dllmain.cpp File Reference

#include "PanoptesYara.h"
#include <string>

Go to the source code of this file.

Functions
BOOL APIENTRY	DllMain (HMODULE module, DWORD dllAction, LPVOID lpReserved)
	The main entry point for the DLL.
PANO_API int	PanoBind (int ContainerPort)
	Bind to the Panoptes Service by sending a hello message containing the extensibility type and the port of the container that the extensibility is running in.
PANO_API bool	PanoEntry (PeScan *data, MemScan *mem_data)
	The entry point for the YARA extensibility.
PANO_API bool	PanoUnbind ()
	Unbind from the Panoptes Service by freeing the DLL.

Function Documentation

DllMain()

BOOL APIENTRY DllMain	(	HMODULE	module,
		DWORD	dllAction,
		LPVOID	lpReserved
	)

The main entry point for the DLL.

Parameters

module	The module handle
dllAction	The action to take
lpReserved	Reserved

Returns

Definition at line 9 of file dllmain.cpp.

{
    switch (dllAction)
    {
    case DLL_PROCESS_ATTACH:
        //DisableThreadLibraryCalls(module);
        break;
    case DLL_THREAD_ATTACH:
        // Code to run when a thread is created
        break;
    case DLL_THREAD_DETACH:
        // Code to run when a thread ends
        break;
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

PanoBind()

PANO_API int PanoBind

(

int

ContainerPort

)

Bind to the Panoptes Service by sending a hello message containing the extensibility type and the port of the container that the extensibility is running in.

Parameters

ContainerPort

The port of the container that the extensibility is running in

Returns

The container port

Definition at line 32 of file dllmain.cpp.

{
    PanoptesServiceClient client = PanoptesServiceClient();
    if (!client.Hello(ExtensibilityType::EXTENSIBILITY_TYPE_YARA, ContainerPort)) {
        return 0;
    }
 
    return ContainerPort;
}

References EXTENSIBILITY_TYPE_YARA, and PanoptesServiceClient::Hello().

PanoEntry()

PANO_API bool PanoEntry	(	PeScan *	data,
		MemScan *	mem_data
	)

The entry point for the YARA extensibility.

Parameters

data	The information about the file to be scanned
mem_data	The information about the memory to be scanned

Returns

True if the scan was successful, false otherwise

Definition at line 46 of file dllmain.cpp.

{
    std::string rules = "rules.pkg";
 
    YaraScanner yaraScan = YaraScanner::YaraScanner(rules.c_str());
    std::vector<std::string> scanDataResults = yaraScan.YaraScanFile(data->PePath);
 
    PanoptesServiceClient client = PanoptesServiceClient();
    if (!client.SendResults_Yara(data->PePath, data->FileHash, scanDataResults)) {
        return false;
    }
 
    return true;
}

References PeScan::FileHash, PeScan::PePath, PanoptesServiceClient::SendResults_Yara(), YaraScanner::YaraScanFile(), and YaraScanner::YaraScanner().

PanoUnbind()

PANO_API bool PanoUnbind

(

)

Unbind from the Panoptes Service by freeing the DLL.

Returns

True if the unbind was successful, false otherwise

Definition at line 63 of file dllmain.cpp.

{
    HMODULE hModule = GetModuleHandleA("PanoptesYara.dll");
    if (hModule != NULL) {
        FreeLibraryAndExitThread(hModule, 0);
    }
    return true;
}