Add Yara help dialog.

rizinorg · Jun 7, 2022 · 11e4a91 · 11e4a91
1 parent da29f0e
commit 11e4a91
Show file tree

Hide file tree

Showing 6 changed files with 51 additions and 0 deletions.
diff --git a/cutter-plugin/YaraPlugin.cpp b/cutter-plugin/YaraPlugin.cpp
@@ -81,4 +81,31 @@ void YaraPlugin::onActionLoadYaraFolder()
         yaraDock->switchToMatches();
         emit Core()->flagsChanged();
     }
+}
+
+void YaraPlugin::openHelpDialog()
+{
+    auto description =
+            tr("Hello, Welcome to Yara Help\n\n"
+               "How to use one or multiple Yara rules:\n"
+               " - Top Menu > File > Apply Yara Rule... > Apply Yara Rule From File\n"
+               " - Top Menu > File > Apply Yara Rule... > Apply All Yara Rules In Directory\n\n"
+               "How to see matches from loaded rules:\n"
+               " 1. Open the 'Yara' view\n"
+               " 2. Select the 'Matches' Tab\n"
+               " 3. Double click to seek at the matched location.\n"
+               "Some locations might not be visible due the match being outside the virtual "
+               "address space.\n\n"
+               "How to create a rule:\n"
+               " 1. Open the 'Disassembly' view.\n"
+               " 2. Left click on the Disassembly view.\n"
+               " 3. Menu > Plugins > Add Yara String.\n"
+               " 4. Select the type, give it a name and set the size (in bytes).\n"
+               " 5. Open the 'Yara' view and go to the Rule Tab.\n\n"
+               "How to add metadata to the rule:\n"
+               " 1. Open the 'Yara' view and go to the Metadata Tab.\n"
+               " 2. Left click > Add New Entry.\n"
+               " 3. Each entry is made of a keyword and value, but some can be automatically "
+               "filled.\n");
+    QMessageBox::information(nullptr, tr("Yara Help"), description);
 }
diff --git a/cutter-plugin/YaraPlugin.h b/cutter-plugin/YaraPlugin.h
@@ -24,6 +24,8 @@ class YaraPlugin : public QObject, CutterPlugin
     QString getDescription() const override { return "Cutter YARA rules parser and generator."; }
     QString getVersion() const override { return "1.0"; }
 
+    static void openHelpDialog();
+
 private:
     void onActionAddYaraString();
     void onActionLoadYaraFile();

diff --git a/cutter-plugin/YaraTextEditor.cpp b/cutter-plugin/YaraTextEditor.cpp
@@ -3,6 +3,7 @@
 // SPDX-License-Identifier: LGPL-3.0-only
 
 #include "YaraTextEditor.h"
+#include "YaraPlugin.h"
 
 #include <QScrollBar>
 #include <QTextBlock>
@@ -41,12 +42,20 @@ void YaraTextEditor::contextMenuEvent(QContextMenuEvent *event)
 {
     QMenu *menu = createStandardContextMenu();
     QAction *actionSaveYaraRule = menu->addAction(tr("Save Yara Rule to File"));
+    QAction *actionOpenHelp = menu->addAction(tr("Yara Help"));
     connect(actionSaveYaraRule, &QAction::triggered, this, &YaraTextEditor::onActionSaveYaraRule);
+    connect(actionOpenHelp, &QAction::triggered, this, &YaraTextEditor::onActionOpenHelp);
     menu->insertSeparator(actionSaveYaraRule);
+    menu->insertSeparator(actionOpenHelp);
     menu->exec(event->globalPos());
     delete menu;
 }
 
+void YaraTextEditor::onActionOpenHelp()
+{
+    YaraPlugin::openHelpDialog();
+}
+
 void YaraTextEditor::onActionSaveYaraRule()
 {
     QString errorLine;

diff --git a/cutter-plugin/YaraTextEditor.h b/cutter-plugin/YaraTextEditor.h
@@ -64,6 +64,7 @@ private slots:
 
 private:
     void onActionSaveYaraRule();
+    void onActionOpenHelp();
     static void handleCompileErrors(bool is_warning, const char *file, int line,
                                     const RzYaraRule *rule, const char *message, void *user_data);
 

diff --git a/cutter-plugin/YaraViewMenu.cpp b/cutter-plugin/YaraViewMenu.cpp
@@ -3,6 +3,7 @@
 // SPDX-License-Identifier: LGPL-3.0-only
 
 #include "YaraViewMenu.h"
+#include "YaraPlugin.h"
 #include <MainWindow.h>
 
 #include <QtCore>
@@ -20,19 +21,23 @@ YaraViewMenu::YaraViewMenu(QWidget *parent, MainWindow *mainWindow)
     actionSeekAt = new QAction(tr("Seek At"), this);
     actionRemove = new QAction(tr("Remove Entry"), this);
     actionRemoveAll = new QAction(tr("Remove All Entries"), this);
+    actionOpenHelp = new QAction(tr("Yara Help"), this);
 
     connect(actionAddNewMetadata, &QAction::triggered, this, &YaraViewMenu::onActionAddNewMetadata);
     connect(actionCopyName, &QAction::triggered, this, &YaraViewMenu::onActionCopyName);
     connect(actionSeekAt, &QAction::triggered, this, &YaraViewMenu::onActionSeekAt);
     connect(actionRemove, &QAction::triggered, this, &YaraViewMenu::onActionRemove);
     connect(actionRemoveAll, &QAction::triggered, this, &YaraViewMenu::onActionRemoveAll);
+    connect(actionOpenHelp, &QAction::triggered, this, &YaraViewMenu::onActionOpenHelp);
 
     addAction(actionAddNewMetadata);
     addAction(actionCopyName);
     addAction(actionSeekAt);
     addSeparator();
     addAction(actionRemove);
     addAction(actionRemoveAll);
+    addSeparator();
+    addAction(actionOpenHelp);
 
     this->actionAddNewMetadata->setVisible(false);
     this->actionCopyName->setVisible(true);
@@ -146,3 +151,8 @@ void YaraViewMenu::onActionRemoveAll()
     emit Core()->refreshCodeViews();
     emit Core()->flagsChanged();
 }
+
+void YaraViewMenu::onActionOpenHelp()
+{
+    YaraPlugin::openHelpDialog();
+}
diff --git a/cutter-plugin/YaraViewMenu.h b/cutter-plugin/YaraViewMenu.h
@@ -33,6 +33,7 @@ public slots:
     void onActionSeekAt();
     void onActionRemove();
     void onActionRemoveAll();
+    void onActionOpenHelp();
 
     QMenu *pluginMenu;
     QAction *pluginMenuAction;
@@ -48,6 +49,7 @@ public slots:
     QAction *actionSeekAt;
     QAction *actionRemove;
     QAction *actionRemoveAll;
+    QAction *actionOpenHelp;
 
     YaraDescription target_yara;
     MetadataDescription target_meta;