Skip to content
A .NET wrapper around the Yara pattern matching library
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Test.Yara.NET
Yara.NET
yara-3.5.0
.gitattributes
.gitignore
LICENSE
README.md
Yara.NET.sln

README.md

Yara.NET

Yara.NET is a C++/CLI .NET wrapper around the popular Yara project. It currently is compiled against Yara lib 3.5.0. The Yara.NET API was inspired/based on the Yara Python API and thus has a somewhat similar API.

Example:

string myYaraRule = "...my rule here...";
string namespaceName = null; //optional
List<YaraCompilationError> errors; //contains yara compile warnings. If there are any errors a YaraException is thrown from CompileFromSource
YaraRules yrRules = YaraNET.Yara.Instance.CompileFromSource(myYaraRule, namespaceName, false, null, out errors);
List<YaraMatch> matches = yrRules.MatchFile("C:\mypathtoscan.ext", null, false, 0);

Additionaly, MatchProcessMemory and MatchData are available to do Yara matching. These functions use respectively yr_rules_scan_mem, yr_rules_scan_file and yr_rules_scan_proc underwater.

You can’t perform that action at this time.