #endif
43 |
44 | #ifndef NAN
45 | #define NAN (INFINITY-INFINITY)
46 | #endif
47 |
48 | #endif
49 |
50 | #include
51 |
52 |
53 | #define OBJECT_CREATE 1
54 |
55 | #define OBJECT_TYPE_INTEGER 1
56 | #define OBJECT_TYPE_STRING 2
57 | #define OBJECT_TYPE_STRUCTURE 3
58 | #define OBJECT_TYPE_ARRAY 4
59 | #define OBJECT_TYPE_FUNCTION 5
60 | #define OBJECT_TYPE_REGEXP 6
61 | #define OBJECT_TYPE_DICTIONARY 7
62 | #define OBJECT_TYPE_FLOAT 8
63 |
64 |
65 | int yr_object_create(
66 | int8_t type,
67 | const char* identifier,
68 | YR_OBJECT* parent,
69 | YR_OBJECT** object);
70 |
71 |
72 | int yr_object_function_create(
73 | const char* identifier,
74 | const char* arguments_fmt,
75 | const char* return_fmt,
76 | YR_MODULE_FUNC func,
77 | YR_OBJECT* parent,
78 | YR_OBJECT** function);
79 |
80 |
81 | int yr_object_from_external_variable(
82 | YR_EXTERNAL_VARIABLE* external,
83 | YR_OBJECT** object);
84 |
85 |
86 | void yr_object_destroy(
87 | YR_OBJECT* object);
88 |
89 |
90 | YR_OBJECT* yr_object_lookup_field(
91 | YR_OBJECT* object,
92 | const char* field_name);
93 |
94 |
95 | YR_OBJECT* yr_object_lookup(
96 | YR_OBJECT* root,
97 | int flags,
98 | const char* pattern,
99 | ...);
100 |
101 |
102 | int yr_object_has_undefined_value(
103 | YR_OBJECT* object,
104 | const char* field,
105 | ...);
106 |
107 | int64_t yr_object_get_integer(
108 | YR_OBJECT* object,
109 | const char* field,
110 | ...);
111 |
112 |
113 | SIZED_STRING* yr_object_get_string(
114 | YR_OBJECT* object,
115 | const char* field,
116 | ...);
117 |
118 |
119 | int yr_object_set_integer(
120 | int64_t value,
121 | YR_OBJECT* object,
122 | const char* field,
123 | ...);
124 |
125 |
126 | int yr_object_set_float(
127 | double value,
128 | YR_OBJECT* object,
129 | const char* field,
130 | ...);
131 |
132 |
133 | int yr_object_set_string(
134 | const char* value,
135 | size_t len,
136 | YR_OBJECT* object,
137 | const char* field,
138 | ...);
139 |
140 |
141 | YR_OBJECT* yr_object_array_get_item(
142 | YR_OBJECT* object,
143 | int flags,
144 | int index);
145 |
146 |
147 | int yr_object_array_set_item(
148 | YR_OBJECT* object,
149 | YR_OBJECT* item,
150 | int index);
151 |
152 |
153 | YR_OBJECT* yr_object_dict_get_item(
154 | YR_OBJECT* object,
155 | int flags,
156 | const char* key);
157 |
158 |
159 | int yr_object_dict_set_item(
160 | YR_OBJECT* object,
161 | YR_OBJECT* item,
162 | const char* key);
163 |
164 |
165 | int yr_object_structure_set_member(
166 | YR_OBJECT* object,
167 | YR_OBJECT* member);
168 |
169 |
170 | YR_OBJECT* yr_object_get_root(
171 | YR_OBJECT* object);
172 |
173 |
174 | YR_API void yr_object_print_data(
175 | YR_OBJECT* object,
176 | int indent,
177 | int print_identifier);
178 |
179 |
180 | #endif
181 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/parser.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_PARSER_H
31 | #define YR_PARSER_H
32 |
33 |
34 | #include "lexer.h"
35 |
36 |
37 | int yr_parser_emit(
38 | yyscan_t yyscanner,
39 | uint8_t instruction,
40 | uint8_t** instruction_address);
41 |
42 |
43 | int yr_parser_emit_with_arg(
44 | yyscan_t yyscanner,
45 | uint8_t instruction,
46 | int64_t argument,
47 | uint8_t** instruction_address,
48 | int64_t** argument_address);
49 |
50 |
51 | int yr_parser_emit_with_arg_double(
52 | yyscan_t yyscanner,
53 | uint8_t instruction,
54 | double argument,
55 | uint8_t** instruction_address,
56 | double** argument_address);
57 |
58 |
59 | int yr_parser_emit_with_arg_reloc(
60 | yyscan_t yyscanner,
61 | uint8_t instruction,
62 | int64_t argument,
63 | uint8_t** instruction_address,
64 | int64_t** argument_address);
65 |
66 |
67 | int yr_parser_check_types(
68 | YR_COMPILER* compiler,
69 | YR_OBJECT_FUNCTION* function,
70 | const char* actual_args_fmt);
71 |
72 |
73 | YR_STRING* yr_parser_lookup_string(
74 | yyscan_t yyscanner,
75 | const char* identifier);
76 |
77 |
78 | int yr_parser_lookup_loop_variable(
79 | yyscan_t yyscanner,
80 | const char* identifier);
81 |
82 |
83 | YR_RULE* yr_parser_reduce_rule_declaration_phase_1(
84 | yyscan_t yyscanner,
85 | int32_t flags,
86 | const char* identifier);
87 |
88 |
89 | int yr_parser_reduce_rule_declaration_phase_2(
90 | yyscan_t yyscanner,
91 | YR_RULE* rule);
92 |
93 |
94 | YR_STRING* yr_parser_reduce_string_declaration(
95 | yyscan_t yyscanner,
96 | int32_t flags,
97 | const char* identifier,
98 | SIZED_STRING* str);
99 |
100 |
101 | YR_META* yr_parser_reduce_meta_declaration(
102 | yyscan_t yyscanner,
103 | int32_t type,
104 | const char* identifier,
105 | const char* string,
106 | int64_t integer);
107 |
108 |
109 | int yr_parser_reduce_string_identifier(
110 | yyscan_t yyscanner,
111 | const char* identifier,
112 | uint8_t instruction,
113 | uint64_t at_offset);
114 |
115 |
116 | int yr_parser_emit_pushes_for_strings(
117 | yyscan_t yyscanner,
118 | const char* identifier);
119 |
120 |
121 | int yr_parser_reduce_external(
122 | yyscan_t yyscanner,
123 | const char* identifier,
124 | uint8_t intruction);
125 |
126 |
127 | int yr_parser_reduce_import(
128 | yyscan_t yyscanner,
129 | SIZED_STRING* module_name);
130 |
131 |
132 | int yr_parser_reduce_operation(
133 | yyscan_t yyscanner,
134 | const char* operation,
135 | EXPRESSION left_operand,
136 | EXPRESSION right_operand);
137 |
138 | #endif
139 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/proc.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_PROC_H
31 | #define YR_PROC_H
32 |
33 | #include
34 |
35 | int yr_process_open_iterator(
36 | int pid,
37 | YR_MEMORY_BLOCK_ITERATOR* iterator);
38 |
39 | int yr_process_close_iterator(
40 | YR_MEMORY_BLOCK_ITERATOR* iterator);
41 |
42 | #endif
43 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/re_lexer.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #undef yyparse
31 | #undef yylex
32 | #undef yyerror
33 | #undef yyfatal
34 | #undef yychar
35 | #undef yydebug
36 | #undef yynerrs
37 | #undef yyget_extra
38 | #undef yyget_lineno
39 |
40 | #undef YY_FATAL_ERROR
41 | #undef YY_DECL
42 | #undef LEX_ENV
43 |
44 |
45 | #define yyparse re_yyparse
46 | #define yylex re_yylex
47 | #define yyerror re_yyerror
48 | #define yyfatal re_yyfatal
49 | #define yychar re_yychar
50 | #define yydebug re_yydebug
51 | #define yynerrs re_yynerrs
52 | #define yyget_extra re_yyget_extra
53 | #define yyget_lineno re_yyget_lineno
54 |
55 |
56 | #ifndef YY_TYPEDEF_YY_SCANNER_T
57 | #define YY_TYPEDEF_YY_SCANNER_T
58 | typedef void* yyscan_t;
59 | #endif
60 |
61 | #define YY_EXTRA_TYPE RE*
62 | #define YY_USE_CONST
63 |
64 |
65 | typedef struct _RE_LEX_ENVIRONMENT
66 | {
67 | int negated_class;
68 | uint8_t class_vector[32];
69 | int last_error_code;
70 | char last_error_message[256];
71 |
72 | } RE_LEX_ENVIRONMENT;
73 |
74 |
75 | #define LEX_ENV ((RE_LEX_ENVIRONMENT*) lex_env)
76 |
77 | #define YY_FATAL_ERROR(msg) re_yyfatal(yyscanner, msg)
78 |
79 | #include
80 |
81 | #define YY_DECL int re_yylex \
82 | (YYSTYPE * yylval_param , yyscan_t yyscanner, RE_LEX_ENVIRONMENT* lex_env)
83 |
84 |
85 | YY_EXTRA_TYPE yyget_extra(
86 | yyscan_t yyscanner);
87 |
88 | int yylex(
89 | YYSTYPE* yylval_param,
90 | yyscan_t yyscanner,
91 | RE_LEX_ENVIRONMENT* lex_env);
92 |
93 | int yyparse(
94 | void *yyscanner,
95 | RE_LEX_ENVIRONMENT *lex_env);
96 |
97 | void yyerror(
98 | yyscan_t yyscanner,
99 | RE_LEX_ENVIRONMENT* lex_env,
100 | const char *error_message);
101 |
102 | void yyfatal(
103 | yyscan_t yyscanner,
104 | const char *error_message);
105 |
106 | int yr_parse_re_string(
107 | const char* re_string,
108 | int flags,
109 | RE** re,
110 | RE_ERROR* error);
111 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/rules.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_RULES_H
31 | #define YR_RULES_H
32 |
33 | #include
34 | #include
35 | #include
36 |
37 |
38 | #define CALLBACK_MSG_RULE_MATCHING 1
39 | #define CALLBACK_MSG_RULE_NOT_MATCHING 2
40 | #define CALLBACK_MSG_SCAN_FINISHED 3
41 | #define CALLBACK_MSG_IMPORT_MODULE 4
42 | #define CALLBACK_MSG_MODULE_IMPORTED 5
43 |
44 | #define CALLBACK_CONTINUE 0
45 | #define CALLBACK_ABORT 1
46 | #define CALLBACK_ERROR 2
47 |
48 |
49 | #define yr_rule_tags_foreach(rule, tag_name) \
50 | for (tag_name = rule->tags; \
51 | tag_name != NULL && *tag_name != '\0'; \
52 | tag_name += strlen(tag_name) + 1)
53 |
54 |
55 | #define yr_rule_metas_foreach(rule, meta) \
56 | for (meta = rule->metas; !META_IS_NULL(meta); meta++)
57 |
58 |
59 | #define yr_rule_strings_foreach(rule, string) \
60 | for (string = rule->strings; !STRING_IS_NULL(string); string++)
61 |
62 |
63 | #define yr_string_matches_foreach(string, match) \
64 | for (match = STRING_MATCHES(string).head; match != NULL; match = match->next)
65 |
66 |
67 | #define yr_rules_foreach(rules, rule) \
68 | for (rule = rules->rules_list_head; !RULE_IS_NULL(rule); rule++)
69 |
70 |
71 |
72 | YR_API int yr_rules_scan_mem(
73 | YR_RULES* rules,
74 | uint8_t* buffer,
75 | size_t buffer_size,
76 | int flags,
77 | YR_CALLBACK_FUNC callback,
78 | void* user_data,
79 | int timeout);
80 |
81 |
82 | YR_API int yr_rules_scan_file(
83 | YR_RULES* rules,
84 | const char* filename,
85 | int flags,
86 | YR_CALLBACK_FUNC callback,
87 | void* user_data,
88 | int timeout);
89 |
90 |
91 | YR_API int yr_rules_scan_fd(
92 | YR_RULES* rules,
93 | YR_FILE_DESCRIPTOR fd,
94 | int flags,
95 | YR_CALLBACK_FUNC callback,
96 | void* user_data,
97 | int timeout);
98 |
99 |
100 | YR_API int yr_rules_scan_proc(
101 | YR_RULES* rules,
102 | int pid,
103 | int flags,
104 | YR_CALLBACK_FUNC callback,
105 | void* user_data,
106 | int timeout);
107 |
108 | YR_API int yr_rules_save(
109 | YR_RULES* rules,
110 | const char* filename);
111 |
112 |
113 | YR_API int yr_rules_save_stream(
114 | YR_RULES* rules,
115 | YR_STREAM* stream);
116 |
117 |
118 | YR_API int yr_rules_load(
119 | const char* filename,
120 | YR_RULES** rules);
121 |
122 |
123 | YR_API int yr_rules_load_stream(
124 | YR_STREAM* stream,
125 | YR_RULES** rules);
126 |
127 |
128 | YR_API int yr_rules_destroy(
129 | YR_RULES* rules);
130 |
131 |
132 | YR_API int yr_rules_define_integer_variable(
133 | YR_RULES* rules,
134 | const char* identifier,
135 | int64_t value);
136 |
137 |
138 | YR_API int yr_rules_define_boolean_variable(
139 | YR_RULES* rules,
140 | const char* identifier,
141 | int value);
142 |
143 |
144 | YR_API int yr_rules_define_float_variable(
145 | YR_RULES* rules,
146 | const char* identifier,
147 | double value);
148 |
149 |
150 | YR_API int yr_rules_define_string_variable(
151 | YR_RULES* rules,
152 | const char* identifier,
153 | const char* value);
154 |
155 |
156 | YR_API void yr_rules_print_profiling_info(
157 | YR_RULES* rules);
158 |
159 | #endif
160 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/scan.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_SCAN_H
31 | #define YR_SCAN_H
32 |
33 | #include
34 |
35 | // Bitmasks for flags.
36 | #define SCAN_FLAGS_FAST_MODE 1
37 | #define SCAN_FLAGS_PROCESS_MEMORY 2
38 |
39 |
40 | int yr_scan_verify_match(
41 | YR_SCAN_CONTEXT* context,
42 | YR_AC_MATCH* ac_match,
43 | uint8_t* data,
44 | size_t data_size,
45 | size_t data_base,
46 | size_t offset);
47 |
48 | #endif
49 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/sizedstr.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef _SIZEDSTR_H
31 | #define _SIZEDSTR_H
32 |
33 | #include
34 |
35 | #include
36 |
37 | //
38 | // This struct is used to support strings containing null chars. The length of
39 | // the string is stored along the string data. However the string data is also
40 | // terminated with a null char.
41 | //
42 |
43 | #define SIZED_STRING_FLAGS_NO_CASE 1
44 | #define SIZED_STRING_FLAGS_DOT_ALL 2
45 |
46 | #pragma pack(push)
47 | #pragma pack(8)
48 |
49 |
50 | typedef struct _SIZED_STRING
51 | {
52 | uint32_t length;
53 | uint32_t flags;
54 |
55 | char c_string[1];
56 |
57 | } SIZED_STRING;
58 |
59 | #pragma pack(pop)
60 |
61 |
62 | int sized_string_cmp(
63 | SIZED_STRING* s1,
64 | SIZED_STRING* s2);
65 |
66 | #endif
67 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/stream.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2015. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_STREAM_H
31 | #define YR_STREAM_H
32 |
33 | #include
34 |
35 | typedef size_t (*YR_STREAM_READ_FUNC)(
36 | void* ptr,
37 | size_t size,
38 | size_t count,
39 | void* user_data);
40 |
41 |
42 | typedef size_t (*YR_STREAM_WRITE_FUNC)(
43 | const void* ptr,
44 | size_t size,
45 | size_t count,
46 | void* user_data);
47 |
48 |
49 | typedef struct _YR_STREAM
50 | {
51 | void* user_data;
52 |
53 | YR_STREAM_READ_FUNC read;
54 | YR_STREAM_WRITE_FUNC write;
55 |
56 | } YR_STREAM;
57 |
58 |
59 | size_t yr_stream_read(
60 | void* ptr,
61 | size_t size,
62 | size_t count,
63 | YR_STREAM* stream);
64 |
65 |
66 | size_t yr_stream_write(
67 | const void* ptr,
68 | size_t size,
69 | size_t count,
70 | YR_STREAM* stream);
71 |
72 | #endif
73 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/strutils.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2007-2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_STRUTILS_H
31 | #define YR_STRUTILS_H
32 |
33 | #include
34 | #include
35 |
36 | #include
37 |
38 | #include "config.h"
39 |
40 | // Cygwin already has these functions.
41 | #if defined(_WIN32) && !defined(__CYGWIN__)
42 | #if defined(_MSC_VER) && _MSC_VER < 1900
43 | #define snprintf _snprintf
44 | #endif
45 | #define strcasecmp _stricmp
46 | #define strncasecmp _strnicmp
47 | #endif
48 |
49 |
50 | uint64_t xtoi(
51 | const char* hexstr);
52 |
53 |
54 | #if !HAVE_STRLCPY && !defined(strlcpy)
55 | size_t strlcpy(
56 | char *dst,
57 | const char *src,
58 | size_t size);
59 | #endif
60 |
61 |
62 | #if !HAVE_STRLCAT && !defined(strlcat)
63 | size_t strlcat(
64 | char *dst,
65 | const char *src,
66 | size_t size);
67 | #endif
68 |
69 |
70 | #if !HAVE_MEMMEM && !defined(memmem)
71 | void* memmem(
72 | const void *haystack,
73 | size_t haystack_size,
74 | const void *needle,
75 | size_t needle_size);
76 | #endif
77 |
78 |
79 | int strnlen_w(
80 | const char* w_str);
81 |
82 |
83 | int strcmp_w(
84 | const char* w_str,
85 | const char* str);
86 |
87 |
88 | size_t strlcpy_w(
89 | char* dst,
90 | const char* w_src,
91 | size_t n);
92 |
93 | #endif
94 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/threading.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2016. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 | #ifndef YR_MUTEX_H
31 | #define YR_MUTEX_H
32 |
33 |
34 |
35 | #if defined(_WIN32) || defined(__CYGWIN__)
36 |
37 | #include
38 |
39 | typedef DWORD YR_THREAD_ID;
40 | typedef DWORD YR_THREAD_STORAGE_KEY;
41 | typedef HANDLE YR_MUTEX;
42 |
43 | #else
44 |
45 | #include
46 |
47 | typedef pthread_t YR_THREAD_ID;
48 | typedef pthread_key_t YR_THREAD_STORAGE_KEY;
49 | typedef pthread_mutex_t YR_MUTEX;
50 |
51 | #endif
52 |
53 | YR_THREAD_ID yr_current_thread_id(void);
54 |
55 | int yr_mutex_create(YR_MUTEX*);
56 | int yr_mutex_destroy(YR_MUTEX*);
57 | int yr_mutex_lock(YR_MUTEX*);
58 | int yr_mutex_unlock(YR_MUTEX*);
59 |
60 | int yr_thread_storage_create(YR_THREAD_STORAGE_KEY*);
61 | int yr_thread_storage_destroy(YR_THREAD_STORAGE_KEY*);
62 | int yr_thread_storage_set_value(YR_THREAD_STORAGE_KEY*, void*);
63 | void* yr_thread_storage_get_value(YR_THREAD_STORAGE_KEY*);
64 |
65 | #endif
66 |
--------------------------------------------------------------------------------
/CFFYara/yara/include/yara/utils.h:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2014. The YARA Authors. All Rights Reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without modification,
5 | are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | 2. Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | 3. Neither the name of the copyright holder nor the names of its contributors
15 | may be used to endorse or promote products derived from this software without
16 | specific prior written permission.
17 |
18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 | */
29 |
30 |
31 | #ifndef YR_UTILS_H
32 | #define YR_UTILS_H
33 |
34 | #ifndef TRUE
35 | #define TRUE 1
36 | #endif
37 |
38 | #ifndef FALSE
39 | #define FALSE 0
40 | #endif
41 |
42 | #ifndef NULL
43 | #define NULL 0
44 | #endif
45 |
46 | #ifdef __cplusplus
47 | #define EXTERNC extern "C"
48 | #else
49 | #define EXTERNC
50 | #endif
51 |
52 | #if defined(__GNUC__)
53 | #define YR_API EXTERNC __attribute__((visibility("default")))
54 | #elif defined(_MSC_VER)
55 | #define YR_API EXTERNC __declspec(dllexport)
56 | #else
57 | #define YR_API EXTERNC
58 | #endif
59 |
60 | #if defined(__GNUC__)
61 | #define YR_ALIGN(n) __attribute__((aligned(n)))
62 | #elif defined(_MSC_VER)
63 | #define YR_ALIGN(n) __declspec(align(n))
64 | #else
65 | #define YR_ALIGN(n)
66 | #endif
67 |
68 | #define yr_min(x, y) ((x < y) ? (x) : (y))
69 | #define yr_max(x, y) ((x > y) ? (x) : (y))
70 |
71 | #define PTR_TO_INT64(x) ((int64_t) (size_t) x)
72 |
73 |
74 | #ifdef NDEBUG
75 |
76 | #define assertf(expr, msg, ...) ((void)0)
77 |
78 | #else
79 |
80 | #include
81 |
82 | #define assertf(expr, msg, ...) \
83 | if(!(expr)) { \
84 | fprintf(stderr, "%s:%d: " msg "\n", __FILE__, __LINE__, ##__VA_ARGS__); \
85 | abort(); \
86 | }
87 |
88 | #endif
89 |
90 | #endif
91 |
--------------------------------------------------------------------------------
/CFFYara/yara/lib/jansson32.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFYara/yara/lib/jansson32.lib
--------------------------------------------------------------------------------
/CFFYara/yara/lib/jansson64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFYara/yara/lib/jansson64.lib
--------------------------------------------------------------------------------
/CFFYara/yara/lib/libeay32.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFYara/yara/lib/libeay32.lib
--------------------------------------------------------------------------------
/CFFYara/yara/lib/libeay64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFYara/yara/lib/libeay64.lib
--------------------------------------------------------------------------------
/CFFYara/yara/lib/libyara32.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFYara/yara/lib/libyara32.lib
--------------------------------------------------------------------------------
/CFFYara/yara/lib/libyara64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/CFFYara/yara/lib/libyara64.lib
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | This code is available under MIT License.
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy
4 | of this software and associated documentation files (the "Software"), to deal
5 | in the Software without restriction, including without limitation the rights
6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 | copies of the Software, and to permit persons to whom the Software is
8 | furnished to do so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in
11 | all copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19 | THE SOFTWARE.
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # CFF Extensions #
2 |
3 | ----------
4 |
5 | This repository contains several simple extension to CFF Explorer ( [http://www.ntcore.com/exsuite.php](http://www.ntcore.com/exsuite.php) ) by Daniel Pistelli. These include:
6 |
7 | * [CFFStrings](https://github.com/bfosterjr/CFFExtensions/tree/master/CFFStrings)
8 | * Finds ASCII and Unicode strings within files
9 | * [CFFHashes](https://github.com/bfosterjr/CFFExtensions/tree/master/CFFHashes)
10 | * Calculates CRC, MD5, SHA1 and SHA256 hashes for files and parts of files
11 | * [CFFYara](https://github.com/bfosterjr/CFFExtensions/tree/master/CFFYara)
12 | * Enables Yara scanning from within CFF Explorer.
13 | * [CFFCapstone](https://github.com/bfosterjr/CFFExtensions/tree/master/CFFCapstone)
14 | * Capstone disassembly from within CFF Explorer
15 |
16 |
17 | ## Installation ##
18 |
19 | To install, simply [download](https://github.com/bfosterjr/CFFExtensions/raw/master/bin/CFFExtensions_1.0.4_setup.exe) and run the setup program. Ensure that your installation path is within the:
20 |
21 | 'Extensions\CFF Explorer'
22 |
23 | folder of your CFF Explorer installation directory.
24 |
25 | ## Usage ##
26 |
27 | When you launch CFF Explorer, 4 new items will be displayed: 'String', 'Hashes', 'Yara', and 'Capstone' as shown below:
28 |
29 | 
30 |
31 |
32 |
--------------------------------------------------------------------------------
/bin/CFFExtensions_1.0.0_setup.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/CFFExtensions_1.0.0_setup.exe
--------------------------------------------------------------------------------
/bin/CFFExtensions_1.0.1_setup.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/CFFExtensions_1.0.1_setup.exe
--------------------------------------------------------------------------------
/bin/CFFExtensions_1.0.2_setup.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/CFFExtensions_1.0.2_setup.exe
--------------------------------------------------------------------------------
/bin/CFFExtensions_1.0.3_setup.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/CFFExtensions_1.0.3_setup.exe
--------------------------------------------------------------------------------
/bin/CFFExtensions_1.0.4_setup.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/CFFExtensions_1.0.4_setup.exe
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFCapstone.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFCapstone.dll
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFCapstone.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFCapstone.exp
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFCapstone.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFCapstone.lib
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFCapstone.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFCapstone.pdb
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFHashes.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFHashes.dll
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFHashes.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFHashes.exp
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFHashes.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFHashes.lib
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFHashes.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFHashes.pdb
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFStrings.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFStrings.dll
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFStrings.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFStrings.exp
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFStrings.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFStrings.lib
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFStrings.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFStrings.pdb
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFYara.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFYara.dll
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFYara.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFYara.exp
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFYara.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFYara.lib
--------------------------------------------------------------------------------
/bin/x64/Debug/CFFYara.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Debug/CFFYara.pdb
--------------------------------------------------------------------------------
/bin/x64/Release/CFFCapstone.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFCapstone.dll
--------------------------------------------------------------------------------
/bin/x64/Release/CFFCapstone.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFCapstone.exp
--------------------------------------------------------------------------------
/bin/x64/Release/CFFCapstone.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFCapstone.lib
--------------------------------------------------------------------------------
/bin/x64/Release/CFFCapstone.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFCapstone.pdb
--------------------------------------------------------------------------------
/bin/x64/Release/CFFHashes.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFHashes.dll
--------------------------------------------------------------------------------
/bin/x64/Release/CFFHashes.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFHashes.exp
--------------------------------------------------------------------------------
/bin/x64/Release/CFFHashes.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFHashes.lib
--------------------------------------------------------------------------------
/bin/x64/Release/CFFHashes.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFHashes.pdb
--------------------------------------------------------------------------------
/bin/x64/Release/CFFStrings.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFStrings.dll
--------------------------------------------------------------------------------
/bin/x64/Release/CFFStrings.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFStrings.exp
--------------------------------------------------------------------------------
/bin/x64/Release/CFFStrings.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFStrings.lib
--------------------------------------------------------------------------------
/bin/x64/Release/CFFStrings.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFStrings.pdb
--------------------------------------------------------------------------------
/bin/x64/Release/CFFYara.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFYara.dll
--------------------------------------------------------------------------------
/bin/x64/Release/CFFYara.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFYara.exp
--------------------------------------------------------------------------------
/bin/x64/Release/CFFYara.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFYara.lib
--------------------------------------------------------------------------------
/bin/x64/Release/CFFYara.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x64/Release/CFFYara.pdb
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFCapstone.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFCapstone.dll
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFCapstone.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFCapstone.exp
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFCapstone.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFCapstone.lib
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFCapstone.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFCapstone.pdb
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFHashes.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFHashes.dll
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFHashes.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFHashes.exp
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFHashes.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFHashes.lib
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFHashes.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFHashes.pdb
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFStrings.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFStrings.dll
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFStrings.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFStrings.exp
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFStrings.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFStrings.lib
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFStrings.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFStrings.pdb
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFYara.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFYara.dll
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFYara.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFYara.exp
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFYara.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFYara.lib
--------------------------------------------------------------------------------
/bin/x86/Debug/CFFYara.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Debug/CFFYara.pdb
--------------------------------------------------------------------------------
/bin/x86/Release/CFFCapstone.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFCapstone.dll
--------------------------------------------------------------------------------
/bin/x86/Release/CFFCapstone.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFCapstone.exp
--------------------------------------------------------------------------------
/bin/x86/Release/CFFCapstone.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFCapstone.lib
--------------------------------------------------------------------------------
/bin/x86/Release/CFFCapstone.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFCapstone.pdb
--------------------------------------------------------------------------------
/bin/x86/Release/CFFHashes.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFHashes.dll
--------------------------------------------------------------------------------
/bin/x86/Release/CFFHashes.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFHashes.exp
--------------------------------------------------------------------------------
/bin/x86/Release/CFFHashes.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFHashes.lib
--------------------------------------------------------------------------------
/bin/x86/Release/CFFHashes.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFHashes.pdb
--------------------------------------------------------------------------------
/bin/x86/Release/CFFStrings.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFStrings.dll
--------------------------------------------------------------------------------
/bin/x86/Release/CFFStrings.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFStrings.exp
--------------------------------------------------------------------------------
/bin/x86/Release/CFFStrings.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFStrings.lib
--------------------------------------------------------------------------------
/bin/x86/Release/CFFStrings.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFStrings.pdb
--------------------------------------------------------------------------------
/bin/x86/Release/CFFYara.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFYara.dll
--------------------------------------------------------------------------------
/bin/x86/Release/CFFYara.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFYara.exp
--------------------------------------------------------------------------------
/bin/x86/Release/CFFYara.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFYara.lib
--------------------------------------------------------------------------------
/bin/x86/Release/CFFYara.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bfosterjr/CFFExtensions/18e9660e6e73cc833fe28c6083b4ef5445c92bb4/bin/x86/Release/CFFYara.pdb
--------------------------------------------------------------------------------
/setup_script.iss:
--------------------------------------------------------------------------------
1 | ; Script generated by the Inno Setup Script Wizard.
2 | ; SEE THE DOCUMENTATION FOR DETAILS ON CREATING INNO SETUP SCRIPT FILES!
3 |
4 | #define MyAppName "CFFExtensions"
5 | #define MyAppVersion "1.0.4"
6 | #define MyAppPublisher "@bfosterjr"
7 | #define MyAppURL "@bfosterjr"
8 |
9 | [Setup]
10 | ; NOTE: The value of AppId uniquely identifies this application.
11 | ; Do not use the same AppId value in installers for other applications.
12 | ; (To generate a new GUID, click Tools | Generate GUID inside the IDE.)
13 | AppId={{0B080FE7-FDC6-4817-9312-BB077E4A5C32}
14 | AppName={#MyAppName}
15 | AppVersion={#MyAppVersion}
16 | ;AppVerName={#MyAppName} {#MyAppVersion}
17 | AppPublisher={#MyAppPublisher}
18 | AppPublisherURL={#MyAppURL}
19 | AppSupportURL={#MyAppURL}
20 | AppUpdatesURL={#MyAppURL}
21 | DefaultGroupName={#MyAppName}
22 | AllowNoIcons=yes
23 | OutputBaseFilename={#MyAppName}_{#MyAppVersion}_setup
24 | Compression=lzma
25 | SolidCompression=yes
26 | OutputDir=.\bin
27 | DefaultDirName={pf}\Explorer Suite\Extensions\CFF Explorer\CFFExtensions
28 | ArchitecturesInstallIn64BitMode=x64
29 |
30 | [Languages]
31 | Name: "english"; MessagesFile: "compiler:Default.isl"
32 |
33 | [Files]
34 | Source: ".\bin\x64\Release\CFFHashes.dll"; DestDir: "{app}"; Check: Is64BitInstallMode; Flags: ignoreversion
35 | Source: ".\bin\x64\Release\CFFStrings.dll"; DestDir: "{app}"; Check: Is64BitInstallMode; Flags: ignoreversion
36 | Source: ".\bin\x64\Release\CFFYara.dll"; DestDir: "{app}"; Check: Is64BitInstallMode; Flags: ignoreversion
37 | Source: ".\bin\x64\Release\CFFCapstone.dll"; DestDir: "{app}"; Check: Is64BitInstallMode; Flags: ignoreversion
38 | Source: ".\bin\x86\Release\CFFHashes.dll"; DestDir: "{app}"; Check: not Is64BitInstallMode; Flags: solidbreak
39 | Source: ".\bin\x86\Release\CFFStrings.dll"; DestDir: "{app}"; Check: not is64BitInstallMode; Flags: ignoreversion
40 | Source: ".\bin\x86\Release\CFFYara.dll"; DestDir: "{app}"; Check: not Is64BitInstallMode; Flags: ignoreversion
41 | Source: ".\bin\x86\Release\CFFCapstone.dll"; DestDir: "{app}"; Check: not Is64BitInstallMode; Flags: ignoreversion
42 |
43 | [Icons]
44 | Name: "{group}\{cm:UninstallProgram,{#MyAppName}}"; Filename: "{uninstallexe}"
45 |
46 | [Code]
47 | function NextButtonClick(CurPageID: Integer): Boolean;
48 | var
49 | ResultCode: Integer;
50 | begin
51 | case CurPageID of
52 | wpSelectDir:
53 | MsgBox('Please ensure the installation path is in the "Extensions\CFF Explorer" directory of CFF Explorer', mbInformation, MB_OK);
54 | end;
55 | Result := True;
56 | end;
57 |
--------------------------------------------------------------------------------