Hello I am trying to write module for Yara that loads the file into memory, loads some user provided signatures, alters both the file and the signatures, and then runs a scan for the altered signatures in the altered file.
I have been following the "How to write your own module" documentation to initialize the module and declare its functions. However, I am having trouble understanding Yara C API. How can I use yr_rules_scan_mem or another function to scan the altered file (stored in the program as a `uint8_t`) with an altered signature (also stored as `uint8_t`)? Thanks, Jared Jones -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/yara-project/dc958701-3525-4ecb-a943-8678b2352ba9%40googlegroups.com.
