Module: Yara::FFI
- Extended by:
- FFI::Library
- Defined in:
- lib/yara/ffi.rb
Overview
Internal: Low-level FFI bindings to the YARA-X C API.
This module provides direct Ruby FFI bindings to the yara_x_capi library. It handles dynamic library loading with multiple fallback paths and exposes the raw C functions for rule compilation, scanning, and resource management.
The FFI module is primarily used internally by higher-level classes like Scanner. Direct usage requires careful memory management and error handling.
Examples
# Direct FFI usage (not recommended for normal use)
rules_ptr = FFI::MemoryPointer.new(:pointer)
result = Yara::FFI.yrx_compile("rule test { condition: true }", rules_ptr)
raise "Error: #{Yara::FFI.yrx_last_error}" unless result == Yara::FFI::YRX_SUCCESS
Defined Under Namespace
Classes: YRX_BUFFER, YRX_MATCH, YRX_METADATA, YRX_METADATA_BYTES
Constant Summary collapse
- YRX_SUCCESS =
Public: Operation completed successfully.
0- YRX_SYNTAX_ERROR =
Public: YARA rule syntax error during compilation.
1- YRX_VARIABLE_ERROR =
Public: Variable definition or reference error.
2- YRX_SCAN_ERROR =
Public: Error during scanning operation.
3- YRX_SCAN_TIMEOUT =
Public: Scanning operation timed out.
4- YRX_INVALID_ARGUMENT =
Public: Invalid argument passed to function.
5- YRX_METADATA_TYPE_I64 =
Public: 64-bit signed integer metadata value.
0- YRX_METADATA_TYPE_F64 =
Public: 64-bit floating point metadata value.
1- YRX_METADATA_TYPE_BOOLEAN =
Public: Boolean metadata value.
2- YRX_METADATA_TYPE_STRING =
Public: String metadata value.
3- YRX_METADATA_TYPE_BYTES =
Public: Bytes metadata value.
4- YRX_I64 =
Public: Alternative naming following YARA-X C API documentation. Maps to the same values as above for compatibility.
0- YRX_F64 =
1- YRX_BOOLEAN =
2- YRX_STRING =
3- YRX_BYTES =
4