1
0
mirror of synced 2025-01-19 01:24:15 +01:00
2024-02-22 20:49:21 +01:00

60 lines
1.3 KiB
C++

#pragma once
#include <hex/providers/provider.hpp>
#include <string>
#include <vector>
#include <wolv/utils/expected.hpp>
namespace hex::plugin::yara {
class YaraRule {
public:
YaraRule() = default;
explicit YaraRule(const std::string& content);
explicit YaraRule(const std::fs::path& path);
static void init();
static void cleanup();
struct Match {
std::string variable;
Region region;
bool wholeDataMatch;
};
struct Rule {
std::string identifier;
std::map<std::string, std::string> metadata;
std::vector<std::string> tags;
std::vector<Match> matches;
};
struct Result {
std::vector<Rule> matchedRules;
std::vector<std::string> consoleMessages;
};
struct Error {
enum class Type {
CompileError,
RuntimeError,
Interrupted
} type;
std::string message;
};
wolv::util::Expected<Result, Error> match(prv::Provider *provider, Region region);
void interrupt();
[[nodiscard]] bool isInterrupted() const;
private:
std::string m_content;
std::fs::path m_filePath;
std::atomic<bool> m_interrupted = false;
};
}