int yr_rules_scan_file( YR_RULES* rules, const char* filename, YR_CALLBACK_FUNC callback, void* user_data, int fast_scan_mode, int timeout) { MAPPED_FILE mfile; int result; result = yr_filemap_map(filename, &mfile); if (result == ERROR_SUCCESS) { result = yr_rules_scan_mem( rules, mfile.data, mfile.size, callback, user_data, fast_scan_mode, timeout); yr_filemap_unmap(&mfile); } return result; }
int process_cmd_line( int argc, char const* argv[]) { char* equal_sign; char* value; int c; TAG* tag; IDENTIFIER* identifier; EXTERNAL* external; MODULE_DATA* module_data; YR_MAPPED_FILE mapped_file; opterr = 0; while ((c = getopt (argc, (char**) argv, "wrnsvgma:l:t:i:d:x:p:f")) != -1) { switch (c) { case 'v': printf("%s\n", PACKAGE_STRING); return 0; case 'r': recursive_search = TRUE; break; case 'g': show_tags = TRUE; break; case 'm': show_meta = TRUE; break; case 's': show_strings = TRUE; break; case 'w': show_warnings = FALSE; break; case 'f': fast_scan = TRUE; break; case 'n': negate = TRUE; break; case 't': show_specified_tags = TRUE; tag = malloc(sizeof(TAG)); if (tag != NULL) { tag->identifier = optarg; tag->next = specified_tags_list; specified_tags_list = tag; } else { fprintf(stderr, "Not enough memory.\n"); return 0; } break; case 'i': show_specified_rules = TRUE; identifier = malloc(sizeof(IDENTIFIER)); if (identifier != NULL) { identifier->name = optarg; identifier->next = specified_rules_list; specified_rules_list = identifier; } else { fprintf(stderr, "Not enough memory.\n"); return 0; } break; case 'd': equal_sign = strchr(optarg, '='); external = malloc(sizeof(EXTERNAL)); if (external != NULL) { external->name = optarg; external->next = externals_list; externals_list = external; } else { fprintf(stderr, "Not enough memory.\n"); return 0; } if (equal_sign != NULL) { *equal_sign = '\0'; value = equal_sign + 1; if (is_numeric(value)) { external->type = EXTERNAL_TYPE_INTEGER; external->integer = atoi(value); } else if (strcmp(value, "true") == 0 || strcmp(value, "false") == 0) { external->type = EXTERNAL_TYPE_BOOLEAN; external->boolean = strcmp(value, "true") == 0; } else { external->type = EXTERNAL_TYPE_STRING; external->string = value; } } break; case 'x': equal_sign = strchr(optarg, '='); if (equal_sign == NULL) { fprintf(stderr, "Wrong syntax for -x modifier.\n"); return 0; } module_data = (MODULE_DATA*) malloc(sizeof(MODULE_DATA)); if (module_data == NULL) { fprintf(stderr, "Not enough memory.\n"); return 0; } *equal_sign = '\0'; value = equal_sign + 1; if (yr_filemap_map(value, &mapped_file) != ERROR_SUCCESS) { free(module_data); fprintf(stderr, "Could not open file \"%s\".\n", value); return 0; } module_data->module_name = strdup(optarg); module_data->module_data = mapped_file.data; module_data->module_data_size = mapped_file.size; module_data->next = modules_data_list; modules_data_list = module_data; break; case 'l': limit = atoi(optarg); break; case 'a': timeout = atoi(optarg); break; case 'p': threads = atoi(optarg); break; case '?': if (optopt == 't') { fprintf(stderr, "Option -%c requires an argument.\n", optopt); } else if (isprint(optopt)) { fprintf(stderr, "Unknown option `-%c'.\n", optopt); } else { fprintf(stderr, "Unknown option character `\\x%x'.\n", optopt); } return 0; default: abort(); } } return 1; }