Hey, I saw #14 and tried to compile the project on my setup, however, I fail quite at the start. I have just a very basic Rust knowledge, so any Rust error make me panic a bit. :)

After compiling Yara, I tried to compile yari-sys which leads to the following binding.rs related error message:

error[E0119]: conflicting implementations of trait `std::fmt::Debug` for type `YR_SCAN_CONTEXT`
    --> /Users/<path>/yari/target/debug/build/yari-sys-04910e37d3f78597/out/bindings.rs:4776:10
     |
4776 | #[derive(Debug, Copy, Clone)]
     |          ^^^^^ conflicting implementation for `YR_SCAN_CONTEXT`
     |
    ::: yari-sys/src/bindings.rs:26:1
     |
26   | impl Debug for YR_SCAN_CONTEXT {
     | ------------------------------ first implementation here
     |
     = note: this error originates in the derive macro `Debug` (in Nightly builds, run with -Z macro-backtrace for more info)

For more information about this error, try `rustc --explain E0119`.
error: could not compile `yari-sys` (lib) due to previous error

I have no idea about bindgen and the code generating the bindings in build.rs, but can help debugging. I attached the resulting binding.rs.txt as it may helps finding the issue.

The release process is currently manual. We should try to automate it. At least the builds for different platforms.

• Linux
• Windows
• Mac OS (only after #14 is done)

The logical next step after #63 would to visually mark found strings without hovering.

Could look like this: You open a .yar and immediately see by the blue numbers, in how many hashes these strings match:

{
	meta:
                ...
		hash = "0e9d92807d990144c637d8b081a6a90a74f15c7337522874cf6317092ea2d7c1"
		hash = "ebbc485e778f8e559ef9c66f55bb01dc4f5dcce9c31ccdd150e2c702c4b5d9e1"
		hash = "44b4068bfbbb8961e16bae238ad23d181ac9c8e4fcb4b09a66bbcd934d2d39ee"
		hash = "c5a4e188780b5513f34824904d56bf6e364979af6782417ccc5e5a8a70b4a95a"
	strings:
		2️⃣ $susasp1 = "/*-/*-*/"
		0️⃣ $susasp2 = "(\"%1"
		1️⃣ $susasp3 = /[Cc]hr\([Ss]tr\(/
		2️⃣ $susasp4 = "cmd.exe"
                ...

After clicking on the magnifying lens next to the hashes, you see which strings match for this hash by ✅ or ❌ next to the strings without need to hover.

I just don't have a clue how this could be done with LSP :)

Currently we support only Linux and Windows platforms.

We should find a way to also build universal MacOS YARI wheels.

• The first step should be to mention our current limitations in README
• Then find and document a way to build it on MacOS
• Optionally prepare a GithubActions workflow for that

PS: If you want to see this implemented in the future, please react to this issue.

When compiling under Linux, I get the following error message:

• cargo update
• cargo build

error[E0432]: unresolved import `crate::bindings::yr_modules_do_load`
  --> yari-sys/src/lib.rs:23:5
   |
23 | use crate::bindings::yr_modules_do_load;
   |     ^^^^^^^^^^^^^^^^^------------------
   |     |                |
   |     |                help: a similar name exists in the module: `yr_modules_load`
   |     no `yr_modules_do_load` in `bindings`

error[E0432]: unresolved import `crate::bindings::yr_modules_do_unload`
  --> yari-sys/src/lib.rs:24:5
   |
24 | use crate::bindings::yr_modules_do_unload;
   |     ^^^^^^^^^^^^^^^^^--------------------
   |     |                |
   |     |                help: a similar name exists in the module: `yr_modules_load`
   |     no `yr_modules_do_unload` in `bindings`

For more information about this error, try `rustc --explain E0432`.
error: could not compile `yari-sys` due to 2 previous errors

rustc --explain E0432:
An import was unresolved.

uname -a:
Linux Host 5.10.102.1-microsoft-standard-WSL2 SMP Wed Mar 2 00:30:59 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

lsb_release -a:
Ubuntu 20.04.5 LTS

We do not support the built-in symbols that are not from modules. The other symbol is deprecated entrypoint.

• they should be documented here

#[test]
fn test_eval_filesize() {
    let mut context = common::context_with_pe_sample_and_rule();
    let res = context.eval("filesize").unwrap();
    assert_eq!(res, YrValue::Integer(123));
}

Make sure this is also supported in complex expressions when comparing against 1200KB for example.

Hello,

yari doesn't support $string* matches in hoovering over conditions. Best way would probably to just show a summary, e.g.:

• No match
• Which ones of $string* matched