Ejemplo n.º 1
0
        public virtual List <ScanResult> ScanMemory(
            ref byte[] buffer,
            int length,
            CompiledRules rules,
            YR_SCAN_FLAGS flags)
        {
            var             results       = new List <ScanResult>();
            GCHandleHandler resultsHandle = new GCHandleHandler(results);

            IntPtr btCpy = Marshal.AllocHGlobal(buffer.Length);;

            Marshal.Copy(buffer, 0, btCpy, (int)buffer.Length);

            ErrorUtility.ThrowOnError(
                Methods.yr_rules_scan_mem(
                    rules.BasePtr,
                    btCpy,
                    (ulong)length,
                    (int)flags,
                    callbackPtr,
                    resultsHandle.GetPointer(),
                    YR_TIMEOUT));

            return(results);
        }
Ejemplo n.º 2
0
        public virtual List <ScanResult> ScanFile(
            string path,
            CompiledRules rules,
            YR_SCAN_FLAGS flags)
        {
            if (!File.Exists(path))
            {
                throw new FileNotFoundException(path);
            }

            var results    = new List <ScanResult>();
            var nativePath = path;

            GCHandleHandler resultsHandle = new GCHandleHandler(results);

            ErrorUtility.ThrowOnError(
                Methods.yr_rules_scan_file(
                    rules.BasePtr,
                    nativePath,
                    (int)flags,
                    callbackPtr,
                    resultsHandle.GetPointer(),
                    YR_TIMEOUT));

            resultsHandle.Dispose();

            return(results);
        }
Ejemplo n.º 3
0
 internal List <ScanResult> ScanMemory(
     IntPtr buffer,
     int length,
     CompiledRules rules)
 {
     return(ScanMemory(buffer, length, rules, YR_SCAN_FLAGS.None));
 }
Ejemplo n.º 4
0
        private void CreateNewScanner(CompiledRules rules, YR_SCAN_FLAGS flags, int timeout)
        {
            ErrorUtility.ThrowOnError(
                Methods.yr_scanner_create(rules.BasePtr, out IntPtr newScanner));

            customScannerPtr = newScanner;

            SetFlags(flags);
            SetTimeout(timeout);
        }
Ejemplo n.º 5
0
 internal List <ScanResult> ScanMemory(
     IntPtr buffer,
     int length,
     CompiledRules rules,
     YR_SCAN_FLAGS flags)
 {
     byte[] res = new byte[length - 1];
     Marshal.Copy(buffer, res, 0, length);
     return(ScanMemory(ref res, length, rules, flags));
 }
Ejemplo n.º 6
0
        public virtual List <ScanResult> ScanStream(
            Stream stream,
            CompiledRules rules)
        {
            using (MemoryStream ms = new MemoryStream())
            {
                stream.CopyTo(ms);
                byte[] buffer = ms.ToArray();

                return(ScanMemory(ref buffer, rules, YR_SCAN_FLAGS.None));
            }
        }
Ejemplo n.º 7
0
        public List <ScanResult> ScanMemory(
            ref byte[] buffer,
            CompiledRules rules,
            YR_SCAN_FLAGS flags)
        {
            if (buffer.Length == 0)
            {
                return(new List <ScanResult>());
            }

            return(ScanMemory(ref buffer, buffer.Length, rules, flags));
        }
Ejemplo n.º 8
0
        public virtual List <ScanResult> ScanString(
            string text,
            CompiledRules rules,
            Encoding encoding = null)
        {
            if (encoding == null)
            {
                encoding = Encoding.ASCII;
            }

            byte[] buffer = encoding.GetBytes(text);

            return(ScanMemory(ref buffer, rules, YR_SCAN_FLAGS.None));
        }
Ejemplo n.º 9
0
        public virtual List <ScanResult> ScanProcess(
            int processId,
            CompiledRules rules,
            YR_SCAN_FLAGS flags)
        {
            var             results       = new List <ScanResult>();
            GCHandleHandler resultsHandle = new GCHandleHandler(results);

            ErrorUtility.ThrowOnError(
                Methods.yr_rules_scan_proc(
                    rules.BasePtr,
                    processId,
                    (int)flags,
                    callbackPtr,
                    resultsHandle.GetPointer(),
                    YR_TIMEOUT));

            return(results);
        }
Ejemplo n.º 10
0
 public CustomScanner(CompiledRules rules, int flags = 0, int timeout = YR_TIMEOUT)
 {
     CreateNewScanner(rules, (YR_SCAN_FLAGS)flags, timeout);
 }
Ejemplo n.º 11
0
 public virtual List <ScanResult> ScanProcess(int processId, CompiledRules rules)
 {
     return(ScanProcess(processId, rules, YR_SCAN_FLAGS.None));
 }
Ejemplo n.º 12
0
 public virtual List <ScanResult> ScanFile(string path, CompiledRules rules)
 {
     return(ScanFile(path, rules, YR_SCAN_FLAGS.None));
 }
Ejemplo n.º 13
0
 public virtual List <ScanResult> ScanMemory(
     ref byte[] buffer,
     CompiledRules rules)
 {
     return(ScanMemory(ref buffer, rules, YR_SCAN_FLAGS.None));
 }