Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Decouple Yara Compiling #1999

Open
1 task
paraknell opened this issue Dec 11, 2024 · 4 comments
Open
1 task

[Feature] Decouple Yara Compiling #1999

paraknell opened this issue Dec 11, 2024 · 4 comments
Labels
feature request

Comments

@paraknell
Copy link

What feature would you like to see?

Currently yara is compiled from source into the application. This unfortunately makes it harder to use yara(and associated rules) with custom compile instructions.

Example Repo:
https://github.com/Neo23x0/signature-base/blob/master/makefile

Would it be possible to specify a path to yara?

If there is a way to do this already, apologies, please advise.

How will this feature be useful to you and others?

  • Wider array of available yara repositories
  • Greater customization for how yara is compiled
  • Different versions of yara could be referenced

Request Type

  • I can provide a PoC for this feature or am willing to work on it myself and submit a PR

Additional context?

Other Examples:
https://github.com/KasperskyLab/klara
@WerWolv
Copy link
Owner

WerWolv commented Dec 12, 2024

Hey, when configuring ImHex you can specify the -DUSE_SYSTEM_YARA=ON flag to cmake. That will make it use the yara library that's been installed on your system instead of the bundled version. Is that enough for your usecase?

@paraknell
Copy link
Author

I have not specifically tested, but that should be sufficient.

If I am understanding correctly, I would follow this guide to build:
https://github.com/WerWolv/ImHex/blob/master/dist/compiling/windows.md
dist/compiling/windows.md and add in -DUSE_SYSTEM_YARA=ON

@paraknell
Copy link
Author

I attempted the web docker build without making any adjustments to the code and that was able to compile just fine. So I attempted to add -DUSE_SYSTEM_YARA with one of my custom docker images inserted at the top, as part of a multi-stage build:

FROM custom/yara-neo:latest AS build-yara
FROM emscripten/emsdk:3.1.51 AS build

COPY --from=build-yara /app/neo /app/neo

Then run the docker compose command. I get:

7.527 CMake Error: The following variables are used in this project, but they are set to NOTFOUND.
7.527 YARA_LIBRARIES (ADVANCED)
7.527    linked by target "yara_rules" in directory /imhex/plugins/yara_rules

I then validate that the multi-stage image can be built, by removing the lines after ARG UNIQUEKEY 1, and I can see yara, yarac and the src files for yara.

I re-enable the rest of the dockfile once again and add the build argument -DYARA_LIBRARIES=/app/src/yara-version/librara to cmake in the dockerfile and get a different error:

yara_rule.cpp:11:10 fatal error: 'yara.h' file not found

So I add another build argument to cmake, -DYARA_INCLUDE_DIRS=/app/src/yara-version/librara/include. This seems to clean up all those errors messages, but now I get a warning :

WARNING: Target "builtin" request linking to directory "/app/src/yara-version/librara". Targets may link only to libraries. Cmake is dropping the item.

@WerWolv
Copy link
Owner

WerWolv commented Dec 26, 2024

I believe YARA_LIBRARIES needs to point to the static library files you want to link to, not to the link folder

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paraknell @WerWolv