yara-scan.cpp File Reference

#include "PanoptesYara.h"
#include <iostream>
#include <fstream>
#include <stdexcept>

Go to the source code of this file.

Functions
std::vector< uint8_t >	readFileToBuffer (const std::string &filename)
	Read a file to a buffer.
void	matchingRule (const struct YRX_RULE *rule, void *user_data)
	Callback function for the YARA rules.

Function Documentation

matchingRule()

void matchingRule	(	const struct YRX_RULE *	rule,
		void *	user_data
	)

Callback function for the YARA rules.

Parameters

rule	The rule that was matched
user_data	The user data that was passed to the callback containing the detected rules

Definition at line 63 of file yara-scan.cpp.

                                                                {
    const uint8_t* ns;
    size_t ns_len;
    const uint8_t* ident;
    size_t ident_len;
    std::vector<string>* detectedRules = (std::vector<string>*)user_data;
 
    //yrx_rule_iter_metadata(rule, metaCallback, user_data);
    yrx_rule_namespace(rule, &ns, &ns_len);
    yrx_rule_identifier(rule, &ident, &ident_len);
 
    detectedRules->push_back(std::string(ns, ns + ns_len) + "::" + 
        std::string(ident, ident + ident_len));
}

Referenced by YaraScanner::YaraScanFile().

readFileToBuffer()

std::vector< uint8_t > readFileToBuffer

(

const std::string &

filename

)

Read a file to a buffer.

Parameters

filename

The path to the file to read

Returns

A vector of uint8_t containing the file data

Definition at line 9 of file yara-scan.cpp.

                                                               {
    std::ifstream file(filename, std::ios::binary | std::ios::ate);
    std::vector<uint8_t> buffer;
 
    if (!file.is_open()) {
        std::cerr << "Error: Could not open file " << filename << " for reading." << std::endl;
        return buffer; // Return empty buffer
    }
 
    // Get the file size
    std::streamsize size = file.tellg();
    file.seekg(0, std::ios::beg);
 
    // Reserve space in the buffer
    buffer.resize(size);
 
    // Read the file
    if (!file.read(reinterpret_cast<char*>(buffer.data()), size)) {
        std::cerr << "Error: Failed to read data from file " << filename << std::endl;
        buffer.clear(); // Clear the buffer on error
    }
 
    file.close();
    return buffer;
}

Referenced by YaraScanner::YaraScanFile(), and YaraScanner::YaraScanner().