Add support for using the 'dotnet' module in YARA rules (#749)

* deps/yara: #747, enable .NET module

* support/yara_patterns/tools/pe/x86/packers: use .NET module

* cpdetect: refactor formating - mosty long lines

* cpdetect/raw_data: fix typo

* cpdetect: refactor Signatures

* cpdetect: remove version solver module

* cpdetect: refactor

* cpdetect: do not use new and delete

* cpdetect: use YARA rules without matches as heuristic detections

* cpdetect: refactor YARA signature files selection

* cpdetect: fix doxygen

Author: PeterMatula

CHANGELOG.md

@@ -4,6 +4,7 @@
 
 * Enhancement: Improved detection of many packers in `retdec-fileinfo`, including Armadillo ([#733](https://github.com/avast/retdec/pull/733)), VMProtect ([#734](https://github.com/avast/retdec/pull/734)), Petite ([#735](https://github.com/avast/retdec/pull/735)), Enigma ([#741](https://github.com/avast/retdec/pull/741)), ASPack ([#743](https://github.com/avast/retdec/pull/743)), Eziriz ([#746](https://github.com/avast/retdec/pull/746)).
 * Enhancement: Added a detection of PyInstaller to `retdec-fileinfo` ([#748](https://github.com/avast/retdec/pull/748)).
+* Enhancement: Enable .NET module in RetDec's YARA ([#747](https://github.com/avast/retdec/issues/747)).
 * Fix: Fixed build on some systems by adding missing includes of `<limits>` into `retdec-fileinfo` ([#745](https://github.com/avast/retdec/pull/745)).
 
 # v4.0 (2020-04-07)

deps/yara/CMakeLists.txt

@@ -95,6 +95,7 @@ if(NOT MSVC)
 		COMMAND ./bootstrap.sh
 		COMMAND ./configure
 			--prefix=${YARA_INSTALL_DIR}
+			--enable-dotnet
 			--enable-macho
 			--disable-shared
 			--without-crypto

deps/yara/patch.cmake

@@ -6,7 +6,7 @@ function(patch_vcxproj file)
 
     string(REPLACE
         "<PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;CUCKOO_MODULE;HASH_MODULE;DOTNET_MODULE;HAVE_LIBCRYPTO;USE_WINDOWS_PROC;YR_BUILDING_STATIC_LIB;PROFILING_ENABLED</PreprocessorDefinitions>"
-        "<PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;MACHO_MODULE;USE_WINDOWS_PROC</PreprocessorDefinitions>"
+        "<PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;DOTNET_MODULE;MACHO_MODULE;USE_WINDOWS_PROC</PreprocessorDefinitions>"
         new_content
         "${new_content}"
     )
@@ -18,7 +18,7 @@ function(patch_vcxproj file)
     )
     string(REPLACE
         "<PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;CUCKOO_MODULE;HASH_MODULE;DOTNET_MODULE;HAVE_LIBCRYPTO;USE_WINDOWS_PROC;YR_BUILDING_STATIC_LIBC;PROFILING_ENABLED</PreprocessorDefinitions>"
-        "<PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;MACHO_MODULE;USE_WINDOWS_PROC</PreprocessorDefinitions>"
+        "<PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;DOTNET_MODULE;MACHO_MODULE;USE_WINDOWS_PROC</PreprocessorDefinitions>"
         new_content
         "${new_content}"
     )
@@ -30,13 +30,13 @@ function(patch_vcxproj file)
     )
     string(REPLACE
         "<PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;CUCKOO_MODULE;HASH_MODULE;DOTNET_MODULE;HAVE_LIBCRYPTO;USE_WINDOWS_PROC;YR_BUILDING_STATIC_LIB</PreprocessorDefinitions>"
-        "<PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;MACHO_MODULE;USE_WINDOWS_PROC</PreprocessorDefinitions>"
+        "<PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;DOTNET_MODULE;MACHO_MODULE;USE_WINDOWS_PROC</PreprocessorDefinitions>"
         new_content
         "${new_content}"
     )
     string(REPLACE
         "<PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;CUCKOO_MODULE;HASH_MODULE;DOTNET_MODULE;HAVE_LIBCRYPTO;USE_WINDOWS_PROC;YR_BUILDING_STATIC_LIB;NDEBUG=1</PreprocessorDefinitions>"
-        "<PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;MACHO_MODULE;USE_WINDOWS_PROC;NDEBUG=1</PreprocessorDefinitions>"
+        "<PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;DOTNET_MODULE;MACHO_MODULE;USE_WINDOWS_PROC;NDEBUG=1</PreprocessorDefinitions>"
         new_content
         "${new_content}"
     )