diff --git a/hyara_lib/plugins/yara_checker.py b/hyara_lib/plugins/yara_checker.py index ab5aa99..282c8de 100644 --- a/hyara_lib/plugins/yara_checker.py +++ b/hyara_lib/plugins/yara_checker.py @@ -74,12 +74,14 @@ def _search(self): matches = rule.match(data=f.read()) for match in matches: strings = match.strings[0] - result[filename] = { - "path": self._folder_path.text(), - "addr": hex(strings[0]), - "rule_name": strings[1], - "value": strings[2].hex(), - } + + for instance in strings.instances: + result[filename] = { + "path": self._folder_path.text(), + "addr": hex(instance.offset), + "rule_name": strings.identifier, + "value": instance.matched_data.hex(), + } except IOError: # Permission denied continue diff --git a/hyara_lib/plugins/yara_detector.py b/hyara_lib/plugins/yara_detector.py index adafbd9..48b2399 100644 --- a/hyara_lib/plugins/yara_detector.py +++ b/hyara_lib/plugins/yara_detector.py @@ -93,15 +93,16 @@ def _search(self): matches = self.rule.match(data=data) for match in matches: - for i in match.strings: - result.append( - { - "addr": hex(i[0]), - "rule_name": match.rule, - "variable_name": i[1], - "value": i[2].hex(), - } - ) + for strings in match.strings: + for instance in strings.instances: + result.append( + { + "addr": hex(instance.offset), + "rule_name": match.rule, + "variable_name": strings.identifier, + "value": instance.matched_data.hex(), + } + ) self._table.setRowCount(len(result)) for idx, value in enumerate(result):