def match(self, *args, **kwargs) -> List[Match]:
"""
Patched to use our patched Match() object and allow for automatically running
on IDB input file.
Besides the default yara parameters, this implementation also includes:
:param bool input_offset: Whether to apply input file offset to string offsets.
:param int offset: Optional offset to offset string offsets by.
:param str|int segment: Name or EA of segment to match to.
"""
input_offset = kwargs.pop("input_offset", False)
offset = kwargs.pop("offset", None)
segment = kwargs.pop("segment", None)
# Run on segment.
if segment:
kwargs["data"] = segments.get_bytes(segment)
offset = offset or segments.get_start(segment)
# Run on input file.
elif not (args or kwargs):
args = (idc.get_input_file_path(), )
input_offset = True
return [
Match(match, offset=offset, file_offset=input_offset)
for match in self._rules.match(*args, **kwargs)
]
def _get_segments(self, segname=None):
"""
Obtain the bytes of the segment specified in segname or all segments as an iterable.
:param str segname: segment name or None
:yield: seg_start, seg_bytes
"""
if segname:
seg_starts = [ida_segment.get_segm_by_name(segname).start_ea]
else:
seg_starts = idautils.Segments()
for ea in seg_starts:
yield ea, segments.get_bytes(ea)