C# (CSharp) ForensicYARAScanner YaraHelper Exemples

Langage de programmation: C# (CSharp)

Espace de nommage/Pack: ForensicYARAScanner

Class/Type: YaraHelper

Exemples au hotexamples.com: 2

C# (CSharp) ForensicYARAScanner YaraHelper - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de ForensicYARAScanner.YaraHelper extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Méthodes fréquemment utilisées

Afficher Cacher

MakeYaraIndexFile(1)

ScanBytes(1)

Méthodes fréquemment utilisées

MakeYaraIndexFile (1)

ScanBytes (1)

Associées

CmsSignedDataStreamGenerator

FormatterTestUtils

QTreeHelper

IDataSourceEx

NavigateToItemProvider

IMailingLibrary

TW_DEVICEEVENT

NamedEntityAttributes

Morphotactics

IPaymentCallback

Related in langs

Leave_Policies (PHP)

Automotives (PHP)

V_SRCHLAT (C++)

CAAUParameter (C++)

Tx (Go)

Read (Go)

MergeableRoot (Java)

Location (Java)

encode_wrap (Python)

LocalFlags (Python)

Exemple #1

0

Afficher le fichier

Fichier : FileScanner.cs Projet : AdamWhiteHat/ForensicYARAScanner

public static ScanResults PopulateFileProperties(ScanParameters parameters, char driveLetter, INode node) { CancellationToken cancelToken = parameters.CancelToken; cancelToken.ThrowIfCancellationRequested(); ScanResults results = new ScanResults(); byte[] fileBytes = new byte[0]; if (!node.Streams.Any()) //workaround for no file stream such as with hard links { try { using (FileStream fsSource = new FileStream(node.FullName, FileMode.Open, FileAccess.Read)) { // Read the source file into a byte array. fileBytes = new byte[fsSource.Length]; int numBytesToRead = (int)fsSource.Length; int numBytesRead = 0; while (numBytesToRead > 0) { // Read may return anything from 0 to numBytesToRead. int n = fsSource.Read(fileBytes, numBytesRead, numBytesToRead); // Break when the end of the file is reached. if (n == 0) { break; } numBytesRead += n; numBytesToRead -= n; } numBytesToRead = fileBytes.Length; } } catch { } } else { fileBytes = node.GetBytes().SelectMany(chunk => chunk).ToArray(); cancelToken.ThrowIfCancellationRequested(); } string yaraIndexFilename = results.PopulateYaraInfo(parameters.YaraParameters); if (!string.IsNullOrWhiteSpace(yaraIndexFilename)) { results.YaraDetections = YaraHelper.ScanBytes(fileBytes, yaraIndexFilename); } throw new NotImplementedException(); return(results); }

Exemple #2

0

Afficher le fichier

Fichier : ScanResults.cs Projet : AdamWhiteHat/ForensicYARAScanner

public string PopulateYaraInfo(List <YaraFilter> yaraFilters) { List <string> distinctRulesToRun = yaraFilters .SelectMany(yf => yf.ProcessRule(this)) .Distinct() .OrderBy(s => s) .ToList(); if (!distinctRulesToRun.Any()) { distinctRulesToRun = yaraFilters .Where(yf => yf.FilterType == YaraFilterType.ElseNoMatch) .SelectMany(yf => yf.OnMatchRules) .Distinct() .ToList(); } if (!distinctRulesToRun.Any()) { return(string.Empty); } string yaraIndexContents = YaraHelper.MakeYaraIndexFile(distinctRulesToRun); string indexFileHash = Sha256Helper.GetSha256Hash_Array(Encoding.UTF8.GetBytes(yaraIndexContents)); string yaraIndexFilename = Path.Combine(Path.GetTempPath(), $"{indexFileHash}-index.yar"); if (!File.Exists(yaraIndexFilename)) { File.WriteAllText(yaraIndexFilename, yaraIndexContents); } return(yaraIndexFilename); }