Make run_yara.bat usable on 32bit systems

Neo23x0 / Raccine

A Simple Ransomware Vaccine

The Unlicense

942 stars 123 forks source link

Make run_yara.bat usable on 32bit systems #83

Closed Neo23x0 closed 3 years ago

Neo23x0 commented 3 years ago

Until now, we use yara64.exe in run_yara.bat

We should add an option to run yara.exe as well, so that YARA matching also works on 32bit systems.

We could do this by:

adding a switch in the .bat file
adding a switch in Raccine.exe and add a runyara32.bat, which uses a 32bit executable
handle this during installation (similar to the installation of Raccine.exe and Raccine_x86.exe)

I'd like to handle it during installation.

Neo23x0 commented 3 years ago

Working on this on https://github.com/Neo23x0/Raccine/tree/yara-x86-support

JohnLaTwC commented 3 years ago

I think yara support is as simple as copying the proper architecture version in the installer after checking %PROCESSOR_ARCHITECTURE% for x86 v. AMD64.

And update the #define for yara in YaraRuleRunner.h

#ifdef _WIN64
#define YARA_INSTANCE  L"yara64.exe"
#elif defined _WIN32 
#define YARA_INSTANCE  L"yara.exe"
#endif