Add DEX module #822
Add DEX module #822
Conversation
There was a problem hiding this comment.
It would be nice to have a fuzzer for this module. Take a look at https://github.com/VirusTotal/yara/tree/master/tests/oss-fuzz for some examples.
libyara/modules/dex.c
Outdated
| declare_integer("access_flags"); | ||
| end_struct_array("field"); | ||
|
|
||
| declare_integer("number_of_method"); |
There was a problem hiding this comment.
user plural number_of_methods, for consistency with the naming used in other modules.
libyara/modules/dex.c
Outdated
| end_struct_array("map_item"); | ||
| end_struct("map_list"); | ||
|
|
||
| declare_integer("number_of_field"); |
There was a problem hiding this comment.
user plural number_of_fields, for consistency with the naming used in other modules.
|
|
||
| typedef struct | ||
| { | ||
| uint8_t magic[8]; |
There was a problem hiding this comment.
Use 2-space indentation across all this file.
libyara/modules/dex.c
Outdated
| return dex_header; | ||
| } | ||
|
|
||
| void dex_parse_header(dex_header_t*dex_header, YR_OBJECT* module_object) { |
There was a problem hiding this comment.
Opening curly braces in the next line, for style consistency within the codebase.
libyara/modules/dex.c
Outdated
| value, | ||
| dex->object, "string_ids[%i].value", i); | ||
|
|
||
| #ifdef DEBUG |
There was a problem hiding this comment.
Actually I think we should use another macro name for this, maybe DEX_MODULE_DEBUG
configure.ac
Outdated
| @@ -140,6 +140,13 @@ AC_ARG_WITH([crypto], | |||
| AS_HELP_STRING([--without-crypto], | |||
| [ignore presence of OpenSSL and disable it])) | |||
|
|
|||
| AC_ARG_ENABLE([android], | |||
There was a problem hiding this comment.
--enable-dex instead of --enable-android.
Makefile.am
Outdated
| @@ -57,6 +57,12 @@ test_macho_SOURCES = tests/test-macho.c tests/util.c | |||
| test_macho_LDADD = libyara/.libs/libyara.a | |||
| endif | |||
|
|
|||
| if ANDROID_MODULE | |||
There was a problem hiding this comment.
DEX_MODULE instead of ANDROID_MODULE
ghost
changed the title
|
Ok I remove finally the debug information, it is not super useful or I will add it more interesting later, and I added the necessary files for oss-fuzz |
* Add DEX module * Fix module name, indentation + minor things * Add testing file for fuzzing + remove debug * Add DEX module * Fix module name, indentation + minor things * Add testing file for fuzzing + remove debug
Hi,
it is a first patch to add basic support for DEX file format.
This patch exported more things compare to the original format, mainly related to field/method information.