1
0
mirror of synced 2024-12-14 08:42:54 +01:00
ImHex/plugins/yara_rules/include/content/yara_rule.hpp

60 lines
1.3 KiB
C++
Raw Normal View History

2024-02-21 22:08:26 +01:00
#pragma once
#include <hex/providers/provider.hpp>
#include <string>
#include <vector>
#include <wolv/utils/expected.hpp>
namespace hex::plugin::yara {
class YaraRule {
public:
YaraRule() = default;
explicit YaraRule(const std::string& content);
explicit YaraRule(const std::fs::path& path);
static void init();
static void cleanup();
struct Match {
std::string variable;
Region region;
bool wholeDataMatch;
};
struct Rule {
std::string identifier;
std::map<std::string, std::string> metadata;
std::vector<std::string> tags;
2024-02-21 22:08:26 +01:00
std::vector<Match> matches;
};
struct Result {
std::vector<Rule> matchedRules;
2024-02-21 22:08:26 +01:00
std::vector<std::string> consoleMessages;
};
struct Error {
enum class Type {
CompileError,
RuntimeError,
Interrupted
} type;
std::string message;
};
2024-02-21 23:17:12 +01:00
wolv::util::Expected<Result, Error> match(prv::Provider *provider, Region region);
2024-02-21 22:08:26 +01:00
void interrupt();
[[nodiscard]] bool isInterrupted() const;
private:
std::string m_content;
std::fs::path m_filePath;
std::atomic<bool> m_interrupted = false;
};
}