Can anyone help me see what this Rust language means?

I am a C++programmer, but I saw a Rust source code on the internet and I want to translate it into C++language, but I completely don't understand Rust language. Can someone tell me the meaning of the following code?

 let mut compiler = Compiler::new().unwrap();
    compiler = compiler
        .add_rules_str(
            r#"
rule GetKeyAddrStub
{
    strings:
        $a = /.{6}\x00{2}\x00{8}\x20\x00{7}\x2f\x00{7}/
    condition:
        all of them
}
    "#,
        )
        .expect("rule error");
    let rules = compiler
        .compile_rules()
        .expect("Should have compiled rules");
    let results = rules.scan_process(pid, 0).expect("Should have scanned");
    if results.is_empty() {
        panic!("unable to find key stub str");
    }

    let mut key_stub_str_addresses = vec![];
    for result in results {
        if let Some(key_stub_str_matches) = result
            .strings
            .iter()
            .filter(|x| {
                x.matches.iter().any(|y| {
                    wechat_writeable_private_mem_infos
                        .iter()
                        .any(|z| y.base == z.base)
                })
            })
            .next()
        {
            let tmp = key_stub_str_matches
                .matches
                .iter()
                .filter(|x| {
                    wechat_writeable_private_mem_infos
                        .iter()
                        .any(|y| x.base == y.base)
                })
                .map(|x| u64::from_le_bytes(x.data[..8].try_into().unwrap()))
                .collect::<Vec<u64>>();
            key_stub_str_addresses.extend(tmp);
        }
    }

    let mut pre_addresses: HashSet<u64> = HashSet::new();
    key_stub_str_addresses.sort_by(|&a, &b| {
        a.abs_diff(phone_str_address as _)
            .cmp(&b.abs_diff(phone_str_address as _))
    });
    for cur_stub_addr in key_stub_str_addresses {
        // if cur_stub_addr < key_search_range.end as _ {
        if wechat_writeable_private_mem_infos.iter().any(|v| {
            cur_stub_addr >= v.base as _
                && cur_stub_addr <= (v.base + v.region_size - KEY_SIZE) as _
        }) {
            pre_addresses.insert(cur_stub_addr);
        }
        // }
    }

    if pre_addresses.is_empty() {
        panic!("unable to find key stub str");
    }

In this case you won't be able to fully understand it without the full context. For example, we don't know where Compiler comes from, so it's hard to say what the add_rules_str method does.

In general, it's better to read a library's documentation before you try to understand the piece of code that uses it.

3 Likes

panic! is similar to throwing an exception. Functions with ! are macros. .unwrap() and .expect() panic on error.

r#" … "# is a multi-line literal that interprets \ and " as-is.

vec![] is std::vector = {}.

|args| { code } is a lambda expression like [] (args) { code } in C++.

.iter() makes a stream of elements that can be filtered, mapped.

if let Some() checks if a value exists (similar to checking if it is not null, but not pointer-specific).


You can look up more standard library functions here:

And syntax is in the book:

https://doc.rust-lang.org/stable/book/

For third-party library documentation, search on https://docs.rs

5 Likes

Thank you very much for your answer!
I am sorry my English is not good.
Before the above code, there is also the following line of code:
use yara::Compiler;
I know the meaning of this code is to scan the memory of another program and then use a rule to find the other value I want to find. Actually, the reason I'm asking this question is just to know what kind of rule it is. Can you tell me what rule is used to find the value I want?

Thank you very much for your answer!
I am sorry my English is not good.
I know the meaning of this code is to scan the memory of another program and then use a rule to find the other value I want to find. Actually, the reason I'm asking this question is just to know what kind of rule it is. In another words, maybe I just want to know the meaning of the following code:
rule GetKeyAddrStub
{
strings:
$a = /.{6}\x00{2}\x00{8}\x20\x00{7}\x2f\x00{7}/
condition:
all of them
}

That code is not Rust code — the Rust compiler is just passing on a string to the function add_rules_str(). So, as a Rust programmer, I say that you have to consult the documentation of that yara library to find out what kind of code it is.

2 Likes