// ScanProc scans a live process using the ruleset.
func (r *Rules) ScanProc(pid int, flags int, timeout time.Duration) (matches []MatchRule, err error) {
dummy = &matches
err = newError(C.yr_rules_scan_proc(
r.cptr,
C.int(pid),
C.int(flags),
C.YR_CALLBACK_FUNC(C.rules_callback),
unsafe.Pointer(&matches),
C.int(timeout/time.Second)))
return
}
// ScanFileDescriptor scans a file using the ruleset.
func (r *Rules) ScanFileDescriptor(fd uintptr, flags ScanFlags, timeout time.Duration) (matches []MatchRule, err error) {
dummy = &matches
err = newError(C._yr_rules_scan_fd(
r.cptr,
C.int(fd),
C.int(flags),
C.YR_CALLBACK_FUNC(C.rules_callback),
unsafe.Pointer(&matches),
C.int(timeout/time.Second)))
return
}
// ScanFile scans a file using the ruleset.
func (r *Rules) ScanFile(filename string, flags ScanFlags, timeout time.Duration) (matches []MatchRule, err error) {
cfilename := C.CString(filename)
defer C.free(unsafe.Pointer(cfilename))
dummy = &matches
err = newError(C.yr_rules_scan_file(
r.cptr,
cfilename,
C.int(flags),
C.YR_CALLBACK_FUNC(C.rules_callback),
unsafe.Pointer(&matches),
C.int(timeout/time.Second)))
return
}
// ScanMem scans an in-memory buffer using the ruleset.
func (r *Rules) ScanMem(buf []byte, flags ScanFlags, timeout time.Duration) (matches []MatchRule, err error) {
var ptr *C.uint8_t
if len(buf) > 0 {
ptr = (*C.uint8_t)(unsafe.Pointer(&(buf[0])))
}
dummy = &matches
err = newError(C.yr_rules_scan_mem(
r.cptr,
ptr,
C.size_t(len(buf)),
C.int(flags),
C.YR_CALLBACK_FUNC(C.rules_callback),
unsafe.Pointer(&matches),
C.int(timeout/time.Second)))
return
}
