public virtual List <ScanResult> ScanFile(
string path,
CompiledRules rules,
YR_SCAN_FLAGS flags)
{
if (!File.Exists(path))
{
throw new FileNotFoundException(path);
}
var results = new List <ScanResult>();
var nativePath = path;
GCHandleHandler resultsHandle = new GCHandleHandler(results);
ErrorUtility.ThrowOnError(
Methods.yr_rules_scan_file(
rules.BasePtr,
nativePath,
(int)flags,
callbackPtr,
resultsHandle.GetPointer(),
YR_TIMEOUT));
resultsHandle.Dispose();
return(results);
}
public virtual List <ScanResult> ScanMemory(
ref byte[] buffer,
int length,
ExternalVariables externalVariables,
YR_SCAN_FLAGS flags)
{
YR_CALLBACK_FUNC scannerCallback = new YR_CALLBACK_FUNC(HandleMessage);
List <ScanResult> scanResults = new List <ScanResult>();
GCHandleHandler resultsHandle = new GCHandleHandler(scanResults);
Methods.yr_scanner_set_callback(customScannerPtr, scannerCallback, resultsHandle.GetPointer());
SetFlags(flags);
SetExternalVariables(externalVariables);
IntPtr btCpy = Marshal.AllocHGlobal(buffer.Length);;
Marshal.Copy(buffer, 0, btCpy, (int)buffer.Length);
ErrorUtility.ThrowOnError(
Methods.yr_scanner_scan_mem(
customScannerPtr,
btCpy,
(ulong)length
));
ClearExternalVariables(externalVariables);
return(scanResults);
}
public virtual List <ScanResult> ScanMemory(
ref byte[] buffer,
int length,
CompiledRules rules,
YR_SCAN_FLAGS flags)
{
var results = new List <ScanResult>();
GCHandleHandler resultsHandle = new GCHandleHandler(results);
IntPtr btCpy = Marshal.AllocHGlobal(buffer.Length);;
Marshal.Copy(buffer, 0, btCpy, (int)buffer.Length);
ErrorUtility.ThrowOnError(
Methods.yr_rules_scan_mem(
rules.BasePtr,
btCpy,
(ulong)length,
(int)flags,
callbackPtr,
resultsHandle.GetPointer(),
YR_TIMEOUT));
return(results);
}
private void CreateNewScanner(CompiledRules rules, YR_SCAN_FLAGS flags, int timeout)
{
ErrorUtility.ThrowOnError(
Methods.yr_scanner_create(rules.BasePtr, out IntPtr newScanner));
customScannerPtr = newScanner;
SetFlags(flags);
SetTimeout(timeout);
}
internal List <ScanResult> ScanMemory(
IntPtr buffer,
int length,
ExternalVariables externalVariables,
YR_SCAN_FLAGS flags)
{
byte[] res = new byte[length - 1];
Marshal.Copy(buffer, res, 0, length);
return(ScanMemory(ref res, length, externalVariables, flags));
}
public List <ScanResult> ScanMemory(
ref byte[] buffer,
ExternalVariables externalVariables,
YR_SCAN_FLAGS flags)
{
if (buffer.Length == 0)
{
return(new List <ScanResult>());
}
return(ScanMemory(ref buffer, buffer.Length, externalVariables, flags));
}
public List <ScanResult> ScanMemory(
ref byte[] buffer,
CompiledRules rules,
YR_SCAN_FLAGS flags)
{
if (buffer.Length == 0)
{
return(new List <ScanResult>());
}
return(ScanMemory(ref buffer, buffer.Length, rules, flags));
}
public virtual List <ScanResult> ScanProcess(
int processId,
CompiledRules rules,
YR_SCAN_FLAGS flags)
{
var results = new List <ScanResult>();
GCHandleHandler resultsHandle = new GCHandleHandler(results);
ErrorUtility.ThrowOnError(
Methods.yr_rules_scan_proc(
rules.BasePtr,
processId,
(int)flags,
callbackPtr,
resultsHandle.GetPointer(),
YR_TIMEOUT));
return(results);
}
public virtual void SetFlags(YR_SCAN_FLAGS flags) => Methods.yr_scanner_set_flags(customScannerPtr, (int)flags);