Hello people,
I would like to use Yara in a stand-alone exectable. I use pyinstaller to
create it.
If I write this on a shell:
rules = yara.compile(source='rule dummy { strings: $filter1 = "%s" wide
ascii nocase '
'condition: $filter1 }' % "test")
for i in psutil.process_iter():
print(i)
if i.pid and i.pid != getpid():
try:
res = rules.match(pid=i.pid)
print(res)
for hit in res:
print(hit)
It works.
The same code after compilation will generate a MemoryError (at the match).
A step (I do know not wich one) inside Yara seems forget a flush (when it
is compiled only).
A former developper did the job with the 3.3.0 yara version, but this one
is not avalaible anymore on github. Can someone help me ?
here the spec file used for compilation:
a = AFile(['..\\afile.py'],
pathex=['a path'],
hiddenimports=[],
hookspath=None,
runtime_hooks=None)
pyz = PYZ(a.pure)
exe = EXE(pyz,
a.scripts,
a.binaries - [('mfc90.dll', None, None), ('mfc90u.dll', None,
None), ('mfcm90.dll', None, None), ('mfcm90u.dll', None, None),
('msvcrt.dll', None, None), ('msvcr90.dll', None, None), ('msvcp90.dll',
None, None), ('msvcm90.dll', None, None), ('user32.dll', None, None)],
a.zipfiles,
a.datas,
name='my_executable.exe',
debug=False,
strip=None,
upx=False,
console=True )
Thanks
Cécile
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
