Tried something else and it works now...lol!
On Wed, Jan 20, 2021 at 5:10 AM Bryant Smith <[email protected]> wrote:
> I've been playing with the Yara API to scan PE files. Everything seems to
> be working except when trying to get all of the matches for the rules. I'm
> sure it has to do with the callback function when using
> yr_rules_scan_file() and I can retrieve one of the identifier matches but
> that's it.
>
> I duplicated one of the signatures and renamed the rule in each so I know
> they should match. The only place I can find the identifier is
> rule->identifier. I haven't been successful in find example code that does
> it. Any help would be appreciated.
>
> int scan_callback(
> YR_SCAN_CONTEXT* context,
> int message,
> void* message_data, //contains YR_RULE*
> void* user_data)
> {
> YR_RULE* rule = (YR_RULE*) message_data;
>
>
> If I run yara itself I get back 3
> > yara rules/* extract_files/FHHABdWzHcR8YPZOe
> Contains_PE_File2 extract_files/FHHABdWzHcR8YPZOe
> Contains_PE_File3 extract_files/FHHABdWzHcR8YPZOe
> Contains_PE_File extract_files/FHHABdWzHcR8YPZOe
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "YARA" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/yara-project/Qz56YlscBtU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/yara-project/2adcdab0-72b3-4454-a237-24aca5cefa77n%40googlegroups.com
> <https://groups.google.com/d/msgid/yara-project/2adcdab0-72b3-4454-a237-24aca5cefa77n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/yara-project/CAFnkJKm3AjSHahW7WdbNLd%3D_%3DEMZP67CuRkdUOP057oYy_6tRA%40mail.gmail.com.
