Looking at the documentation for 3.8.1, docnet.assembly.name appears to be a valid name, example given: *Example: dotnet.assembly.name == “Keylogger”*
On Wednesday, November 7, 2018 at 2:33:15 PM UTC-5, [email protected] wrote: > > Sorry, typo in my question. I actually did use ./configure > --enable-dotnet and I get the error described. > > Reinstalling again, however, I get error no. 33, ERROR_INVALID_FIELD_NAME > on a line in another rules file that has dotnet.assembly.name. > > How can I determine what field names are valid or what part of > dotnet.assembly.name is not valid? > > > > On Wednesday, November 7, 2018 at 2:09:37 PM UTC-5, [email protected] > wrote: >> >> >> Newbie question - The instructions to get .net rules appear to be >> straight-forward, but it doesn't appear to be working. >> >> >> I've followed the install and configure instructions: >> >> ./bootstrap.sh >> ./configure --dotnet >> make >> make install >> >> ar -t /usr/local/lib/libyara.a shows dotnet.o in libyara.a >> >> However, when I'm trying to compile a rule in a file that just has >> "import dotnet" at the top. I get compiler error no 34, which I believe is " >> ERROR_UNKNOWN_MODULE". >> >> compiler->last error is 34 >> compiler->last_error_extra_info is do >> compiler->last_error_line is 1 [the line that says "import dotnet"] >> >> Code is >> >> **** >> int main(int argc, char **argv) { >> >> int result = 0; >> >> /* Initialize libyara */ >> result = yr_initialize(); /* returns int */ >> printf("initialize result: %d\n",result); >> >> /* Create new compiler instance. */ >> result = yr_compiler_create(&comp_ctx); >> printf("compiler instance: %d\n",result); >> >> /* Load rule file, and compile it. */ >> FILE *rule = fopen(YARA_CHAT_RULE, "r"); >> result = yr_compiler_add_file(comp_ctx, rule, NULL, YARA_CHAT_RULE); >> printf("compile error on entry : error no.: >> %d\n",comp_ctx->last_error); >> printf("compile error on entry : error info: >> %s\n",comp_ctx->last_error_extra_info); >> printf("compile error on entry : error line: >> %d\n",comp_ctx->last_error_line); >> printf("no. compile errors: %d\n", result); >> >> **** >> >> Creating the compiler returns 0 >> >> Any reason why I can't get the dotnet module to be recognized? >> I'm on Centos Linux version 3.10.0-862.14.4.el7.x86_64 (gcc version 4.8.5 >> 20150623 (Red Hat 4.8.5-28) (GCC) ) #1 SMP Wed Sep 26 15:12:11 UTC 2018 >> Yara version is 3.8.1 >> >> >> >> >> >> -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
