Skip to content

yarGen 0.17.0
Compare
Choose a tag to compare
@Neo23x0 Neo23x0 released this 06 Feb 11:24
· 184 commits to master since this release
0.17.0
f02129f

Database Download

The database files are not included in the repo anymore. Use "--update" to get the string and opcode databases or download them from the following URL and place them in a "./dbs" sub folder.

Download URL

https://drive.google.com/drive/folders/0B2S_IOa0MiOHS0xmekR6VWRhZ28

Multiple Database Support

yarGen now allows creating multiple databases for opcodes or strings. You can easily create a new database by using "-c" for new database creation and pass an identifier "-i identifier" e.g. "office". It will then create two new database files named "good-strings-office.db" and "good-opcodes-office.db" that will initialized during startup together with the built-in databases.

Example

Create a new strings and opcodes database from an Office 2013 program directory:

yarGen.py -c --opcodes -i office -g /opt/packs/office2013

The analysis and string extraction process will create the following new databases in the "./dbs" sub folder.

good-strings-office.db
good-opcodes-office.db

You can then directly use them in the rule creation process because from version 0.17.0 on, all *.db files in the sub folder "./dbs" will be initialized during startup.

You can update the once created databases with the "-u" parameter

yarGen.py -u --opcodes -i office -g /opt/packs/office365

This would update the "office" databases with new strings extracted from files in the given directory.

Assets 3
Loading