Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

README.md improved with more examples #37

Merged
merged 5 commits into from
Oct 21, 2024
Merged
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,63 @@ Usage: yrg [action] [args..] load and run yara rules inside r2
[0x100003a84]>
```

### Yara generator usage

**Commands Overview**

**yrg** - Initialize a YARA rule.
**yrgs** - Add strings as patterns.
**yrgx** - Add hex patterns.
**yrgf** - Add function byte signatures.
**yrgz** - Add all strings from the current function.

To start using r2yara to create YARA rules automatically, follow these steps:

**Open a binary with radare2:**

```
r2 <binary>
```

**Generate a YARA rule:**

```
yrg
```

This initializes a new YARA rule.

**Add strings from the binary as patterns:**

```
yrgs
```

**Add hex patterns:**

```
yrgx
```

**Optionally, add function signatures:**

```
yrgf
```

**Once you've added the desired patterns, save the rule:**

```
ys <rule_name>
```

**To scan the binary with the loaded rules:**
```
seifreed marked this conversation as resolved.
Show resolved Hide resolved
yrs
```
**yrs** - Scan the binary with loaded YARA rules.
**ys** <rule_name> - Save the generated rule.

Run it like this:

```
Expand Down