Newbie question - The instructions to get .net rules appear to be
straight-forward, but it doesn't appear to be working.
I've followed the install and configure instructions:
./bootstrap.sh
./configure --dotnet
make
make install
ar -t /usr/local/lib/libyara.a shows dotnet.o in libyara.a
However, when I'm trying to compile a rule in a file that just has "import
dotnet" at the top. I get compiler error no 34, which I believe is "
ERROR_UNKNOWN_MODULE".
compiler->last error is 34
compiler->last_error_extra_info is do
compiler->last_error_line is 1 [the line that says "import dotnet"]
Code is
****
int main(int argc, char **argv) {
int result = 0;
/* Initialize libyara */
result = yr_initialize(); /* returns int */
printf("initialize result: %d\n",result);
/* Create new compiler instance. */
result = yr_compiler_create(&comp_ctx);
printf("compiler instance: %d\n",result);
/* Load rule file, and compile it. */
FILE *rule = fopen(YARA_CHAT_RULE, "r");
result = yr_compiler_add_file(comp_ctx, rule, NULL, YARA_CHAT_RULE);
printf("compile error on entry : error no.: %d\n",comp_ctx->last_error);
printf("compile error on entry : error info:
%s\n",comp_ctx->last_error_extra_info);
printf("compile error on entry : error line:
%d\n",comp_ctx->last_error_line);
printf("no. compile errors: %d\n", result);
****
Creating the compiler returns 0
Any reason why I can't get the dotnet module to be recognized?
I'm on Centos Linux version 3.10.0-862.14.4.el7.x86_64 (gcc version 4.8.5
20150623 (Red Hat 4.8.5-28) (GCC) ) #1 SMP Wed Sep 26 15:12:11 UTC 2018
Yara version is 3.8.1
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
