.. _howto-build: Building libyara-1.6 for yara-ctypes ==================================== This guide captures some of the steps taken to make a clean checkout of tags/yara-1.6/ build and work for yara-ctypes. Patch a clean checkout of yara-1.6 ---------------------------------- Checkout yara-1.6.0 from:: svn co http://yara-project.googlecode.com/svn/tags/yara-1.6.0 . Modify the following two files from ``./libyara/`` to allow :mod:`yara.rules` cleanup after each search:: >>>yara.h<<< + void yr_free_matches(YARA_CONTEXT* context); >>>libyara.c<<< + void yr_free_matches(YARA_CONTEXT* context) + { + RULE* rule; + STRING* string; + MATCH* match; + MATCH* next_match; + rule = context->rule_list.head; + while (rule != NULL) + { + string = rule->string_list_head; + + while (string != NULL) + { + match = string->matches_head; + while (match != NULL) + { + next_match = match->next; + yr_free(match->data); + yr_free(match); + match = next_match; + } + string->matches_head = NULL; + string->matches_tail = NULL; + string = string->next; + } + rule = rule->next; + } + } Building for Ubuntu ------------------- Install the development pre-requisites:: > sudo apt-get install build-essential flex libpcre3-dev libpcre3 bison First attempt:: > cd $ROOTDIR/yara-1.6/ > ./configure > make If that fails, try to reconfigure:: > aclocal > automake -ac > autoheader > autoconf > ./configure make Thats it, nice and easy... Building for Windows -------------------- *Build using Mingw32* Install prerequisites:: > install mingw32 > pcre-8.20 builds fine... ./configure && make install Run the build:: > autoreconf -fiv # force an autoreconf (or update/replace libtools m4) > install build auto tools (including autoconf autogen) > find the latest pcre and bison - build them! :P > cd $ROOTDIR/yara-1.6/ > ./configure > make This will get you a 32bit dll. If you figure out how to do it under mingw64, let me know... *Build under Visual Studios* To build using Visual Studio, the following settings were added to the ``windows/libyara/libyara.vcproj`` Properties Page. * [General][Configuration Type] = "Dynamic Library (.dll)" * [C/C++][Runtime Library] = "Multi-threaded DLL (/MD)" The *C/C++* All Options view:: /I"..\..\windows\include" /Zi /nologo /W1 /WX- /O2 /Ob2 /Oi /Ot /Oy- /D "PCRE_STATIC" /D "_WINDLL" /D "_MBCS" /Gm- /MD /GS- /fp:precise /Zc:wchar_t /Zc:forScope /Fp"Release\libyara.pch" /Fa"Release\" /Fo"Release\" /Fd"Release\vc100.pdb" /Gd /TC /wd"4996" /analyze- /errorReport:queue The *Linker* All Options view:: /OUT:".\yara\tags\yara-1.6.0\windows\libyara\Release\libyara.dll" /NOLOGO /LIBPATH:"..\lib" /LIBPATH:".\yara\tags\yara-1.6.0\windows\libyara\Release\" /DLL "pcre32.lib" "kernel32.lib" "user32.lib" "gdi32.lib" "winspool.lib" "comdlg32.lib" "advapi32.lib" "shell32.lib" "ole32.lib" "oleaut32.lib" "uuid.lib" "odbc32.lib" "odbccp32.lib" /MANIFEST /ManifestFile:"Release\libyara.dll.intermediate.manifest" /ALLOWISOLATION /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /PDB:".\yara\tags\yara-1.6.0\windows\libyara\Release\libyara.pdb" /PGD:".\yara\tags\yara-1.6.0\windows\libyara\Release\libyara.pgd" /TLBID:1 /DYNAMICBASE /NXCOMPAT /MACHINE:X86 /ERRORREPORT:QUEUE Finally, to export the functions in the libyara.dll you need to ensure that each export function ``includes/yara.h`` has a ``__declspec(dllexport)`` defined before it:: >>>yara.h<<< __declspec(dllexport) RULE* lookup_rule(RULE_LIST* rules, const char* identifier, NAMESPACE* ns); __declspec(dllexport) STRING* lookup_string(STRING* string_list_head, const char* identifier); __declspec(dllexport) TAG* lookup_tag(TAG* tag_list_head, const char* identifier); __declspec(dllexport) META* lookup_meta(META* meta_list_head, const char* identifier); __declspec(dllexport) VARIABLE* lookup_variable(VARIABLE* _list_head, const char* identifier); __declspec(dllexport) void yr_init(); __declspec(dllexport) YARA_CONTEXT* yr_create_context(); __declspec(dllexport) void yr_destroy_context(YARA_CONTEXT* context); __declspec(dllexport) int yr_calculate_rules_weight(YARA_CONTEXT* context); __declspec(dllexport) NAMESPACE* yr_create_namespace(YARA_CONTEXT* context, const char* name); __declspec(dllexport) int yr_define_integer_variable(YARA_CONTEXT* context, const char* identifier, size_t value); __declspec(dllexport) int yr_define_boolean_variable(YARA_CONTEXT* context, const char* identifier, int value); __declspec(dllexport) int yr_define_string_variable(YARA_CONTEXT* context, const char* identifier, const char* value); __declspec(dllexport) int yr_undefine_variable(YARA_CONTEXT* context, const char* identifier); __declspec(dllexport) char* yr_get_current_file_name(YARA_CONTEXT* context); __declspec(dllexport) int yr_push_file_name(YARA_CONTEXT* context, const char* file_name); __declspec(dllexport) void yr_pop_file_name(YARA_CONTEXT* context); __declspec(dllexport) int yr_compile_file(FILE* rules_file, YARA_CONTEXT* context); __declspec(dllexport) int yr_compile_string(const char* rules_string, YARA_CONTEXT* context); __declspec(dllexport) int yr_scan_mem(unsigned char* buffer, size_t buffer_size, YARA_CONTEXT* context, YARACALLBACK callback, void* user_data); __declspec(dllexport) int yr_scan_file(const char* file_path, YARA_CONTEXT* context, YARACALLBACK callback, void* user_data); __declspec(dllexport) int yr_scan_proc(int pid, YARA_CONTEXT* context, YARACALLBACK callback, void* user_data); __declspec(dllexport) char* yr_get_error_message(YARA_CONTEXT* context, char* buffer, int buffer_size); __declspec(dllexport) void yr_free_matches(YARA_CONTEXT* context); Building for OS X Mountain Lion ------------------------------- Install Homebrew and install the following packages:: brew install libtool pcre bison automake autoconf svn Patch libyara/configure.ac with the following:: >>>libyara/configure.ac<<< + m4_pattern_allow([AM_PROG_AR]) + AM_PROG_AR Reconfigure the auto build tool chain:: autoreconf -fiv Due to a bug in the auto config files (somewhere) replace the generated libyara/libtool with:: rm libyara/libtool ln -s /usr/local/Cellar/libtool/2.4.2/bin/glibtool libyara/libtool Copy and rename the dynamic link library:: cp ./libyara/.libs/libyara.0.dylib /libyara.so Bundling libyara shared library files ------------------------------------- You can add your own libyara.dll/so files to the ``.libs/`` folder before running ``python setup.py install`` Windows:: ./libs/windows/x86_64/libyara.dll ./libs/windows/x86/libyara.dll Linux:: ./libs/linux/x86_64/libyara.so ./libs/linux/x86/libyara.so OS X:: ./libs/darwin/x86_64/libyara.so Alternatively you can install your libyara files in the correct place such that :mod:`libyara_wrapper` can find them. i.e:: Windows: \DLLs (or sys.prefix + 'DLLs') Linux: /lib (or sys.prefix + 'lib'