README.md improved with more examples (#37)

radareorg · Oct 21, 2024 · 786ca44 · 786ca44
1 parent d1fef31
commit 786ca44
Showing 1 changed file with 58 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -43,6 +43,64 @@ Usage: yrg [action] [args..]   load and run yara rules inside r2
 [0x100003a84]>
 ```
 
+### Yara generator usage
+
+**Commands Overview**
+
+**yrg** - Initialize a YARA rule.
+**yrgs** - Add strings as patterns.
+**yrgx** - Add hex patterns.
+**yrgf** - Add function byte signatures.
+**yrgz** - Add all strings from the current function.
+
+To start using r2yara to create YARA rules automatically, follow these steps:
+
+**Open a binary with radare2:**
+
+```
+r2 <binary>
+```
+
+**Generate a YARA rule:**
+
+```
+yrg
+```
+
+This initializes a new YARA rule.
+
+**Add strings from the binary as patterns:**
+
+```
+yrgs
+```
+
+**Add hex patterns:**
+
+```
+yrgx
+```
+
+**Optionally, add function signatures:**
+
+```
+yrgf
+```
+
+**Once you've added the desired patterns, save the rule:**
+
+```
+ys <rule_name>
+```
+
+**To scan the binary with the loaded rules:**
+
+```
+yrs
+```
+**yrs** - Scan the binary with loaded YARA rules.
+**ys** <rule_name> - Save the generated rule.
+
 Run it like this:
 
 ```