Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature] Decouple Yara Compiling #1999

Open
1 task
paraknell opened this issue Dec 11, 2024 · 2 comments
Open
1 task

[Feature] Decouple Yara Compiling #1999

paraknell opened this issue Dec 11, 2024 · 2 comments

Comments

@paraknell
Copy link

What feature would you like to see?

Currently yara is compiled from source into the application. This unfortunately makes it harder to use yara(and associated rules) with custom compile instructions.

Example Repo:
https://github.com/Neo23x0/signature-base/blob/master/makefile

Would it be possible to specify a path to yara?

If there is a way to do this already, apologies, please advise.

How will this feature be useful to you and others?

  • Wider array of available yara repositories
  • Greater customization for how yara is compiled
  • Different versions of yara could be referenced

Request Type

  • I can provide a PoC for this feature or am willing to work on it myself and submit a PR

Additional context?

Other Examples:
https://github.com/KasperskyLab/klara

@WerWolv
Copy link
Owner

WerWolv commented Dec 12, 2024

Hey, when configuring ImHex you can specify the -DUSE_SYSTEM_YARA=ON flag to cmake. That will make it use the yara library that's been installed on your system instead of the bundled version. Is that enough for your usecase?

@paraknell
Copy link
Author

I have not specifically tested, but that should be sufficient.

If I am understanding correctly, I would follow this guide to build:
https://github.com/WerWolv/ImHex/blob/master/dist/compiling/windows.md
dist/compiling/windows.md and add in -DUSE_SYSTEM_YARA=ON

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants