Versions in this module Expand all Collapse all v4 v4.2.4 Aug 31, 2022 Changes in this version + const ConfigMaxMatchData + const ConfigMaxProcessMemoryChunk + const ConfigMaxStringsPerRule + const ConfigStackSize + const ScanFlagsFastMode + const ScanFlagsProcessMemory + func Finalize() error + func GetConfiguration(name ConfigName) (interface{}, error) + func SetConfiguration(name ConfigName, src interface{}) error + type Compiler struct + Errors []CompilerMessage + Warnings []CompilerMessage + func NewCompiler() (*Compiler, error) + func (c *Compiler) AddFile(file *os.File, namespace string) (err error) + func (c *Compiler) AddString(rules string, namespace string) (err error) + func (c *Compiler) DefineVariable(identifier string, value interface{}) (err error) + func (c *Compiler) Destroy() + func (c *Compiler) DisableIncludes() + func (c *Compiler) GetRules() (*Rules, error) + func (c *Compiler) SetIncludeCallback(cb CompilerIncludeFunc) + type CompilerIncludeFunc func(name, filename, namespace string) []byte + type CompilerMessage struct + Filename string + Line int + Rule *Rule + Text string + type ConfigName uint32 + type Error int + func (e Error) Error() string + type Match struct + func (m *Match) Base() int64 + func (m *Match) Data() []byte + func (m *Match) Offset() int64 + type MatchRule struct + Metas []Meta + Namespace string + Rule string + Strings []MatchString + Tags []string + type MatchRules []MatchRule + func (mr *MatchRules) RuleMatching(sc *ScanContext, r *Rule) (abort bool, err error) + type MatchString struct + Base uint64 + Data []byte + Name string + Offset uint64 + type MemoryBlock struct + Base uint64 + FetchData func([]byte) + Size uint64 + type MemoryBlockIterator interface + First func() *MemoryBlock + Next func() *MemoryBlock + type MemoryBlockIteratorWithFilesize interface + Filesize func() uint64 + type Meta struct + Identifier string + Value interface{} + type Object struct + type Rule struct + func (r *Rule) Disable() + func (r *Rule) Enable() + func (r *Rule) Identifier() string + func (r *Rule) IsGlobal() bool + func (r *Rule) IsPrivate() bool + func (r *Rule) Metas() (metas []Meta) + func (r *Rule) Namespace() string + func (r *Rule) Strings() (strs []String) + func (r *Rule) Tags() (tags []string) + type RuleProfilingInfo struct + Cost uint64 + type Rules struct + func Compile(rules string, variables map[string]interface{}) (r *Rules, err error) + func LoadRules(filename string) (*Rules, error) + func MustCompile(rules string, variables map[string]interface{}) (r *Rules) + func ReadRules(rd io.Reader) (*Rules, error) + func (r *Rules) DefineVariable(identifier string, value interface{}) (err error) + func (r *Rules) Destroy() + func (r *Rules) GetRules() (rules []Rule) + func (r *Rules) Save(filename string) (err error) + func (r *Rules) ScanFile(filename string, flags ScanFlags, timeout time.Duration, cb ScanCallback) (err error) + func (r *Rules) ScanFileDescriptor(fd uintptr, flags ScanFlags, timeout time.Duration, cb ScanCallback) (err error) + func (r *Rules) ScanMem(buf []byte, flags ScanFlags, timeout time.Duration, cb ScanCallback) (err error) + func (r *Rules) ScanMemBlocks(mbi MemoryBlockIterator, flags ScanFlags, timeout time.Duration, ...) (err error) + func (r *Rules) ScanProc(pid int, flags ScanFlags, timeout time.Duration, cb ScanCallback) (err error) + func (r *Rules) Write(wr io.Writer) (err error) + type ScanCallback interface + RuleMatching func(*ScanContext, *Rule) (bool, error) + type ScanCallbackConsoleLog interface + ConsoleLog func(*ScanContext, string) + type ScanCallbackFinished interface + ScanFinished func(*ScanContext) (bool, error) + type ScanCallbackModuleImport interface + ImportModule func(*ScanContext, string) ([]byte, bool, error) + type ScanCallbackModuleImportFinished interface + ModuleImported func(*ScanContext, *Object) (bool, error) + type ScanCallbackNoMatch interface + RuleNotMatching func(*ScanContext, *Rule) (bool, error) + type ScanContext struct + type ScanFlags int + type Scanner struct + Callback ScanCallback + func NewScanner(r *Rules) (*Scanner, error) + func (s *Scanner) DefineVariable(identifier string, value interface{}) (err error) + func (s *Scanner) Destroy() + func (s *Scanner) GetLastErrorRule() (r *Rule) + func (s *Scanner) GetLastErrorString() (r *String) + func (s *Scanner) GetProfilingInfo() (rpis []RuleProfilingInfo) + func (s *Scanner) ResetProfilingInfo() + func (s *Scanner) ScanFile(filename string) (err error) + func (s *Scanner) ScanFileDescriptor(fd uintptr) (err error) + func (s *Scanner) ScanMem(buf []byte) (err error) + func (s *Scanner) ScanMemBlocks(mbi MemoryBlockIterator) (err error) + func (s *Scanner) ScanProc(pid int) (err error) + func (s *Scanner) SetCallback(cb ScanCallback) *Scanner + func (s *Scanner) SetFileExt(ext string) + func (s *Scanner) SetFlags(flags ScanFlags) *Scanner + func (s *Scanner) SetTimeout(timeout time.Duration) *Scanner + type String struct + func (s *String) Identifier() string + func (s *String) Matches(sc *ScanContext) (matches []Match)