Monthly Archives: August 2015

Yara.NET – A .NET wrapper around Yara

Today I publish Yara.NET – A C++/CLI .NET wrapper around the Yara 3.4.0 library. It enables you to use all the Yara functionality that the native C lib exposes in .NET! Yara.NET API was inspired by the Python API and has thus a somewhat similar API. Why is it built in C++/CLI and not C#? Because building a wrapper library in C# around a native library is a pain compared to using C++/CLI. Using C++/CLI you can link directly against the native lib and use all of the existing header files without the need to redefine every function using PInvoke..

Continue reading →

.NET, PInvoke and memory corruption

Figure 1, .NET Pinvoke memory corruption

Today I ran into some old screenshots of a problem I was having in 2013. Interesting problem! I was trying retrieve a piece of data that was located in another process memory space using the ReadProcessMemory API. I defined the API using PInvoke(Platform Invoke), a technique used to call native functions from .NET. The issue I was having was that only under Windows 8 I was getting a NullReferenceException and initially I had no clue why. Continue reading →

Tool – Multi Tab Command Line (2)

I decided to dust off some old projects! I decided to post the source for the multi tab command line utility I wrote some time ago. Note that I don’t intend to support or further develop it. Just want to share 😉

https://github.com/jellever/JeSCommandLine