public ScanResult(IntPtr scanContext, YR_RULE matchingRule)
{
IntPtr matchesPtr = GetMatchesPtr(scanContext);
IntPtr profilingInfoPtr = GetProfilingInfoPtr(scanContext);
MatchingRule = new Rule(matchingRule);
Matches = new Dictionary <string, List <Match> >();
var matchingStrings = ObjRefHelper.GetYaraStrings(matchingRule.strings);
foreach (var str in matchingStrings)
{
var identifier = str.identifier;
if (identifier == IntPtr.Zero)
{
return;
}
var matches = ObjRefHelper.GetStringMatches(matchesPtr, str);
foreach (var match in matches)
{
string matchText = ObjRefHelper.ReadYaraString(str);
if (!Matches.ContainsKey(matchText))
{
Matches.Add(matchText, new List <Match>());
}
Matches[matchText].Add(new Match(match));
if (ProfilingInfo == null)
{
var profInfo = ObjRefHelper.TryGetProfilingInfoForRule(profilingInfoPtr, (int)str.rule_idx);
if (profInfo.HasValue)
{
ProfilingInfo = new ProfilingInfo(profInfo.Value);
}
}
}
}
}
public ScanResult()
{
MatchingRule = null;
Matches = new Dictionary <string, List <Match> >();
ProfilingInfo = null;
}