public virtual List <ScanResult> ScanMemory(
ref byte[] buffer,
int length,
ExternalVariables externalVariables,
YR_SCAN_FLAGS flags)
{
YR_CALLBACK_FUNC scannerCallback = new YR_CALLBACK_FUNC(HandleMessage);
List <ScanResult> scanResults = new List <ScanResult>();
GCHandleHandler resultsHandle = new GCHandleHandler(scanResults);
Methods.yr_scanner_set_callback(customScannerPtr, scannerCallback, resultsHandle.GetPointer());
SetFlags(flags);
SetExternalVariables(externalVariables);
IntPtr btCpy = Marshal.AllocHGlobal(buffer.Length);;
Marshal.Copy(buffer, 0, btCpy, (int)buffer.Length);
ErrorUtility.ThrowOnError(
Methods.yr_scanner_scan_mem(
customScannerPtr,
btCpy,
(ulong)length
));
ClearExternalVariables(externalVariables);
return(scanResults);
}
public virtual List <ScanResult> ScanFile(string path, ExternalVariables externalVariables)
{
if (customScannerPtr == IntPtr.Zero)
{
throw new NullReferenceException("Custom Scanner has not been initialised");
}
if (!File.Exists(path))
{
throw new FileNotFoundException(path);
}
SetExternalVariables(externalVariables);
YR_CALLBACK_FUNC scannerCallback = new YR_CALLBACK_FUNC(HandleMessage);
List <ScanResult> scanResults = new List <ScanResult>();
GCHandleHandler resultsHandle = new GCHandleHandler(scanResults);
Methods.yr_scanner_set_callback(customScannerPtr, scannerCallback, resultsHandle.GetPointer());
ErrorUtility.ThrowOnError(
Methods.yr_scanner_scan_file(
customScannerPtr,
path
));
ClearExternalVariables(externalVariables);
return(scanResults);
}
public virtual List <ScanResult> ScanFile(
string path,
CompiledRules rules,
YR_SCAN_FLAGS flags)
{
if (!File.Exists(path))
{
throw new FileNotFoundException(path);
}
var results = new List <ScanResult>();
var nativePath = path;
GCHandleHandler resultsHandle = new GCHandleHandler(results);
ErrorUtility.ThrowOnError(
Methods.yr_rules_scan_file(
rules.BasePtr,
nativePath,
(int)flags,
callbackPtr,
resultsHandle.GetPointer(),
YR_TIMEOUT));
resultsHandle.Dispose();
return(results);
}
public virtual List <ScanResult> ScanMemory(
ref byte[] buffer,
int length,
CompiledRules rules,
YR_SCAN_FLAGS flags)
{
var results = new List <ScanResult>();
GCHandleHandler resultsHandle = new GCHandleHandler(results);
IntPtr btCpy = Marshal.AllocHGlobal(buffer.Length);;
Marshal.Copy(buffer, 0, btCpy, (int)buffer.Length);
ErrorUtility.ThrowOnError(
Methods.yr_rules_scan_mem(
rules.BasePtr,
btCpy,
(ulong)length,
(int)flags,
callbackPtr,
resultsHandle.GetPointer(),
YR_TIMEOUT));
return(results);
}
public virtual List <ScanResult> ScanProcess(
int processId,
CompiledRules rules,
YR_SCAN_FLAGS flags)
{
var results = new List <ScanResult>();
GCHandleHandler resultsHandle = new GCHandleHandler(results);
ErrorUtility.ThrowOnError(
Methods.yr_rules_scan_proc(
rules.BasePtr,
processId,
(int)flags,
callbackPtr,
resultsHandle.GetPointer(),
YR_TIMEOUT));
return(results);
}