public void it_should_scan_memory()
{
var str = "hello world ! hello world";
var data = Encoding.ASCII.GetBytes(str);
var results = QuickScan.Memory(data, rulesPath);
Assert.AreEqual(1, results.Count);
Assert.AreEqual(1, results[0].Matches.Count);
Assert.AreEqual(2, results[0].Matches["$hw"].Count);
Assert.AreEqual(0UL, results[0].Matches["$hw"][0].Offset);
}
public void fast_memory_scan_should_only_return_one_result()
{
var str = "hello world ! hello world";
var data = Encoding.ASCII.GetBytes(str);
var results = QuickScan.Memory(data, rulesPath, ScanFlags.Fast);
Assert.AreEqual(1, results.Count);
Assert.AreEqual(1, results[0].Matches.Count);
Assert.AreEqual(1, results[0].Matches["$hw"].Count);
Assert.AreEqual(0UL, results[0].Matches["$hw"][0].Base);
}
public static string ScanBytes(byte[] fileBytes, string rulesPath)
{
string result = null;
try
{
List <ScanResult> scanResults = QuickScan.Memory(fileBytes, rulesPath);
result = FormatResults(scanResults);
}
catch
{ }
return(result);
}
public static List <string> ScanBytes(byte[] fileBytes, string rulesPath)
{
List <string> result = new List <string>();
try
{
List <ScanResult> scanResults = QuickScan.Memory(fileBytes, rulesPath);
if (scanResults.Any())
{
result = scanResults.Select(res => res.MatchingRule.Identifier).ToList();
}
}
catch
{
}
return(result);
}
public static string Scan(byte[] fileBytes, string rulesPath)
{
string result = null;
try
{
List <ScanResult> scanResults = QuickScan.Memory(fileBytes, rulesPath);
CancellationHelper.ThrowIfCancelled();
if (scanResults.Any())
{
IEnumerable <string> matchingRules = scanResults.Select(res => res.MatchingRule.Identifier);
CancellationHelper.ThrowIfCancelled();
if (matchingRules.Any())
{
result = string.Join("|", matchingRules);
}
}
}
catch
{ }
return(result);
}