├── .gitignore ├── .gitlab-ci.yml ├── .world ├── build.sh ├── clean.sh ├── config.sh ├── install.sh ├── setup.sh └── wine_wrapper.sh ├── COPYING ├── MESON_BUILD.md ├── Makefile.am ├── README.md ├── bootstrap.sh ├── clang-format ├── configure.ac ├── fsrip_schema.graphql ├── include ├── batchhandler.h ├── blocksequence.h ├── blocksequence_impl.h ├── boost_asio.h ├── cli.h ├── codec.h ├── dirconversion.h ├── direntbatch.h ├── direntstack.h ├── dirreader.h ├── duckhash.h ├── duckinode.h ├── dummyoutputhandler.h ├── dummytracker.h ├── dummytsk.h ├── easyfut.h ├── entry.h ├── fieldhash.h ├── fieldhasher.h ├── filerecord.h ├── filescheduler.h ├── filesignatures.h ├── fsm.h ├── hashset.h ├── hex.h ├── inode.h ├── inodeandblocktracker.h ├── inodeandblocktrackerimpl.h ├── inputhandler.h ├── inputreader.h ├── jsoncons_wrapper.h ├── lexer.h ├── llama.h ├── llamabatch.h ├── llamaduck.h ├── mockinputhandler.h ├── mockoutputhandler.h ├── mockoutputwriter.h ├── options.h ├── outputchunk.h ├── outputhandler.h ├── outputtar.h ├── outputwriter.h ├── parser.h ├── patternparser.h ├── pdfreader.h ├── pooloutputhandler.h ├── processor.h ├── querybuilder.h ├── readseek.h ├── readseek_c_api.h ├── readseek_impl.h ├── recordbuffer.h ├── recordhasher.h ├── ruleengine.h ├── rulereader.h ├── schema.h ├── throw.h ├── timer.h ├── timestamps.h ├── token.h ├── treehasher.h ├── tsk.h ├── tskautowrapper.h ├── tskconversion.h ├── tskfacade.h ├── tskimgassembler.h ├── tskreader.h ├── tskreaderhelper.h ├── tsktimestamps.h └── util.h ├── m4 ├── ax_append_compile_flags.m4 ├── ax_append_flag.m4 ├── ax_append_link_flags.m4 ├── ax_boost_asio.m4 ├── ax_boost_base.m4 ├── ax_boost_date_time.m4 ├── ax_boost_program_options.m4 ├── ax_check_compile_flag.m4 ├── ax_check_library.m4 ├── ax_check_link_flag.m4 ├── ax_cxx_compile_stdcxx.m4 ├── ax_cxx_compile_stdcxx_17.m4 ├── ax_pkg_check_modules.m4 ├── ax_valgrind_check.m4 ├── lg_remove_flags.m4 ├── lg_replace_flag.m4 └── lg_uniq_flags.m4 ├── magics.json ├── meson.build ├── meson_options.txt ├── plan.txt ├── src ├── batchhandler.cpp ├── blocksequence_impl.cpp ├── cli.cpp ├── dirconversion.cpp ├── direntbatch.cpp ├── direntstack.cpp ├── dirreader.cpp ├── fieldhasher.cpp ├── filerecord.cpp ├── filescheduler.cpp ├── filesignatures.cpp ├── fs_schema.graphql ├── fsm.cpp ├── grammar │ └── llama.ebnf ├── hashset.cpp ├── hex.cpp ├── inodeandblocktrackerimpl.cpp ├── inputreader.cpp ├── lexer.cpp ├── llama.cpp ├── main.cpp ├── meson.build ├── outputtar.cpp ├── parser.cpp ├── pdfreader.cpp ├── pooloutputhandler.cpp ├── processor.cpp ├── querybuilder.cpp ├── readseek_c_api.cpp ├── readseek_impl.cpp ├── recordbuffer.cpp ├── recordhasher.cpp ├── ruleengine.cpp ├── rulereader.cpp ├── schema.cpp ├── timestamps.cpp ├── treehasher.cpp ├── tskautowrapper.cpp ├── tskconversion.cpp ├── tskfacade.cpp ├── tskimgassembler.cpp ├── tskreader.cpp ├── tskreaderhelper.cpp ├── tsktimestamps.cpp └── util.cpp └── test ├── benchmarks ├── test_parser.cpp ├── test_yara.cpp └── write_parser_benchmark_to_csv.py ├── data ├── offsets.json ├── pattern_lengths.json ├── small.pdf ├── test.pdf ├── test_signatures.json └── yara │ ├── HvS_APT27_HyperBro_Encrypted_Stage2.yar │ └── apt_apt15.yar ├── hsets ├── blake3.hset ├── md5.hset ├── sha1.hset └── sha1_md5.hset ├── meson.build ├── rules ├── kwsrch-2.llama └── test_rule.llama ├── test_blocksequence.cpp ├── test_cli.cpp ├── test_dirconversion.cpp ├── test_direntstack.cpp ├── test_dirreader.cpp ├── test_duckdb.cpp ├── test_fieldhasher.cpp ├── test_fileproxy.cpp ├── test_filerecord.cpp ├── test_filesignatures.cpp ├── test_fsm.cpp ├── test_hashset.cpp ├── test_hex.cpp ├── test_inodeandblocktrackerimpl.cpp ├── test_lexer.cpp ├── test_llama.cpp ├── test_parser.cpp ├── test_patternparser.cpp ├── test_pdfreader.cpp ├── test_processor.cpp ├── test_querybuilder.cpp ├── test_readseek.cpp ├── test_recordbuffer.cpp ├── test_recordhasher.cpp ├── test_ruleengine.cpp ├── test_rulereader.cpp ├── test_tskconversion.cpp ├── test_tskimgassembler.cpp ├── test_tskreader.cpp ├── test_tskreaderhelper.cpp ├── test_tsktimestamps.cpp └── test_util.cpp /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/.gitignore -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/.gitlab-ci.yml -------------------------------------------------------------------------------- /.world/build.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/.world/build.sh -------------------------------------------------------------------------------- /.world/clean.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | . .world/build_config.sh 4 | 5 | make_clean_it 6 | -------------------------------------------------------------------------------- /.world/config.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/.world/config.sh -------------------------------------------------------------------------------- /.world/install.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/.world/install.sh -------------------------------------------------------------------------------- /.world/setup.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/.world/setup.sh -------------------------------------------------------------------------------- /.world/wine_wrapper.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/.world/wine_wrapper.sh -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/COPYING -------------------------------------------------------------------------------- /MESON_BUILD.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/MESON_BUILD.md -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/Makefile.am -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/README.md -------------------------------------------------------------------------------- /bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | autoreconf -fi 4 | -------------------------------------------------------------------------------- /clang-format: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/clang-format -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/configure.ac -------------------------------------------------------------------------------- /fsrip_schema.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/fsrip_schema.graphql -------------------------------------------------------------------------------- /include/batchhandler.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/batchhandler.h -------------------------------------------------------------------------------- /include/blocksequence.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/blocksequence.h -------------------------------------------------------------------------------- /include/blocksequence_impl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/blocksequence_impl.h -------------------------------------------------------------------------------- /include/boost_asio.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/boost_asio.h -------------------------------------------------------------------------------- /include/cli.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/cli.h -------------------------------------------------------------------------------- /include/codec.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/codec.h -------------------------------------------------------------------------------- /include/dirconversion.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/dirconversion.h -------------------------------------------------------------------------------- /include/direntbatch.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/direntbatch.h -------------------------------------------------------------------------------- /include/direntstack.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/direntstack.h -------------------------------------------------------------------------------- /include/dirreader.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/dirreader.h -------------------------------------------------------------------------------- /include/duckhash.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/duckhash.h -------------------------------------------------------------------------------- /include/duckinode.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/duckinode.h -------------------------------------------------------------------------------- /include/dummyoutputhandler.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/dummyoutputhandler.h -------------------------------------------------------------------------------- /include/dummytracker.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/dummytracker.h -------------------------------------------------------------------------------- /include/dummytsk.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/dummytsk.h -------------------------------------------------------------------------------- /include/easyfut.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/easyfut.h -------------------------------------------------------------------------------- /include/entry.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/entry.h -------------------------------------------------------------------------------- /include/fieldhash.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/fieldhash.h -------------------------------------------------------------------------------- /include/fieldhasher.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/fieldhasher.h -------------------------------------------------------------------------------- /include/filerecord.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/filerecord.h -------------------------------------------------------------------------------- /include/filescheduler.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/filescheduler.h -------------------------------------------------------------------------------- /include/filesignatures.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/filesignatures.h -------------------------------------------------------------------------------- /include/fsm.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/fsm.h -------------------------------------------------------------------------------- /include/hashset.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/hashset.h -------------------------------------------------------------------------------- /include/hex.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/hex.h -------------------------------------------------------------------------------- /include/inode.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/inode.h -------------------------------------------------------------------------------- /include/inodeandblocktracker.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/inodeandblocktracker.h -------------------------------------------------------------------------------- /include/inodeandblocktrackerimpl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/inodeandblocktrackerimpl.h -------------------------------------------------------------------------------- /include/inputhandler.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/inputhandler.h -------------------------------------------------------------------------------- /include/inputreader.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/inputreader.h -------------------------------------------------------------------------------- /include/jsoncons_wrapper.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/jsoncons_wrapper.h -------------------------------------------------------------------------------- /include/lexer.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/lexer.h -------------------------------------------------------------------------------- /include/llama.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/llama.h -------------------------------------------------------------------------------- /include/llamabatch.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/llamabatch.h -------------------------------------------------------------------------------- /include/llamaduck.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/llamaduck.h -------------------------------------------------------------------------------- /include/mockinputhandler.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/mockinputhandler.h -------------------------------------------------------------------------------- /include/mockoutputhandler.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/mockoutputhandler.h -------------------------------------------------------------------------------- /include/mockoutputwriter.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/mockoutputwriter.h -------------------------------------------------------------------------------- /include/options.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/options.h -------------------------------------------------------------------------------- /include/outputchunk.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/outputchunk.h -------------------------------------------------------------------------------- /include/outputhandler.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/outputhandler.h -------------------------------------------------------------------------------- /include/outputtar.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/outputtar.h -------------------------------------------------------------------------------- /include/outputwriter.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/outputwriter.h -------------------------------------------------------------------------------- /include/parser.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/parser.h -------------------------------------------------------------------------------- /include/patternparser.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/patternparser.h -------------------------------------------------------------------------------- /include/pdfreader.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/pdfreader.h -------------------------------------------------------------------------------- /include/pooloutputhandler.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/pooloutputhandler.h -------------------------------------------------------------------------------- /include/processor.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/processor.h -------------------------------------------------------------------------------- /include/querybuilder.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/querybuilder.h -------------------------------------------------------------------------------- /include/readseek.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/readseek.h -------------------------------------------------------------------------------- /include/readseek_c_api.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/readseek_c_api.h -------------------------------------------------------------------------------- /include/readseek_impl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/readseek_impl.h -------------------------------------------------------------------------------- /include/recordbuffer.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/recordbuffer.h -------------------------------------------------------------------------------- /include/recordhasher.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/recordhasher.h -------------------------------------------------------------------------------- /include/ruleengine.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/ruleengine.h -------------------------------------------------------------------------------- /include/rulereader.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/rulereader.h -------------------------------------------------------------------------------- /include/schema.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/schema.h -------------------------------------------------------------------------------- /include/throw.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/throw.h -------------------------------------------------------------------------------- /include/timer.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/timer.h -------------------------------------------------------------------------------- /include/timestamps.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/timestamps.h -------------------------------------------------------------------------------- /include/token.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/token.h -------------------------------------------------------------------------------- /include/treehasher.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/treehasher.h -------------------------------------------------------------------------------- /include/tsk.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/tsk.h -------------------------------------------------------------------------------- /include/tskautowrapper.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/tskautowrapper.h -------------------------------------------------------------------------------- /include/tskconversion.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/tskconversion.h -------------------------------------------------------------------------------- /include/tskfacade.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/tskfacade.h -------------------------------------------------------------------------------- /include/tskimgassembler.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/tskimgassembler.h -------------------------------------------------------------------------------- /include/tskreader.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/tskreader.h -------------------------------------------------------------------------------- /include/tskreaderhelper.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/tskreaderhelper.h -------------------------------------------------------------------------------- /include/tsktimestamps.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/tsktimestamps.h -------------------------------------------------------------------------------- /include/util.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/include/util.h -------------------------------------------------------------------------------- /m4/ax_append_compile_flags.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_append_compile_flags.m4 -------------------------------------------------------------------------------- /m4/ax_append_flag.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_append_flag.m4 -------------------------------------------------------------------------------- /m4/ax_append_link_flags.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_append_link_flags.m4 -------------------------------------------------------------------------------- /m4/ax_boost_asio.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_boost_asio.m4 -------------------------------------------------------------------------------- /m4/ax_boost_base.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_boost_base.m4 -------------------------------------------------------------------------------- /m4/ax_boost_date_time.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_boost_date_time.m4 -------------------------------------------------------------------------------- /m4/ax_boost_program_options.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_boost_program_options.m4 -------------------------------------------------------------------------------- /m4/ax_check_compile_flag.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_check_compile_flag.m4 -------------------------------------------------------------------------------- /m4/ax_check_library.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_check_library.m4 -------------------------------------------------------------------------------- /m4/ax_check_link_flag.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_check_link_flag.m4 -------------------------------------------------------------------------------- /m4/ax_cxx_compile_stdcxx.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_cxx_compile_stdcxx.m4 -------------------------------------------------------------------------------- /m4/ax_cxx_compile_stdcxx_17.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_cxx_compile_stdcxx_17.m4 -------------------------------------------------------------------------------- /m4/ax_pkg_check_modules.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_pkg_check_modules.m4 -------------------------------------------------------------------------------- /m4/ax_valgrind_check.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/ax_valgrind_check.m4 -------------------------------------------------------------------------------- /m4/lg_remove_flags.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/lg_remove_flags.m4 -------------------------------------------------------------------------------- /m4/lg_replace_flag.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/lg_replace_flag.m4 -------------------------------------------------------------------------------- /m4/lg_uniq_flags.m4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/m4/lg_uniq_flags.m4 -------------------------------------------------------------------------------- /magics.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/magics.json -------------------------------------------------------------------------------- /meson.build: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/meson.build -------------------------------------------------------------------------------- /meson_options.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/meson_options.txt -------------------------------------------------------------------------------- /plan.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/plan.txt -------------------------------------------------------------------------------- /src/batchhandler.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/batchhandler.cpp -------------------------------------------------------------------------------- /src/blocksequence_impl.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/blocksequence_impl.cpp -------------------------------------------------------------------------------- /src/cli.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/cli.cpp -------------------------------------------------------------------------------- /src/dirconversion.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/dirconversion.cpp -------------------------------------------------------------------------------- /src/direntbatch.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/direntbatch.cpp -------------------------------------------------------------------------------- /src/direntstack.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/direntstack.cpp -------------------------------------------------------------------------------- /src/dirreader.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/dirreader.cpp -------------------------------------------------------------------------------- /src/fieldhasher.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/fieldhasher.cpp -------------------------------------------------------------------------------- /src/filerecord.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/filerecord.cpp -------------------------------------------------------------------------------- /src/filescheduler.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/filescheduler.cpp -------------------------------------------------------------------------------- /src/filesignatures.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/filesignatures.cpp -------------------------------------------------------------------------------- /src/fs_schema.graphql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/fs_schema.graphql -------------------------------------------------------------------------------- /src/fsm.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/fsm.cpp -------------------------------------------------------------------------------- /src/grammar/llama.ebnf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/grammar/llama.ebnf -------------------------------------------------------------------------------- /src/hashset.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/hashset.cpp -------------------------------------------------------------------------------- /src/hex.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/hex.cpp -------------------------------------------------------------------------------- /src/inodeandblocktrackerimpl.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/inodeandblocktrackerimpl.cpp -------------------------------------------------------------------------------- /src/inputreader.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/inputreader.cpp -------------------------------------------------------------------------------- /src/lexer.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/lexer.cpp -------------------------------------------------------------------------------- /src/llama.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/llama.cpp -------------------------------------------------------------------------------- /src/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/main.cpp -------------------------------------------------------------------------------- /src/meson.build: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/meson.build -------------------------------------------------------------------------------- /src/outputtar.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/outputtar.cpp -------------------------------------------------------------------------------- /src/parser.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/parser.cpp -------------------------------------------------------------------------------- /src/pdfreader.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/pdfreader.cpp -------------------------------------------------------------------------------- /src/pooloutputhandler.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/pooloutputhandler.cpp -------------------------------------------------------------------------------- /src/processor.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/processor.cpp -------------------------------------------------------------------------------- /src/querybuilder.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/querybuilder.cpp -------------------------------------------------------------------------------- /src/readseek_c_api.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/readseek_c_api.cpp -------------------------------------------------------------------------------- /src/readseek_impl.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/readseek_impl.cpp -------------------------------------------------------------------------------- /src/recordbuffer.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/recordbuffer.cpp -------------------------------------------------------------------------------- /src/recordhasher.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/recordhasher.cpp -------------------------------------------------------------------------------- /src/ruleengine.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/ruleengine.cpp -------------------------------------------------------------------------------- /src/rulereader.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/rulereader.cpp -------------------------------------------------------------------------------- /src/schema.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/schema.cpp -------------------------------------------------------------------------------- /src/timestamps.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/timestamps.cpp -------------------------------------------------------------------------------- /src/treehasher.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/treehasher.cpp -------------------------------------------------------------------------------- /src/tskautowrapper.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/tskautowrapper.cpp -------------------------------------------------------------------------------- /src/tskconversion.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/tskconversion.cpp -------------------------------------------------------------------------------- /src/tskfacade.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/tskfacade.cpp -------------------------------------------------------------------------------- /src/tskimgassembler.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/tskimgassembler.cpp -------------------------------------------------------------------------------- /src/tskreader.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/tskreader.cpp -------------------------------------------------------------------------------- /src/tskreaderhelper.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/tskreaderhelper.cpp -------------------------------------------------------------------------------- /src/tsktimestamps.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/tsktimestamps.cpp -------------------------------------------------------------------------------- /src/util.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/src/util.cpp -------------------------------------------------------------------------------- /test/benchmarks/test_parser.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/benchmarks/test_parser.cpp -------------------------------------------------------------------------------- /test/benchmarks/test_yara.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/benchmarks/test_yara.cpp -------------------------------------------------------------------------------- /test/benchmarks/write_parser_benchmark_to_csv.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/benchmarks/write_parser_benchmark_to_csv.py -------------------------------------------------------------------------------- /test/data/offsets.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/data/offsets.json -------------------------------------------------------------------------------- /test/data/pattern_lengths.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/data/pattern_lengths.json -------------------------------------------------------------------------------- /test/data/small.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/data/small.pdf -------------------------------------------------------------------------------- /test/data/test.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/data/test.pdf -------------------------------------------------------------------------------- /test/data/test_signatures.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/data/test_signatures.json -------------------------------------------------------------------------------- /test/data/yara/HvS_APT27_HyperBro_Encrypted_Stage2.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/data/yara/HvS_APT27_HyperBro_Encrypted_Stage2.yar -------------------------------------------------------------------------------- /test/data/yara/apt_apt15.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/data/yara/apt_apt15.yar -------------------------------------------------------------------------------- /test/hsets/blake3.hset: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/hsets/blake3.hset -------------------------------------------------------------------------------- /test/hsets/md5.hset: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/hsets/md5.hset -------------------------------------------------------------------------------- /test/hsets/sha1.hset: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/hsets/sha1.hset -------------------------------------------------------------------------------- /test/hsets/sha1_md5.hset: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/hsets/sha1_md5.hset -------------------------------------------------------------------------------- /test/meson.build: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/meson.build -------------------------------------------------------------------------------- /test/rules/kwsrch-2.llama: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/rules/kwsrch-2.llama -------------------------------------------------------------------------------- /test/rules/test_rule.llama: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/rules/test_rule.llama -------------------------------------------------------------------------------- /test/test_blocksequence.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_blocksequence.cpp -------------------------------------------------------------------------------- /test/test_cli.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_cli.cpp -------------------------------------------------------------------------------- /test/test_dirconversion.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_dirconversion.cpp -------------------------------------------------------------------------------- /test/test_direntstack.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_direntstack.cpp -------------------------------------------------------------------------------- /test/test_dirreader.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_dirreader.cpp -------------------------------------------------------------------------------- /test/test_duckdb.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_duckdb.cpp -------------------------------------------------------------------------------- /test/test_fieldhasher.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_fieldhasher.cpp -------------------------------------------------------------------------------- /test/test_fileproxy.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_fileproxy.cpp -------------------------------------------------------------------------------- /test/test_filerecord.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_filerecord.cpp -------------------------------------------------------------------------------- /test/test_filesignatures.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_filesignatures.cpp -------------------------------------------------------------------------------- /test/test_fsm.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_fsm.cpp -------------------------------------------------------------------------------- /test/test_hashset.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_hashset.cpp -------------------------------------------------------------------------------- /test/test_hex.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_hex.cpp -------------------------------------------------------------------------------- /test/test_inodeandblocktrackerimpl.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_inodeandblocktrackerimpl.cpp -------------------------------------------------------------------------------- /test/test_lexer.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_lexer.cpp -------------------------------------------------------------------------------- /test/test_llama.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_llama.cpp -------------------------------------------------------------------------------- /test/test_parser.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_parser.cpp -------------------------------------------------------------------------------- /test/test_patternparser.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_patternparser.cpp -------------------------------------------------------------------------------- /test/test_pdfreader.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_pdfreader.cpp -------------------------------------------------------------------------------- /test/test_processor.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_processor.cpp -------------------------------------------------------------------------------- /test/test_querybuilder.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_querybuilder.cpp -------------------------------------------------------------------------------- /test/test_readseek.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_readseek.cpp -------------------------------------------------------------------------------- /test/test_recordbuffer.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_recordbuffer.cpp -------------------------------------------------------------------------------- /test/test_recordhasher.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_recordhasher.cpp -------------------------------------------------------------------------------- /test/test_ruleengine.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_ruleengine.cpp -------------------------------------------------------------------------------- /test/test_rulereader.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_rulereader.cpp -------------------------------------------------------------------------------- /test/test_tskconversion.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_tskconversion.cpp -------------------------------------------------------------------------------- /test/test_tskimgassembler.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_tskimgassembler.cpp -------------------------------------------------------------------------------- /test/test_tskreader.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_tskreader.cpp -------------------------------------------------------------------------------- /test/test_tskreaderhelper.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_tskreaderhelper.cpp -------------------------------------------------------------------------------- /test/test_tsktimestamps.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_tsktimestamps.cpp -------------------------------------------------------------------------------- /test/test_util.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/llama/HEAD/test/test_util.cpp --------------------------------------------------------------------------------