Sorry, typo in my question. I actually did use ./configure --enable-dotnet and I get the error described.
Reinstalling again, however, I get error no. 33, ERROR_INVALID_FIELD_NAME on a line in another rules file that has dotnet.assembly.name. How can I determine what field names are valid or what part of dotnet.assembly.name is not valid? On Wednesday, November 7, 2018 at 2:09:37 PM UTC-5, [email protected] wrote: > > > Newbie question - The instructions to get .net rules appear to be > straight-forward, but it doesn't appear to be working. > > > I've followed the install and configure instructions: > > ./bootstrap.sh > ./configure --dotnet > make > make install > > ar -t /usr/local/lib/libyara.a shows dotnet.o in libyara.a > > However, when I'm trying to compile a rule in a file that just has "import > dotnet" at the top. I get compiler error no 34, which I believe is " > ERROR_UNKNOWN_MODULE". > > compiler->last error is 34 > compiler->last_error_extra_info is do > compiler->last_error_line is 1 [the line that says "import dotnet"] > > Code is > > **** > int main(int argc, char **argv) { > > int result = 0; > > /* Initialize libyara */ > result = yr_initialize(); /* returns int */ > printf("initialize result: %d\n",result); > > /* Create new compiler instance. */ > result = yr_compiler_create(&comp_ctx); > printf("compiler instance: %d\n",result); > > /* Load rule file, and compile it. */ > FILE *rule = fopen(YARA_CHAT_RULE, "r"); > result = yr_compiler_add_file(comp_ctx, rule, NULL, YARA_CHAT_RULE); > printf("compile error on entry : error no.: %d\n",comp_ctx->last_error); > printf("compile error on entry : error info: > %s\n",comp_ctx->last_error_extra_info); > printf("compile error on entry : error line: > %d\n",comp_ctx->last_error_line); > printf("no. compile errors: %d\n", result); > > **** > > Creating the compiler returns 0 > > Any reason why I can't get the dotnet module to be recognized? > I'm on Centos Linux version 3.10.0-862.14.4.el7.x86_64 (gcc version 4.8.5 > 20150623 (Red Hat 4.8.5-28) (GCC) ) #1 SMP Wed Sep 26 15:12:11 UTC 2018 > Yara version is 3.8.1 > > > > > > -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
