search

polymorf / findcrypt-yara

IDA pro plugin to find crypto constants (and more)
BSD 3-Clause "New" or "Revised" License
1.28k stars 231 forks source link

ida pro 7.3 Replace yara with yara-python #33

Open yywz1999 opened 3 years ago

yywz1999 commented 3 years ago

Problem: Could not find any in this variable libyara.so Because it is a system variable and the directory is not writable image

Solved : As can be seen from pypi's official website, Yara has not been updated since 2014, but Yara Python has been released in 2020 image

Step1: install yara-python (yara.so) pip install yara-python -i https://pypi.org/simple image

Step2: copy "python2.7\site-packages\yara.so" to ida\python\yara.so image The size is 410k, compared with 96k in 2014

Success~ image

This IDA-plugin(findcrypt) is very good!! i behind u.

yywz1999 commented 3 years ago

You may take this yara.so Put it in the project , This eliminates the need to install Yara , Then add the installation method to readme: set the yara.so Put it in the IDA/python directory

Of course, this is just my personal suggestion.... :)