Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added a CustomScanner to wrap yr_scanner routines #5

Merged
merged 1 commit into from Aug 24, 2020
Merged

Added a CustomScanner to wrap yr_scanner routines #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
204 changes: 158 additions & 46 deletions Libraries/dnYara.Interop/Interops/Methods.cs
View file
Open in desktop
Expand Up @@ -36,9 +36,9 @@ public class Methods
///user_data: void*
[DllImport(YaraLibName, EntryPoint = "_yr_compiler_default_include_callback")]
public static extern IntPtr _yr_compiler_default_include_callback(
[In, MarshalAs(UnmanagedType.LPStr)] string include_name,
[In, MarshalAs(UnmanagedType.LPStr)] string calling_rule_filename,
[In, MarshalAs(UnmanagedType.LPStr)] string calling_rule_namespace,
[In, MarshalAs(UnmanagedType.LPStr)] string include_name,
[In, MarshalAs(UnmanagedType.LPStr)] string calling_rule_filename,
[In, MarshalAs(UnmanagedType.LPStr)] string calling_rule_namespace,
IntPtr user_data);


Expand All @@ -60,8 +60,8 @@ public class Methods
///user_data: void*
[DllImport(YaraLibName, EntryPoint = "yr_compiler_set_callback")]
public static extern void yr_compiler_set_callback(
IntPtr compiler,
YR_COMPILER_CALLBACK_FUNC callback,
IntPtr compiler,
YR_COMPILER_CALLBACK_FUNC callback,
IntPtr user_data);


Expand All @@ -72,9 +72,9 @@ public class Methods
///user_data: void*
[DllImport(YaraLibName, EntryPoint = "yr_compiler_set_include_callback")]
public static extern void yr_compiler_set_include_callback(
IntPtr compiler,
YR_COMPILER_INCLUDE_CALLBACK_FUNC include_callback,
YR_COMPILER_INCLUDE_FREE_FUNC include_free,
IntPtr compiler,
YR_COMPILER_INCLUDE_CALLBACK_FUNC include_callback,
YR_COMPILER_INCLUDE_FREE_FUNC include_free,
IntPtr user_data);


Expand All @@ -84,8 +84,8 @@ public class Methods
///user_data: void*
[DllImport(YaraLibName, EntryPoint = "yr_compiler_set_re_ast_callback")]
public static extern void yr_compiler_set_re_ast_callback(
IntPtr compiler,
YR_COMPILER_RE_AST_CALLBACK_FUNC re_ast_callback,
IntPtr compiler,
YR_COMPILER_RE_AST_CALLBACK_FUNC re_ast_callback,
IntPtr user_data);


Expand All @@ -104,8 +104,8 @@ public class Methods
///warning_threshold: unsigned char
[DllImport(YaraLibName, EntryPoint = "yr_compiler_load_atom_quality_table")]
public static extern int yr_compiler_load_atom_quality_table(
IntPtr compiler,
[In, MarshalAs(UnmanagedType.LPStr)] string filename,
IntPtr compiler,
[In, MarshalAs(UnmanagedType.LPStr)] string filename,
byte warning_threshold);


Expand All @@ -116,9 +116,9 @@ public class Methods
///file_name: char*
[DllImport(YaraLibName, EntryPoint = "yr_compiler_add_file", SetLastError = false)]
public static extern int yr_compiler_add_file(
IntPtr compilerPtr,
IntPtr compilerPtr,
IntPtr filePtr,
[In, MarshalAs(UnmanagedType.LPStr)] string namespace_,
[In, MarshalAs(UnmanagedType.LPStr)] string namespace_,
[In, MarshalAs(UnmanagedType.LPStr)] string file_name);


Expand All @@ -129,9 +129,9 @@ public class Methods
///file_name: char*
[DllImport(YaraLibName, EntryPoint = "yr_compiler_add_fd")]
public static extern int yr_compiler_add_fd(
IntPtr compiler,
IntPtr rules_fd,
[In, MarshalAs(UnmanagedType.LPStr)] string namespace_,
IntPtr compiler,
IntPtr rules_fd,
[In, MarshalAs(UnmanagedType.LPStr)] string namespace_,
[In, MarshalAs(UnmanagedType.LPStr)] string file_name);


Expand All @@ -141,8 +141,8 @@ public class Methods
///namespace_: char*
[DllImport(YaraLibName, EntryPoint = "yr_compiler_add_string")]
public static extern int yr_compiler_add_string(
IntPtr compilerPtr,
[In, MarshalAs(UnmanagedType.LPStr)] string rules_string,
IntPtr compilerPtr,
[In, MarshalAs(UnmanagedType.LPStr)] string rules_string,
[In, MarshalAs(UnmanagedType.LPStr)] string namespace_);


Expand All @@ -163,22 +163,22 @@ public class Methods
/// Return Type: int
///compiler: YR_COMPILER*
///identifier: char*
///value: int
///value: int64_t
[DllImport(YaraLibName, EntryPoint = "yr_compiler_define_integer_variable")]
public static extern int yr_compiler_define_integer_variable(
IntPtr compiler,
[In, MarshalAs(UnmanagedType.LPStr)] string identifier,
int value);
public static extern YARA_ERROR yr_compiler_define_integer_variable(
IntPtr compiler,
[In, MarshalAs(UnmanagedType.LPStr)] string identifier,
long value);


/// Return Type: int
///compiler: YR_COMPILER*
///identifier: char*
///value: int
[DllImport(YaraLibName, EntryPoint = "yr_compiler_define_boolean_variable")]
public static extern int yr_compiler_define_boolean_variable(
IntPtr compiler,
[In, MarshalAs(UnmanagedType.LPStr)] string identifier,
public static extern YARA_ERROR yr_compiler_define_boolean_variable(
IntPtr compiler,
[In, MarshalAs(UnmanagedType.LPStr)] string identifier,
int value);


Expand All @@ -187,9 +187,9 @@ public class Methods
///identifier: char*
///value: double
[DllImport(YaraLibName, EntryPoint = "yr_compiler_define_float_variable")]
public static extern int yr_compiler_define_float_variable(
IntPtr compiler,
[In, MarshalAs(UnmanagedType.LPStr)] string identifier,
public static extern YARA_ERROR yr_compiler_define_float_variable(
IntPtr compiler,
[In, MarshalAs(UnmanagedType.LPStr)] string identifier,
double value);


Expand All @@ -198,9 +198,9 @@ public class Methods
///identifier: char*
///value: char*
[DllImport(YaraLibName, EntryPoint = "yr_compiler_define_string_variable")]
public static extern int yr_compiler_define_string_variable(
IntPtr compiler,
[In, MarshalAs(UnmanagedType.LPStr)] string identifier,
public static extern YARA_ERROR yr_compiler_define_string_variable(
IntPtr compiler,
[In, MarshalAs(UnmanagedType.LPStr)] string identifier,
[In, MarshalAs(UnmanagedType.LPStr)] string value);


Expand All @@ -209,7 +209,7 @@ public class Methods
///rules: YR_RULES**
[DllImport(YaraLibName, EntryPoint = "yr_compiler_get_rules")]
public static extern YARA_ERROR yr_compiler_get_rules(
IntPtr compilerPtr,
IntPtr compilerPtr,
ref IntPtr rules);


Expand All @@ -226,7 +226,7 @@ public class Methods
[DllImport(YaraLibName, CallingConvention = CallingConvention.Cdecl)]
public static extern void yr_finalize();


/// Return Type: void
[DllImport(YaraLibName, EntryPoint = "yr_finalize_thread")]
public static extern void yr_finalize_thread();
Expand Down Expand Up @@ -268,11 +268,11 @@ public class Methods
public static extern YARA_ERROR yr_rules_scan_mem(
IntPtr rulesPtr,
IntPtr buffer,
ulong buffer_size,
int flags,
ulong buffer_size,
int flags,
[MarshalAs(UnmanagedType.FunctionPtr)]
YR_CALLBACK_FUNC callback,
IntPtr user_data,
YR_CALLBACK_FUNC callback,
IntPtr user_data,
int timeout);

/// int yr_rules_save(YR_RULES* rules, const char* filename)
Expand All @@ -299,9 +299,9 @@ public class Methods
[DllImport(YaraLibName, EntryPoint = "yr_rules_scan_proc")]
public static extern YARA_ERROR yr_rules_scan_proc(
IntPtr rules,
int pid, int flags,
YR_CALLBACK_FUNC callback,
IntPtr user_data,
int pid, int flags,
YR_CALLBACK_FUNC callback,
IntPtr user_data,
int timeout);


Expand All @@ -315,11 +315,123 @@ public class Methods
[DllImport(YaraLibName, EntryPoint = "yr_rules_scan_file")]
public static extern YARA_ERROR yr_rules_scan_file(
IntPtr rules,
[In, MarshalAs(UnmanagedType.LPStr)] string filename,
int flags,
YR_CALLBACK_FUNC callback,
IntPtr user_data,
[In, MarshalAs(UnmanagedType.LPStr)] string filename,
int flags,
YR_CALLBACK_FUNC callback,
IntPtr user_data,
int timeout);



/// Return Type: int
///rules: YR_RULES*
///scanner: YR_SCAN_CONTEXT**
[DllImport(YaraLibName, EntryPoint = "yr_scanner_create")]
public static extern YARA_ERROR yr_scanner_create(
IntPtr rules,
out IntPtr scanner);


/// Return Type: int
///scanner: YR_SCAN_CONTEXT*
[DllImport(YaraLibName, EntryPoint = "yr_scanner_destroy")]
public static extern YARA_ERROR yr_scanner_destroy(
IntPtr scanner);


/// Return Type: void
///scanner: YR_SCAN_CONTEXT*
///callback: YR_CALLBACK_FUNC
///user_data: void*
[DllImport(YaraLibName, EntryPoint = "yr_scanner_set_callback")]
public static extern void yr_scanner_set_callback(
IntPtr scanner,
YR_CALLBACK_FUNC callback,
IntPtr user_data
);


/// Return Type: int
///scanner: YR_SCAN_CONTEXT*
///timeout: int
[DllImport(YaraLibName, EntryPoint = "yr_scanner_set_timeout")]
public static extern void yr_scanner_set_timeout(
IntPtr scanner,
int timeout);


/// Return Type: void
///scanner: YR_SCAN_CONTEXT*
///flags: int
[DllImport(YaraLibName, EntryPoint = "yr_scanner_set_flags")]
public static extern void yr_scanner_set_flags(
IntPtr scanner,
int flags);


/// Return Type: int
///scanner: YR_SCAN_CONTEXT*
///identifier: char*
///value: long
[DllImport(YaraLibName, EntryPoint = "yr_scanner_define_integer_variable")]
public static extern YARA_ERROR yr_scanner_define_integer_variable(
IntPtr scanner,
[In, MarshalAs(UnmanagedType.LPStr)] string identifier,
long value);


/// Return Type: int
///scanner: YR_SCAN_CONTEXT*
///identifier: char*
///value: int
[DllImport(YaraLibName, EntryPoint = "yr_scanner_define_boolean_variable")]
public static extern YARA_ERROR yr_scanner_define_boolean_variable(
IntPtr scanner,
[In, MarshalAs(UnmanagedType.LPStr)] string identifier,
int value);


/// Return Type: int
///scanner: YR_SCAN_CONTEXT*
///identifier: char*
///value: double
[DllImport(YaraLibName, EntryPoint = "yr_scanner_define_float_variable")]
public static extern YARA_ERROR yr_scanner_define_float_variable(
IntPtr scanner,
[In, MarshalAs(UnmanagedType.LPStr)] string identifier,
double value);


/// Return Type: int
///scanner: YR_SCAN_CONTEXT*
///identifier: char*
///value: char*
[DllImport(YaraLibName, EntryPoint = "yr_scanner_define_string_variable")]
public static extern YARA_ERROR yr_scanner_define_string_variable(
IntPtr scanner,
[In, MarshalAs(UnmanagedType.LPStr)] string identifier,
[In, MarshalAs(UnmanagedType.LPStr)] string value
);


/// Return Type: int
///scanner: YR_SCAN_CONTEXT*
///buffer: const uint8_t*
///buffer_size: size_t
[DllImport(YaraLibName, EntryPoint = "yr_scanner_scan_mem")]
public static extern YARA_ERROR yr_scanner_scan_mem(
IntPtr scanner,
IntPtr buffer,
ulong buffer_size);


/// Return Type: int
///scanner: YR_SCAN_CONTEXT*
///filename: char*
[DllImport(YaraLibName, EntryPoint = "yr_scanner_scan_file")]
public static extern YARA_ERROR yr_scanner_scan_file(
IntPtr scanner,
[In, MarshalAs(UnmanagedType.LPStr)] string filename);

}
}
44 changes: 44 additions & 0 deletions dnYara/Compiler.cs
View file
Open in desktop
Expand Up @@ -92,6 +92,50 @@ public void AddRuleString(string rule)
throw new CompilationException(compilationErrors);
}

public void DeclareExternalStringVariable(string name, string defaultValue = "")
{
var errors = Methods.yr_compiler_define_string_variable(
compilerPtr,
name,
defaultValue);

if (errors != 0)
throw new InvalidDataException($"Error {errors} in DeclareExternalStringVariable '{name}'='{defaultValue}'");
}

public void DeclareExternalIntVariable(string name, long defaultValue = 0)
{
var errors = Methods.yr_scanner_define_integer_variable(
compilerPtr,
name,
defaultValue);

if (errors != 0)
throw new InvalidDataException($"Error {errors} in DeclareExternalIntVariable '{name}'={defaultValue}");
}

public void DeclareExternalFloatVariable(string name, double defaultValue = 0)
{
var errors = Methods.yr_scanner_define_float_variable(
compilerPtr,
name,
defaultValue);

if (errors != 0)
throw new InvalidDataException($"Error {errors} in DeclareExternalFloatVariable setting '{name}'={defaultValue}");
}

public void DeclareExternalBooleanVariable(string name, bool defaultValue = false)
{
var errors = Methods.yr_compiler_define_boolean_variable(
compilerPtr,
name,
defaultValue == true ? 1 : 0);

if (errors != 0)
throw new InvalidDataException($"Error {errors} in DeclareExternalBooleanVariable setting '{name}'={defaultValue}");
}

public CompiledRules Compile()
{
IntPtr rulesPtr = new IntPtr();
Expand Down