Panoptes
1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
src
extensibility
PanoptesYara
src
dllmain.cpp
Go to the documentation of this file.
1
#include "
PanoptesYara.h
"
2
#include <string>
3
9
BOOL
APIENTRY
DllMain
(HMODULE module,
DWORD
dllAction, LPVOID lpReserved)
10
{
11
switch
(dllAction)
12
{
13
case
DLL_PROCESS_ATTACH:
14
//DisableThreadLibraryCalls(module);
15
break
;
16
case
DLL_THREAD_ATTACH:
17
// Code to run when a thread is created
18
break
;
19
case
DLL_THREAD_DETACH:
20
// Code to run when a thread ends
21
break
;
22
case
DLL_PROCESS_DETACH:
23
break
;
24
}
25
return
TRUE;
26
}
27
32
extern
"C"
PANO_API
int
PanoBind
(
int
ContainerPort)
33
{
34
PanoptesServiceClient
client =
PanoptesServiceClient
();
35
if
(!client.
Hello
(
ExtensibilityType::EXTENSIBILITY_TYPE_YARA
, ContainerPort)) {
36
return
0;
37
}
38
39
return
ContainerPort;
40
}
41
46
extern
"C"
PANO_API
bool
PanoEntry
(
PeScan
* data,
MemScan
* mem_data)
47
{
48
std::string rules =
"rules.pkg"
;
49
50
YaraScanner
yaraScan =
YaraScanner::YaraScanner
(rules.c_str());
51
std::vector<std::string> scanDataResults = yaraScan.
YaraScanFile
(data->
PePath
);
52
53
PanoptesServiceClient
client =
PanoptesServiceClient
();
54
if
(!client.
SendResults_Yara
(data->
PePath
, data->
FileHash
, scanDataResults)) {
55
return
false
;
56
}
57
58
return
true
;
59
}
60
63
extern
"C"
PANO_API
bool
PanoUnbind
()
64
{
65
HMODULE hModule = GetModuleHandleA(
"PanoptesYara.dll"
);
66
if
(hModule != NULL) {
67
FreeLibraryAndExitThread(hModule, 0);
68
}
69
return
true
;
70
}
PANO_API
#define PANO_API
Definition
ExtensibilityCore.h:7
EXTENSIBILITY_TYPE_YARA
@ EXTENSIBILITY_TYPE_YARA
Definition
ExtensibilityCore.h:14
PanoptesYara.h
PanoptesServiceClient
Panoptes Service Client that is used to communicate with the Panoptes Service via.
Definition
container_ipc.hpp:36
PanoptesServiceClient::SendResults_Yara
bool SendResults_Yara(std::string PePath, std::string FileHash, DWORD ProcessId, std::string YaraRulesPath, INT MatchRules, std::vector< std::string > DetectedRules)
PanoptesServiceClient::Hello
bool Hello(ExtensibilityType extensibilityType, std::string port)
The Hello function sends a Hello message to the Panoptes main service from the container.
Definition
service_client.cpp:25
YaraScanner
The YaraScanner class that is used to scan a file using YARA rules.
Definition
PanoptesYara.h:20
YaraScanner::YaraScanner
YaraScanner(const char *Rules)
Intializes Yara memory and attempts to load supplied yara rules.
Definition
yara-scan.cpp:37
YaraScanner::YaraScanFile
std::vector< std::string > YaraScanFile(std::string PathToFile)
Scan a file using YARA rules.
Definition
yara-scan.cpp:81
PanoBind
ExtensibilityCore::PanoBindPtr PanoBind
Definition
container.cpp:11
PanoEntry
ExtensibilityCore::PanoEntryPtr PanoEntry
Definition
container.cpp:12
DllMain
BOOL APIENTRY DllMain(HMODULE module, DWORD dllAction, LPVOID lpReserved)
The main entry point for the DLL.
Definition
dllmain.cpp:9
PanoUnbind
PANO_API bool PanoUnbind()
Unbind from the Panoptes Service by freeing the DLL.
Definition
dllmain.cpp:63
BOOL
int BOOL
Definition
inject.h:3
DWORD
unsigned long DWORD
Definition
inject.h:2
MemScan
The information about the memory to be scanned that passed between the container, extensibility and t...
Definition
ExtensibilityCore.h:26
PeScan
The information about the file to be scanned that passed between the container, extensibility and the...
Definition
ExtensibilityCore.h:19
PeScan::FileHash
std::string FileHash
Definition
ExtensibilityCore.h:21
PeScan::PePath
std::string PePath
Definition
ExtensibilityCore.h:20
Generated by
1.9.8
1.9.8