Merge branch 'release/v0.2.0'

fkie-cad · Nov 19, 2020 · 273fd39 · 273fd39
2 parents cff8f9e + 6700154
commit 273fd39
Show file tree

Hide file tree

Showing 22 changed files with 471 additions and 52 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -24,13 +24,16 @@ install:
     - ./prepare.sh
 
 script:
-    - go test -v ./...
+    - go test -race -coverprofile=coverage.txt -covermode=atomic -v ./...
     - mkdir -p build/ &>/dev/null
     - pushd cmd/yapscan
     - go build -trimpath -o ../../build/yapscan
     - popd
     - ./buildForWindows.sh
 
+after_success:
+    - bash <(curl -s https://codecov.io/bash)
+
 before_deploy:
     - pushd build
     - 7z a yapscan_windows_amd64.zip yapscan.exe yapscan.dll

diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# yapscan [![Build Status](https://travis-ci.org/fkie-cad/yapscan.svg?branch=master)](https://travis-ci.org/fkie-cad/yapscan)
+# yapscan [![Build Status](https://travis-ci.org/fkie-cad/yapscan.svg?branch=master)](https://travis-ci.org/fkie-cad/yapscan) [![codecov](https://codecov.io/gh/fkie-cad/yapscan/branch/master/graph/badge.svg?token=Y2ANV37QH6)](https://codecov.io/gh/fkie-cad/yapscan)
 
 Yapscan is a **YA**ra based **P**rocess **SCAN**ner, aimed at giving more control about what to scan and giving detailed reports on matches.
 

diff --git a/app/app.go b/app/app.go
@@ -204,7 +204,7 @@ func RunApp(args []string) {
 		Name:        "yapscan",
 		HelpName:    "yapscan",
 		Description: "A yara based scanner for files and process memory with some extras.",
-		Version:     "0.1.0",
+		Version:     "0.2.0",
 		Writer:      os.Stdout,
 		ErrWriter:   os.Stderr,
 		Authors: []*cli.Author{
@@ -352,6 +352,10 @@ func RunApp(args []string) {
 						Usage: "create a full report",
 						Value: false,
 					},
+					&cli.StringFlag{
+						Name:  "report-dir",
+						Usage: "the directory in which the report zip will be written",
+					},
 					&cli.BoolFlag{
 						Name:  "store-dumps",
 						Usage: "store dumps of memory regions that match rules, implies --full-report, the report will be encrypted with --password",

diff --git a/app/dump.go b/app/dump.go
@@ -76,28 +76,34 @@ func dumpMemory(c *cli.Context) error {
 		if seg.BaseAddress == addr || allSegments {
 			found = true
 		}
+		fmt.Printf("0x%08X: ", seg.BaseAddress)
 		match := filter.Filter(seg)
 		if allSegments && !match.Result {
+			fmt.Println("skipping, " + match.Reason)
 			continue
 		}
 		if found {
 			rdr, err := procIO.NewMemoryReader(proc, seg)
 			if err != nil {
-				return errors.Newf("could not read memory of process %d at address 0x%016X, reason %w", pid, seg.BaseAddress, err)
+				fmt.Println(errors.Newf("could not read memory of process %d at address 0x%016X, reason %w", pid, seg.BaseAddress, err))
+				continue
 			}
 
 			if c.Bool("store") {
 				fname := fmt.Sprintf("%d_%s_0x%X.bin", pid, seg.CurrentPermissions.String(), seg.BaseAddress)
 				path := path.Join(c.String("storage-dir"), fname)
 				outfile, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0666)
 				if err != nil {
-					return errors.Newf("could not create dump file \"%s\", reason: %w", path, err)
+					fmt.Println(errors.Newf("could not create dump file \"%s\", reason: %w", path, err))
+					continue
 				}
 				_, err = io.Copy(outfile, rdr)
 				outfile.Close()
 				if err != nil {
-					return errors.Newf("could not dump segment to file \"%s\", reason: %w", path, err)
+					fmt.Println(errors.Newf("could not dump segment to file \"%s\", reason: %w", path, err))
+					continue
 				}
+				fmt.Printf("dumped to \"%s\"\n", path)
 			} else {
 				_, err = io.Copy(dumper, rdr)
 				if err != nil {

diff --git a/app/scan.go b/app/scan.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"path"
+	"path/filepath"
 	"strconv"
 
 	"github.com/fkie-cad/yapscan"
@@ -93,7 +94,7 @@ func scan(c *cli.Context) error {
 		if err != nil {
 			return errors.Errorf("could not initialize analysis reporter, reason: %w", err)
 		}
-		gatherRep.ZIP = gatherRep.SuggestZIPName()
+		gatherRep.ZIP = filepath.Join(c.String("report-dir"), gatherRep.SuggestZIPName())
 		gatherRep.DeleteAfterZipping = !c.Bool("keep")
 		fmt.Printf("Full report will be written to \"%s\".\n", gatherRep.ZIP)
 		if c.Bool("store-dumps") {

diff --git a/cmd/memtest/main_windows.go b/cmd/memtest/main_windows.go
@@ -16,8 +16,13 @@ import (
 )
 
 func main() {
-	if len(os.Args) != 3 {
-		log.Fatalf("Usage: %s <size> <native_memprotect>")
+	if len(os.Args) < 3 {
+		log.Fatalf("Usage: %s <size> <native_memprotect> [file]")
+	}
+
+	filename := ""
+	if len(os.Args) >= 4 {
+		filename = os.Args[3]
 	}
 
 	size, err := strconv.ParseUint(os.Args[1], 10, 64)
@@ -30,6 +35,27 @@ func main() {
 		log.Fatalf("Invalid protect value, %v", err)
 	}
 
+	var data []byte
+
+	if filename != "" {
+		f, err := os.Open(filename)
+		if err != nil {
+			log.Fatalf("Could not open file, reason: %v", err)
+		}
+		data, err = ioutil.ReadAll(f)
+		if err != nil {
+			log.Fatalf("Could not read from file, reason: %v", err)
+		}
+		f.Close()
+
+		size = uint64(len(data))
+	} else {
+		data, err = ioutil.ReadAll(io.LimitReader(os.Stdin, int64(size)))
+		if err != nil {
+			log.Fatalf("Could not read from stdin, reason: %v", err)
+		}
+	}
+
 	addr, err := windows.VirtualAlloc(0, uintptr(size), windows.MEM_RESERVE|windows.MEM_COMMIT, windows.PAGE_READWRITE)
 	if err != nil {
 		log.Fatalf("Could not alloc, reason: %v", err)
@@ -38,11 +64,6 @@ func main() {
 		windows.VirtualFree(addr, 0, windows.MEM_RELEASE)
 	}()
 
-	data, err := ioutil.ReadAll(io.LimitReader(os.Stdin, int64(size)))
-	if err != nil {
-		log.Fatalf("Could not read from stdin, reason: %v", err)
-	}
-
 	C.memcpy(unsafe.Pointer(addr), unsafe.Pointer(&data[0]), C.size_t(size))
 
 	var oldProtect uint32
@@ -53,6 +74,12 @@ func main() {
 
 	fmt.Println(addr)
 
-	// Wait for stdin close
-	ioutil.ReadAll(os.Stdin)
+	if filename != "" {
+		fmt.Println("Press Enter to close application...")
+		// Wait for user enter
+		fmt.Scanln()
+	} else {
+		// Wait for stdin close
+		ioutil.ReadAll(os.Stdin)
+	}
 }
diff --git a/fileIO/filesystem.go b/fileIO/filesystem.go
@@ -103,6 +103,7 @@ func (it *fsIterator) dirScanner() {
 		dir := it.dirs[0]
 		it.dirs = it.dirs[1:]
 
+		// New func here only for defer.
 		func() {
 			f, err := os.Open(dir)
 			if err != nil {

diff --git a/fileIO/filesystem_test.go b/fileIO/filesystem_test.go
@@ -42,7 +42,9 @@ func TestIterateSuccess(t *testing.T) {
 
 		Convey("should not error.", func() {
 			So(err, ShouldBeNil)
-			So(it, ShouldNotBeNil)
+			if it == nil { // Workaround for goconvey bug goconvey/#612
+				So(it, ShouldNotBeNil)
+			}
 		})
 
 		filenames := []string{

diff --git a/go.mod b/go.mod
@@ -7,21 +7,21 @@ require (
 	github.com/0xrawsec/golang-win32 v1.0.6
 	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
 	github.com/dustin/go-humanize v1.0.0
-	github.com/fatih/color v1.9.0
+	github.com/fatih/color v1.10.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 // indirect
-	github.com/hillu/go-yara/v4 v4.0.2
+	github.com/hillu/go-yara/v4 v4.0.3
 	github.com/kr/pretty v0.1.0 // indirect
-	github.com/mattn/go-colorable v0.1.8 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sirupsen/logrus v1.7.0
 	github.com/smartystreets/assertions v1.2.0 // indirect
 	github.com/smartystreets/goconvey v1.6.4
 	github.com/stretchr/objx v0.1.1 // indirect
 	github.com/stretchr/testify v1.6.1
 	github.com/targodan/go-errors v1.0.0
-	github.com/urfave/cli/v2 v2.2.0
+	github.com/urfave/cli/v2 v2.3.0
 	github.com/yeka/zip v0.0.0-20180914125537-d046722c6feb
-	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 // indirect
-	golang.org/x/sys v0.0.0-20201024232916-9f70ab9862d5
+	golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9 // indirect
+	golang.org/x/sys v0.0.0-20201119102817-f84b799fce68
 	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -14,16 +14,16 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s=
-github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
+github.com/fatih/color v1.10.0 h1:s36xzo75JdqLaaWoiEHk767eHiwo0598uUxyfiPkDsg=
+github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 h1:l5lAOZEym3oK3SQ2HBHWsJUfbNBiTXJDeW2QDxw9AQ0=
 github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/hillu/go-yara/v4 v4.0.2 h1:haSCAkF3rPODgm7jWqqaeP+5bUo9C2GAYrUOG5yQ8fQ=
-github.com/hillu/go-yara/v4 v4.0.2/go.mod h1:rkb/gSAoO8qcmj+pv6fDZN4tOa3N7R+qqGlEkzT4iys=
+github.com/hillu/go-yara/v4 v4.0.3 h1:ktYuhB6fI1VKZCehCuEO08U3WWdgdhMKKn9uZGezlrc=
+github.com/hillu/go-yara/v4 v4.0.3/go.mod h1:rkb/gSAoO8qcmj+pv6fDZN4tOa3N7R+qqGlEkzT4iys=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
@@ -32,13 +32,8 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
-github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.11 h1:FxPOTFNqGkuDUGi3H/qkUbQO4ZiBa2brKq5r0l8TGeM=
-github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
@@ -48,6 +43,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
@@ -67,29 +64,31 @@ github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/targodan/go-errors v1.0.0 h1:H1hZke3MN9+Z06n1l4O0dYsC5Sm2d3W4ZcIJjQDiKlg=
 github.com/targodan/go-errors v1.0.0/go.mod h1:xF0Z1lpYQlz9suJZl6dXny+ZeDuJer0F8HiuVqaYkh4=
-github.com/urfave/cli/v2 v2.2.0 h1:JTTnM6wKzdA0Jqodd966MVj4vWbbquZykeX1sKbe2C4=
-github.com/urfave/cli/v2 v2.2.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
+github.com/urfave/cli/v2 v2.3.0 h1:qph92Y649prgesehzOrQjdWyxFOp/QVM+6imKHad91M=
+github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
 github.com/yeka/zip v0.0.0-20180914125537-d046722c6feb h1:OJYP70YMddlmGq//EPLj8Vw2uJXmrA+cGSPhXTDpn2E=
 github.com/yeka/zip v0.0.0-20180914125537-d046722c6feb/go.mod h1:9BnoKCcgJ/+SLhfAXj15352hTOuVmG5Gzo8xNRINfqI=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4 h1:ydJNl0ENAG67pFbB+9tfhiL2pYqLhfoaZFw/cjLhY4A=
 golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E=
-golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9 h1:phUcVbl53swtrUN8kQEXFhUxPlIlWyBfKmidCu7P95o=
+golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwLmSJpwZ1yqXm8j0v2QI=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190626150813-e07cf5db2756 h1:9nuHUbU8dRnRRfj9KjWUVrJeoexdbeMjttk6Oh1rD10=
 golang.org/x/sys v0.0.0-20190626150813-e07cf5db2756/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201024232916-9f70ab9862d5 h1:iCaAy5bMeEvwANu3YnJfWwI0kWAGkEa2RXPdweI/ysk=
-golang.org/x/sys v0.0.0-20201024232916-9f70ab9862d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@@ -102,6 +101,6 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/helper.go b/helper.go
@@ -8,6 +8,9 @@ import (
 	"github.com/hillu/go-yara/v4"
 )
 
+// AddressesFromMatches returns one value for each given yara.MatchString.
+// The returned values are equal to the given offset plus the Offset field of
+// each yara.MatchString.
 func AddressesFromMatches(matches []yara.MatchString, offset uint64) []uint64 {
 	addrs := make([]uint64, len(matches))
 	for i, m := range matches {
@@ -16,6 +19,9 @@ func AddressesFromMatches(matches []yara.MatchString, offset uint64) []uint64 {
 	return addrs
 }
 
+// FormatSlice calls fmt.Sprintf(format, element, args...) for each
+// element in the given slice. The returned string slice contains the
+// formatted output.
 func FormatSlice(format string, slice interface{}, args ...interface{}) []string {
 	ref := reflect.ValueOf(slice)
 	if ref.Kind() != reflect.Slice {
@@ -34,6 +40,8 @@ func FormatSlice(format string, slice interface{}, args ...interface{}) []string
 	return strs
 }
 
+// Join joins all elements of a string slice, using the defaultGlue
+// for all but the last two elements.
 func Join(parts []string, defaultGlue, finalGlue string) string {
 	switch len(parts) {
 	case 0: