-
Notifications
You must be signed in to change notification settings - Fork 14
Module Completion
infosec-intern edited this page Jun 28, 2021
·
4 revisions
Provides completion suggestions for standard YARA modules, including pe, elf, math, and all the others available in the official documentation: https://yara.readthedocs.io/en/latest/modules.html
Modules currently supported by the extension include:
- PE
- ELF
- Cuckoo
- Magic
- Hash
- Math
- Dotnet
- Time
- VirusTotal
All module schemas can be perused at the following link:
https://github.com/infosec-intern/vscode-yara/tree/v1.5.0/yara/src/modules
All modules are stored as JSON under yara/src/modules/. Each module has its own file corresponding to the module name, and the JSON entries are key/value pairs where the key is the module entry, and the type of entry it is. Entry types are any of the following:
-
Property: A simple string or integer value, such as
pe.number_of_sections -
Method: A function to be called, such as
pe.is_dll() -
Enum: A constant value with a specific name, such as
pe.DLL -
Dictionary: A struct of properties accessed via string keys, such as
pe.version_info["FileVersion"] -
Array: A zero-based array of values, usually strings or structs, such as
pe.sections[] -
Sub-field: A struct located inside an array containing properties unique to each array entry, such as
pe.sections[].name