-
Notifications
You must be signed in to change notification settings - Fork 0
/
yara.mli
42 lines (36 loc) · 1.21 KB
/
yara.mli
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
type yrcompiler
type yrcptr = yrcompiler Ctypes.ptr
type yrcptrptr = yrcompiler Ctypes.ptr Ctypes.ptr
type yrmeta
type yrnamespace
type yrstring
type yrrule
type yrrules
type yara_meta = {
identifier : string;
typ : int;
}
type yara_namespace = {
name : string;
}
type yara_string = {
identifier : string;
str : string;
}
type yara_rule = {
identifier : string;
tags : string;
(*
metas : yara_meta list;
strings : yara_string list;
ns : yara_namespace list;
*)
}
val yara_init : unit -> unit Core.Or_error.t
val yara_deinit : unit -> unit Core.Or_error.t
val yara_create : unit -> yrcompiler Ctypes.structure Ctypes.ptr Core.Or_error.t
val yara_add_string : yrcompiler Ctypes.structure Ctypes.ptr -> string -> string -> unit Core.Or_error.t
val yara_add_file : yrcompiler Ctypes.structure Ctypes.ptr -> string -> string -> unit Core.Or_error.t
val yara_get_rules : yrcompiler Ctypes.structure Ctypes.ptr -> yrrules Ctypes.structure Ctypes.ptr Core.Or_error.t
val yara_scan_mem : yrrules Ctypes.structure Ctypes.ptr -> string -> (yara_rule -> unit) -> unit Core.Or_error.t
val yara_scan_file : yrrules Ctypes.structure Ctypes.ptr -> string -> (yara_rule -> unit) -> unit Core.Or_error.t