Describe the bug
I'm testing zelos with yarascan plugin that matches "Hello World" string in memory. I got this error during the test:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/zelos/engine.py", line 593, in close
closure()
File "/usr/local/lib/python3.8/dist-packages/zelos/ext/plugins/yarascan/yarascan.py", line 307, in closure
list(
File "/usr/local/lib/python3.8/dist-packages/zelos/ext/plugins/yarascan/yarascan.py", line 378, in matches
self._log(match.info(brief))
File "/usr/local/lib/python3.8/dist-packages/zelos/ext/plugins/yarascan/yarascan.py", line 234, in info
for i, s in enumerate(self.strings):
File "/usr/local/lib/python3.8/dist-packages/zelos/ext/plugins/yarascan/yarascan.py", line 184, in strings
self._yara_strings = [
File "/usr/local/lib/python3.8/dist-packages/zelos/ext/plugins/yarascan/yarascan.py", line 185, in <listcomp>
YaraString(self.region_address + s[0], s, self._xref_cnts[i])
AttributeError: 'YaraMatch' object has no attribute '_xref_cnts'
(test binary file with yara has no error)
3. Run command `zelos --yara_file basic_rule.yar /tmp/run`
4. See error
**Expected behavior**
I think program should show `Matched` message.
**Screenshots**
**Additional context**
- I installed zelos via pip3 `sudo pip3 install zelos`.
Describe the bug I'm testing zelos with yarascan plugin that matches "Hello World" string in memory. I got this error during the test:
To Reproduce Steps to reproduce the behavior:
int main() { printf("Hello world\n"); return 0; }
rule hello_world: zelos { strings: $1 = "Hello world" condition: $1 }