IDA plugin is crashing during run in the 7.7 version of the IDA

Further work is not possible and IDA will close.
Would you like to create a crash dump for a bug report?

IDA has encountered a problem.
It is recommended to save your work and restart IDA.
A mini dump file has been created in 'ida-20220111-194417-24272.dmp'
Please send it to <[email protected]>```

i want install PyQt5 in Window x86
ida python just use python 2.x but PyQt5 supposed in python 3.x.
i already try everything. :(

For Mkyara standalone What Does the -s command does in terms of size. It changes the code chunk from which it makes Yara rule....???? and by what unit for example Id I have defined -s 80 will it take 80 bytes of code. Is there any kind of documentation for that and also I want to understand how does the program does it.

Thanks

Hi!

I was working on my disassembler's instruction wildcarding and also had a look at how you have been doing it with mkYARA.
While revisiting capstone's internals, I noticed that you use instruction.opcode to determine the number of opcode bytes.
Please note that there are at least two cases, where you may possibly calculate too few opcode bytes:

1. Instructions starting with "00" (add ...)
2. Instructions starting with "0F00" (sldt/lldt/ltr/str/verr/verw ...)

Iterating over capstones instruction.opcode will here give you a 0 for these respective bytes in position 0 and 1, despite that one byte being an opcode byte.
Since these are very rare instructions, the impact imho is negligible but I thought you might be interested to know about it. :)

Here's how I decided to handle these special cases now (64bit aware, in case we have a REX prefix):

        opcode_length = 0
        if cap_ins.rex:
            # we need to add one, because we are apparently in 64bit mode and have a REX prefix
            opcode_length += 1
        if (cap_ins.rex and cleaned[2:].startswith("00")) or cleaned.startswith("00"):
            # this can only be ADD PTR, REG with exactly one opcode bytes 
            opcode_length += 1
        elif (cap_ins.rex and cleaned[2:].startswith("0f00")) or cleaned.startswith("0f00"):
            # this can only be *LDT/*TR/VER* with exactly two opcode bytes 
            opcode_length += 2
        else:
            for field in cap_ins.opcode:
                if field != 0:
                    opcode_length += 1

https://github.com/danielplohmann/smda/blob/4d2f5e4f47436ff2383347d9b303ec189136b3b8/smda/intel/IntelInstructionEscaper.py#L269-L282

Just took sample code from README.md

import codecs
from capstone import CS_ARCH_X86, CS_MODE_32
from mkyara import YaraGenerator

gen = YaraGenerator("normal", CS_ARCH_X86, CS_MODE_32)
gen.add_chunk(b"\x90\x90\x90", offset=1000)
gen.add_chunk(codecs.decode("6830800000E896FEFFFFC3", "hex"), offset=0x100)
gen.add_chunk(b"\x90\x90\x90\xFF\xD7", is_data=True)
rule = gen.generate_rule()
rule_str = rule.get_rule_string()
print(rule_str)

And got exception

File "/lib/python3.9/site-packages/mkyara/gen.py", line 149, in generate_rule
    rule_part = self.format_hex(chunk.data.encode("hex"))
AttributeError: 'bytes' object has no attribute 'encode'

It is not generating the IDA rule on the mentioned IDA version. When "generate Yara rule" is clicked only meta-data is shown in the dialogue box.

rule generated_rule
{
	meta:
		generated_by = "mkYARA - By Jelle Vergeer"
		date = "2020-04-06 12:17"
		version = "1.0"
	hash = "5B834EAED711D5C4BC19D7E75FCAF46