gnh1201/welsonjs
1
0
Fork 0
mirror of https://github.com/gnh1201/welsonjs.git synced 2025-03-12 08:55:14 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Update FileEventMonitor

Browse Source
This commit is contained in:
Namhyeon Go 2024-08-12 17:08:32 +09:00
parent 15bd7d40db
commit 4ece37fdf4
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
WelsonJS.Toolkit/WelsonJS.Service/FileEventMonitor.cs
View File

@ -6,6 +6,7 @@ using System.IO;
using libyaraNET; using libyaraNET;
using System.Collections.Generic; using System.Collections.Generic;
using System.ServiceProcess; using System.ServiceProcess;
using WelsonJS.Service.Model;
namespace WelsonJS.Service namespace WelsonJS.Service
{ {
@ -169,6 +170,14 @@ namespace WelsonJS.Service
{ {
parent.Log($"YARA rule matched: {ruleName}, {filePath}, Offset {x.Offset}"); parent.Log($"YARA rule matched: {ruleName}, {filePath}, Offset {x.Offset}");
parent.DispatchServiceEvent("fileRuleMatched", new string[] { ruleName, filePath, x.Offset.ToString() }); parent.DispatchServiceEvent("fileRuleMatched", new string[] { ruleName, filePath, x.Offset.ToString() });
IndexMatched(new FileRuleMatched
{
FilePath = filePath,
Offset = x.Offset,
RuleName = ruleName,
LastChecked = DateTime.Now
});
}); });
} }
} }
@ -180,6 +189,11 @@ namespace WelsonJS.Service
} }
} }
private void IndexMatched(FileRuleMatched match)
{
// todo (save result to the search engine)
}
private void Dispose() private void Dispose()
{ {
if (rules != null) if (rules != null)

1
WelsonJS.Toolkit/WelsonJS.Service/Model/FileRuleMatched.cs
View File

@ -6,6 +6,7 @@ namespace WelsonJS.Service.Model
{ {
public string Id { get; set; } public string Id { get; set; }
public string FilePath { get; set; } public string FilePath { get; set; }
public ulong Offset { get; set; }
public string RuleName { get; set; } public string RuleName { get; set; }
public DateTime LastChecked { get; set; } public DateTime LastChecked { get; set; }
} }