コード例 #1
0
        public virtual List <ScanResult> ScanFile(string path, ExternalVariables externalVariables)
        {
            if (customScannerPtr == IntPtr.Zero)
            {
                throw new NullReferenceException("Custom Scanner has not been initialised");
            }

            if (!File.Exists(path))
            {
                throw new FileNotFoundException(path);
            }

            SetExternalVariables(externalVariables);

            YR_CALLBACK_FUNC  scannerCallback = new YR_CALLBACK_FUNC(HandleMessage);
            List <ScanResult> scanResults     = new List <ScanResult>();
            GCHandleHandler   resultsHandle   = new GCHandleHandler(scanResults);

            Methods.yr_scanner_set_callback(customScannerPtr, scannerCallback, resultsHandle.GetPointer());

            ErrorUtility.ThrowOnError(
                Methods.yr_scanner_scan_file(
                    customScannerPtr,
                    path
                    ));

            ClearExternalVariables(externalVariables);

            return(scanResults);
        }
コード例 #2
0
        public virtual List <ScanResult> ScanMemory(
            ref byte[] buffer,
            int length,
            ExternalVariables externalVariables,
            YR_SCAN_FLAGS flags)
        {
            YR_CALLBACK_FUNC  scannerCallback = new YR_CALLBACK_FUNC(HandleMessage);
            List <ScanResult> scanResults     = new List <ScanResult>();
            GCHandleHandler   resultsHandle   = new GCHandleHandler(scanResults);

            Methods.yr_scanner_set_callback(customScannerPtr, scannerCallback, resultsHandle.GetPointer());

            SetFlags(flags);
            SetExternalVariables(externalVariables);

            IntPtr btCpy = Marshal.AllocHGlobal(buffer.Length);;

            Marshal.Copy(buffer, 0, btCpy, (int)buffer.Length);

            ErrorUtility.ThrowOnError(
                Methods.yr_scanner_scan_mem(
                    customScannerPtr,
                    btCpy,
                    (ulong)length
                    ));

            ClearExternalVariables(externalVariables);

            return(scanResults);
        }
コード例 #3
0
 public static extern YARA_ERROR yr_rules_scan_file(
     IntPtr rules,
     [In, MarshalAs(UnmanagedType.LPStr)] string filename,
     int flags,
     YR_CALLBACK_FUNC callback,
     IntPtr user_data,
     int timeout);
コード例 #4
0
 public static extern YARA_ERROR yr_rules_scan_mem(
     IntPtr rulesPtr,
     IntPtr buffer,
     ulong buffer_size,
     int flags,
     [MarshalAs(UnmanagedType.FunctionPtr)]
     YR_CALLBACK_FUNC callback,
     IntPtr user_data,
     int timeout);
コード例 #5
0
 public static extern void yr_scanner_set_callback(
     IntPtr scanner,
     YR_CALLBACK_FUNC callback,
     IntPtr user_data
     );
コード例 #6
0
 public static extern YARA_ERROR yr_rules_scan_proc(
     IntPtr rules,
     int pid, int flags,
     YR_CALLBACK_FUNC callback,
     IntPtr user_data,
     int timeout);
コード例 #7
0
 public Scanner()
 {
     callbackPtr = new YR_CALLBACK_FUNC(HandleMessage);
 }