public virtual List <ScanResult> ScanMemory(
ref byte[] buffer,
int length,
CompiledRules rules,
YR_SCAN_FLAGS flags)
{
var results = new List <ScanResult>();
GCHandleHandler resultsHandle = new GCHandleHandler(results);
IntPtr btCpy = Marshal.AllocHGlobal(buffer.Length);;
Marshal.Copy(buffer, 0, btCpy, (int)buffer.Length);
ErrorUtility.ThrowOnError(
Methods.yr_rules_scan_mem(
rules.BasePtr,
btCpy,
(ulong)length,
(int)flags,
callbackPtr,
resultsHandle.GetPointer(),
YR_TIMEOUT));
return(results);
}
public virtual List <ScanResult> ScanFile(
string path,
CompiledRules rules,
YR_SCAN_FLAGS flags)
{
if (!File.Exists(path))
{
throw new FileNotFoundException(path);
}
var results = new List <ScanResult>();
var nativePath = path;
GCHandleHandler resultsHandle = new GCHandleHandler(results);
ErrorUtility.ThrowOnError(
Methods.yr_rules_scan_file(
rules.BasePtr,
nativePath,
(int)flags,
callbackPtr,
resultsHandle.GetPointer(),
YR_TIMEOUT));
resultsHandle.Dispose();
return(results);
}
internal List <ScanResult> ScanMemory(
IntPtr buffer,
int length,
CompiledRules rules)
{
return(ScanMemory(buffer, length, rules, YR_SCAN_FLAGS.None));
}
private void CreateNewScanner(CompiledRules rules, YR_SCAN_FLAGS flags, int timeout)
{
ErrorUtility.ThrowOnError(
Methods.yr_scanner_create(rules.BasePtr, out IntPtr newScanner));
customScannerPtr = newScanner;
SetFlags(flags);
SetTimeout(timeout);
}
internal List <ScanResult> ScanMemory(
IntPtr buffer,
int length,
CompiledRules rules,
YR_SCAN_FLAGS flags)
{
byte[] res = new byte[length - 1];
Marshal.Copy(buffer, res, 0, length);
return(ScanMemory(ref res, length, rules, flags));
}
public virtual List <ScanResult> ScanStream(
Stream stream,
CompiledRules rules)
{
using (MemoryStream ms = new MemoryStream())
{
stream.CopyTo(ms);
byte[] buffer = ms.ToArray();
return(ScanMemory(ref buffer, rules, YR_SCAN_FLAGS.None));
}
}
public List <ScanResult> ScanMemory(
ref byte[] buffer,
CompiledRules rules,
YR_SCAN_FLAGS flags)
{
if (buffer.Length == 0)
{
return(new List <ScanResult>());
}
return(ScanMemory(ref buffer, buffer.Length, rules, flags));
}
public virtual List <ScanResult> ScanString(
string text,
CompiledRules rules,
Encoding encoding = null)
{
if (encoding == null)
{
encoding = Encoding.ASCII;
}
byte[] buffer = encoding.GetBytes(text);
return(ScanMemory(ref buffer, rules, YR_SCAN_FLAGS.None));
}
public virtual List <ScanResult> ScanProcess(
int processId,
CompiledRules rules,
YR_SCAN_FLAGS flags)
{
var results = new List <ScanResult>();
GCHandleHandler resultsHandle = new GCHandleHandler(results);
ErrorUtility.ThrowOnError(
Methods.yr_rules_scan_proc(
rules.BasePtr,
processId,
(int)flags,
callbackPtr,
resultsHandle.GetPointer(),
YR_TIMEOUT));
return(results);
}
public CustomScanner(CompiledRules rules, int flags = 0, int timeout = YR_TIMEOUT)
{
CreateNewScanner(rules, (YR_SCAN_FLAGS)flags, timeout);
}
public virtual List <ScanResult> ScanProcess(int processId, CompiledRules rules)
{
return(ScanProcess(processId, rules, YR_SCAN_FLAGS.None));
}
public virtual List <ScanResult> ScanFile(string path, CompiledRules rules)
{
return(ScanFile(path, rules, YR_SCAN_FLAGS.None));
}
public virtual List <ScanResult> ScanMemory(
ref byte[] buffer,
CompiledRules rules)
{
return(ScanMemory(ref buffer, rules, YR_SCAN_FLAGS.None));
}