public static string ReadYaraString(YR_STRING s)
{
string outStr;
SafeMarshalString(s.identifier, out outStr);
return(outStr);
}
/// implements the header-only function`yr_string_matches_foreach` for iterating through
/// matches in a scan.
public static IEnumerable <YR_MATCH> GetStringMatches(IntPtr matches, YR_STRING str)
{
var string_matches = IndexedGet <YR_MATCHES>(matches, (int)str.idx);
return
(EachStructOfTInObjRef <YR_MATCH>(string_matches.head,
Yes <YR_MATCH>,
((ptr, m) => m.next)
)
.Where(m => !m.is_private));
}
public static bool CheckYRString(IntPtr yrStringPtr, out YR_STRING yrString)
{
yrString = default;
if (yrStringPtr == IntPtr.Zero)
{
return(false);
}
yrString = (YR_STRING)Marshal.PtrToStructure(yrStringPtr, typeof(YR_STRING));
if (yrString.identifier == IntPtr.Zero || yrString.g_flags == 0)
{
return(false);
}
return(true);
}
public static void ForEachStringMatches(YR_STRING str, Action <YR_MATCH> p)
{
int idx = Methods.yr_get_tidx();
var initMatchPtr = str.matches[idx].head;
YR_MATCH yrMatch;
for (var matchPtr = initMatchPtr;
!matchPtr.Equals(IntPtr.Zero);
matchPtr = yrMatch.next)
{
yrMatch = GetMatchFromObjRef(matchPtr);
p(yrMatch);
if (yrMatch.next == IntPtr.Zero)
{
return;
}
}
}
private static bool StringIsLastInRule(YR_STRING str) => (str.flags & Constants.STRING_FLAGS_LAST_IN_RULE) != 0;