yara:
sudo pip install yara-python,不行下载安装
vim /usr/local/lib/python2.7/site-packages/yara/libyara_wrapper.py
修改308行左右
else: #dllpath = os.path.join(sys.prefix, 'lib') dllpath = os.path.join("/usr/local/Frameworks/Python.framework/Versions/2.7/", 'lib') library = os.path.join(dllpath, 'libyara.so')
默认从系统目录找,系统Frameworks目录不可写,自然找不到so文件
keystone:
A2. MacOS
The macOS python is universal binary, so does not need to discuss the situation(x86, x64).
Compiling dynamic library(libkeystone.dylib) depends on cmake and compiler(llvm clang, gcc).
Quick start steps:
Install the core & Python module of Keystone with the following command:
- install brew
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
- install cmake
brew install cmake
- install keystone-engine
sudo pip install keystone-engine
- Check Method ( Whether the installation is successful? ):
- You enter this in the console of idaNormal result:
Python>print keystone <module 'keystone.keystone' from '/Applications/IDA Pro 7.0/ida64.app/Contents/MacOS/python/keystone/keystone.py'> Python>print keystone.arm_const <module 'keystone.arm_const' from '/Applications/IDA Pro 7.0/ida64.app/Contents/MacOS/python/keystone/arm_const.py'>
- enter this in the python standard consoleNormal result:
Python 2.7.13 (default, Jul 18 2017, 09:17:00) [GCC 4.2.1 Compatible Apple LLVM 8.1.0 (clang-802.0.42)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import keystone >>> print keystone <module 'keystone' from '/usr/local/lib/python2.7/site-packages/keystone/__init__.pyc'> >>> print keystone.arm_const <module 'keystone.arm_const' from '/usr/local/lib/python2.7/site-packages/keystone/arm_const.pyc'> >>>
- You enter this in the console of idaNormal result:
- Check Method ( Whether the installation is successful? ):
If there are cmake and compiler, then install only the core & Python module of Keystone with the following command:
$ sudo pip install keystone-engine