Merge branch 'release/v0.10.0'

fkie-cad · Jul 14, 2021 · d2ca098 · d2ca098
2 parents c60cf74 + f98a01a
commit d2ca098
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -38,7 +38,7 @@ COMMANDS:
    scan                        scans processes or paths with yara rules
    zip-rules                   creates an encrypted zip containing compiled yara rules
    join                        joins dumps with padding
-   crash-processe, crash       crash a processe
+   crash-process, crash        crash a process
    help, h                     Shows a list of commands or help for one command
 ```
 

diff --git a/app/app.go b/app/app.go
@@ -34,7 +34,7 @@ func initAppAction(c *cli.Context) error {
 	case "--":
 		logrus.SetOutput(os.Stderr)
 	default:
-		logfile, err := os.OpenFile(c.String("log-path"), os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
+		logfile, err := os.OpenFile(c.String("log-path"), os.O_WRONLY|os.O_CREATE|os.O_APPEND|os.O_SYNC, 0666)
 		if err != nil {
 			return fmt.Errorf("could not open logfile for writing, reason: %w", err)
 		}
@@ -209,7 +209,7 @@ func MakeApp(args []string) *cli.App {
 		Name:        "yapscan",
 		HelpName:    "yapscan",
 		Description: "A yara based scanner for files and process memory with some extras.",
-		Version:     "0.9.0",
+		Version:     "0.10.0",
 		Writer:      os.Stdout,
 		ErrWriter:   os.Stderr,
 		Authors: []*cli.Author{
@@ -435,9 +435,9 @@ func MakeApp(args []string) *cli.App {
 				},
 			},
 			&cli.Command{
-				Name:    "crash-processe",
+				Name:    "crash-process",
 				Aliases: []string{"crash"},
-				Usage:   "crash a processe",
+				Usage:   "crash a process",
 				Action:  crashProcess,
 				Flags: []cli.Flag{
 					&cli.StringFlag{

diff --git a/system/memory_linux.go b/system/memory_linux.go
@@ -10,7 +10,6 @@ import (
 func TotalRAM() (uintptr, error) {
 	si := &syscall.Sysinfo_t{}
 
-	// XXX is a raw syscall thread safe?
 	err := syscall.Sysinfo(si)
 	if err != nil {
 		return 0, errors.Newf("syscall failed: %w", err)
@@ -23,11 +22,34 @@ func TotalRAM() (uintptr, error) {
 func FreeRAM() (uintptr, error) {
 	si := &syscall.Sysinfo_t{}
 
-	// XXX is a raw syscall thread safe?
 	err := syscall.Sysinfo(si)
 	if err != nil {
 		return 0, errors.Newf("syscall failed: %w", err)
 	}
 
 	return uintptr(si.Freeram), nil
 }
+
+// TotalSwap returns the amount of free RAM available for allocation in bytes.
+func TotalSwap() (uintptr, error) {
+	si := &syscall.Sysinfo_t{}
+
+	err := syscall.Sysinfo(si)
+	if err != nil {
+		return 0, errors.Newf("syscall failed: %w", err)
+	}
+
+	return uintptr(si.Totalswap), nil
+}
+
+// FreeSwap returns the amount of free RAM available for allocation in bytes.
+func FreeSwap() (uintptr, error) {
+	si := &syscall.Sysinfo_t{}
+
+	err := syscall.Sysinfo(si)
+	if err != nil {
+		return 0, errors.Newf("syscall failed: %w", err)
+	}
+
+	return uintptr(si.Freeswap), nil
+}
diff --git a/system/memory_windows.go b/system/memory_windows.go
@@ -21,3 +21,21 @@ func FreeRAM() (uintptr, error) {
 	}
 	return uintptr(status.AvailPhys), nil
 }
+
+// TotalSwap returns the amount of free RAM available for allocation in bytes.
+func TotalSwap() (uintptr, error) {
+	status, err := customWin32.GlobalMemoryStatusEx()
+	if err != nil {
+		return 0, err
+	}
+	return uintptr(status.TotalPageFile), nil
+}
+
+// FreeSwap returns the amount of free RAM available for allocation in bytes.
+func FreeSwap() (uintptr, error) {
+	status, err := customWin32.GlobalMemoryStatusEx()
+	if err != nil {
+		return 0, err
+	}
+	return uintptr(status.AvailPageFile), nil
+}
diff --git a/yara.go b/yara.go
@@ -34,8 +34,9 @@ var YaraRulesFileExtensions = []string{
 }
 
 type MemoryProfile struct {
-	Time    time.Time `json:"time"`
-	FreeRAM uintptr   `json:"freeRAM"`
+	Time     time.Time `json:"time"`
+	FreeRAM  uintptr   `json:"freeRAM"`
+	FreeSwap uintptr   `json:"freeSwap"`
 }
 
 // ScanningStatistics holds statistic information about a scan.
@@ -84,9 +85,19 @@ func (s *ScanningStatistics) StartMemoryProfiler(ctx context.Context, scanInterv
 					logrus.WithError(err).Error("Could not retrieve free RAM.")
 					continue
 				}
+				freeSwap, err := system.FreeSwap()
+				if err != nil {
+					logrus.WithError(err).Error("Could not retrieve free RAM.")
+					continue
+				}
+				logrus.WithFields(logrus.Fields{
+					"freeRAM":  freeRAM,
+					"freeSwap": freeSwap,
+				}).Trace("Memory profile.")
 				s.MemoryProfile = append(s.MemoryProfile, &MemoryProfile{
-					Time:    time.Now(),
-					FreeRAM: freeRAM,
+					Time:     time.Now(),
+					FreeRAM:  freeRAM,
+					FreeSwap: freeSwap,
 				})
 			}
 		}