예제 #1
0
        public virtual List <ScanResult> ScanFile(
            string path,
            CompiledRules rules,
            YR_SCAN_FLAGS flags)
        {
            if (!File.Exists(path))
            {
                throw new FileNotFoundException(path);
            }

            var results    = new List <ScanResult>();
            var nativePath = path;

            GCHandleHandler resultsHandle = new GCHandleHandler(results);

            ErrorUtility.ThrowOnError(
                Methods.yr_rules_scan_file(
                    rules.BasePtr,
                    nativePath,
                    (int)flags,
                    callbackPtr,
                    resultsHandle.GetPointer(),
                    YR_TIMEOUT));

            resultsHandle.Dispose();

            return(results);
        }
예제 #2
0
        public virtual List <ScanResult> ScanMemory(
            ref byte[] buffer,
            int length,
            ExternalVariables externalVariables,
            YR_SCAN_FLAGS flags)
        {
            YR_CALLBACK_FUNC  scannerCallback = new YR_CALLBACK_FUNC(HandleMessage);
            List <ScanResult> scanResults     = new List <ScanResult>();
            GCHandleHandler   resultsHandle   = new GCHandleHandler(scanResults);

            Methods.yr_scanner_set_callback(customScannerPtr, scannerCallback, resultsHandle.GetPointer());

            SetFlags(flags);
            SetExternalVariables(externalVariables);

            IntPtr btCpy = Marshal.AllocHGlobal(buffer.Length);;

            Marshal.Copy(buffer, 0, btCpy, (int)buffer.Length);

            ErrorUtility.ThrowOnError(
                Methods.yr_scanner_scan_mem(
                    customScannerPtr,
                    btCpy,
                    (ulong)length
                    ));

            ClearExternalVariables(externalVariables);

            return(scanResults);
        }
예제 #3
0
        public virtual List <ScanResult> ScanMemory(
            ref byte[] buffer,
            int length,
            CompiledRules rules,
            YR_SCAN_FLAGS flags)
        {
            var             results       = new List <ScanResult>();
            GCHandleHandler resultsHandle = new GCHandleHandler(results);

            IntPtr btCpy = Marshal.AllocHGlobal(buffer.Length);;

            Marshal.Copy(buffer, 0, btCpy, (int)buffer.Length);

            ErrorUtility.ThrowOnError(
                Methods.yr_rules_scan_mem(
                    rules.BasePtr,
                    btCpy,
                    (ulong)length,
                    (int)flags,
                    callbackPtr,
                    resultsHandle.GetPointer(),
                    YR_TIMEOUT));

            return(results);
        }
예제 #4
0
        private void CreateNewScanner(CompiledRules rules, YR_SCAN_FLAGS flags, int timeout)
        {
            ErrorUtility.ThrowOnError(
                Methods.yr_scanner_create(rules.BasePtr, out IntPtr newScanner));

            customScannerPtr = newScanner;

            SetFlags(flags);
            SetTimeout(timeout);
        }
예제 #5
0
 internal List <ScanResult> ScanMemory(
     IntPtr buffer,
     int length,
     ExternalVariables externalVariables,
     YR_SCAN_FLAGS flags)
 {
     byte[] res = new byte[length - 1];
     Marshal.Copy(buffer, res, 0, length);
     return(ScanMemory(ref res, length, externalVariables, flags));
 }
예제 #6
0
        public List <ScanResult> ScanMemory(
            ref byte[] buffer,
            ExternalVariables externalVariables,
            YR_SCAN_FLAGS flags)
        {
            if (buffer.Length == 0)
            {
                return(new List <ScanResult>());
            }

            return(ScanMemory(ref buffer, buffer.Length, externalVariables, flags));
        }
예제 #7
0
        public List <ScanResult> ScanMemory(
            ref byte[] buffer,
            CompiledRules rules,
            YR_SCAN_FLAGS flags)
        {
            if (buffer.Length == 0)
            {
                return(new List <ScanResult>());
            }

            return(ScanMemory(ref buffer, buffer.Length, rules, flags));
        }
예제 #8
0
        public virtual List <ScanResult> ScanProcess(
            int processId,
            CompiledRules rules,
            YR_SCAN_FLAGS flags)
        {
            var             results       = new List <ScanResult>();
            GCHandleHandler resultsHandle = new GCHandleHandler(results);

            ErrorUtility.ThrowOnError(
                Methods.yr_rules_scan_proc(
                    rules.BasePtr,
                    processId,
                    (int)flags,
                    callbackPtr,
                    resultsHandle.GetPointer(),
                    YR_TIMEOUT));

            return(results);
        }
예제 #9
0
 public virtual void SetFlags(YR_SCAN_FLAGS flags) => Methods.yr_scanner_set_flags(customScannerPtr, (int)flags);