Пример #1
0
        public ScanResult(IntPtr scanContext, YR_RULE matchingRule)
        {
            IntPtr matchesPtr       = GetMatchesPtr(scanContext);
            IntPtr profilingInfoPtr = GetProfilingInfoPtr(scanContext);

            MatchingRule = new Rule(matchingRule);
            Matches      = new Dictionary <string, List <Match> >();

            var matchingStrings = ObjRefHelper.GetYaraStrings(matchingRule.strings);

            foreach (var str in matchingStrings)
            {
                var identifier = str.identifier;

                if (identifier == IntPtr.Zero)
                {
                    return;
                }

                var matches = ObjRefHelper.GetStringMatches(matchesPtr, str);

                foreach (var match in matches)
                {
                    string matchText = ObjRefHelper.ReadYaraString(str);

                    if (!Matches.ContainsKey(matchText))
                    {
                        Matches.Add(matchText, new List <Match>());
                    }

                    Matches[matchText].Add(new Match(match));
                    if (ProfilingInfo == null)
                    {
                        var profInfo = ObjRefHelper.TryGetProfilingInfoForRule(profilingInfoPtr, (int)str.rule_idx);
                        if (profInfo.HasValue)
                        {
                            ProfilingInfo = new ProfilingInfo(profInfo.Value);
                        }
                    }
                }
            }
        }
Пример #2
0
 public ScanResult()
 {
     MatchingRule  = null;
     Matches       = new Dictionary <string, List <Match> >();
     ProfilingInfo = null;
 }