public void it_should_scan_files() { var results = QuickScan.File(testPath, rulesPath); Assert.AreEqual(1, results.Count); Assert.AreEqual(1, results[0].Matches.Count); Assert.AreEqual(2, results[0].Matches["$hw"].Count); Assert.AreEqual(0x1eUL, results[0].Matches["$hw"][0].Offset); }
public void fast_memory_scan_should_only_return_one_result() { var str = "hello world ! hello world"; var data = Encoding.ASCII.GetBytes(str); var results = QuickScan.Memory(data, rulesPath, ScanFlags.Fast); Assert.AreEqual(1, results.Count); Assert.AreEqual(1, results[0].Matches.Count); Assert.AreEqual(1, results[0].Matches["$hw"].Count); Assert.AreEqual(0UL, results[0].Matches["$hw"][0].Base); }
public void it_should_scan_memory() { var str = "hello world ! hello world"; var data = Encoding.ASCII.GetBytes(str); var results = QuickScan.Memory(data, rulesPath); Assert.AreEqual(1, results.Count); Assert.AreEqual(1, results[0].Matches.Count); Assert.AreEqual(2, results[0].Matches["$hw"].Count); Assert.AreEqual(0UL, results[0].Matches["$hw"][0].Offset); }
public static string ScanFile(string filePath, string rulesPath) { string result = null; try { List <ScanResult> scanResults = QuickScan.File(filePath, rulesPath); result = FormatResults(scanResults); } catch { } return(result); }
public static string ScanBytes(byte[] fileBytes, string rulesPath) { string result = null; try { List <ScanResult> scanResults = QuickScan.Memory(fileBytes, rulesPath); result = FormatResults(scanResults); } catch { } return(result); }
public static List <string> ScanFile(string filePath, string rulesPath) { List <string> result = new List <string>(); try { List <ScanResult> scanResults = QuickScan.File(filePath, rulesPath); if (scanResults.Any()) { result = scanResults.Select(res => res.MatchingRule.Identifier).ToList(); } } catch { } return(result); }
public static List <string> ScanBytes(byte[] fileBytes, string rulesPath) { List <string> result = new List <string>(); try { List <ScanResult> scanResults = QuickScan.Memory(fileBytes, rulesPath); if (scanResults.Any()) { result = scanResults.Select(res => res.MatchingRule.Identifier).ToList(); } } catch { } return(result); }
public static string Scan(byte[] fileBytes, string rulesPath) { string result = null; try { List <ScanResult> scanResults = QuickScan.Memory(fileBytes, rulesPath); CancellationHelper.ThrowIfCancelled(); if (scanResults.Any()) { IEnumerable <string> matchingRules = scanResults.Select(res => res.MatchingRule.Identifier); CancellationHelper.ThrowIfCancelled(); if (matchingRules.Any()) { result = string.Join("|", matchingRules); } } } catch { } return(result); }
/// <summary> /// /// </summary> /// <param name="apiKey">The API key v2 from hybrid-analysis.com</param> public HybridAnalysis(string apiKey, bool bypassCertificateCheck = false, WebProxy webProxy = null) { _sandboxReport = new SandboxReport(apiKey, bypassCertificateCheck, webProxy); _quickScan = new QuickScan(apiKey, bypassCertificateCheck, webProxy); }