This error did not start showing up until I upgraded to Windows 10 Build 1909. Now I can't get it to go away even when I recompile libyara.net. It appears to be an assertion that originates in one of the nuget packages.

It looks like the NuGet packages are 64-bit only, and do not work with 32-Bit apps, will this support being compiled as 32-Bit?

{"Could not load file or assembly 'libyara.NET, Version=3.5.0.2, Culture=neutral, PublicKeyToken=176e062142c9110f' or one of its dependencies. The system cannot find the file specified.":"libyara.NET, Version=3.5.0.2, Culture=neutral, PublicKeyToken=176e062142c9110f"}

This is from FUSION logging:

LOG: Entering run-from-source setup phase.
LOG: Assembly Name is: libyara.NET, Version=3.5.0.2, Culture=neutral, PublicKeyToken=176e062142c9110f
ERR: Invalid assembly platform or ContentType in file (hr = 0x8007000b).
ERR: Run-from-source setup phase failed with hr = 0x8007000b.

syntax error, unexpected $end, expecting '}' on line 0 in file:

Should say file: [none] or remove in file: completely.

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

Hi,

Really can't find the issue here,

I have a working install on dev system with the YARA engine but when deployed the TestApp (from this project) to a server I get this:

Unhandled Exception: System.IO.FileNotFoundException: Could not load file or assembly 'libyara.NET.dll' or one of its dependencies. The specified module could not be found.

Have done all the usual dependency walking stuff, checking the file isnt locked (or obv missing) but still no joy.

I resorted to installing a new copy of VS2017 onto a virgin Windows Server 2016 box and then compiled this project and abd the TestApp aworked! Copy all the contents of microsoft\libyara.NET\TestApp\bin\x64\Debug to problem server and get the same error.

For me, it's either VS2017 is installing some dependency which this library needs or there is some lock to the machine it's compiled on - either way I can't figure it out so really appreciate any help or guidance on this.

Thanks.

J.

.NET 6 is the latest LTS supported version of .NET at the time of writing. Are there any plans to release a version of this library that targets NET 6+ and supports Linux?

Targetting .NET 6+ might simplify dependency choices for new consumers of this library moving forward (currently, there's a .NET Core and .NET Framework version of the nuget package to select between)

Hello,
We have upgraded to 4.2.0 and now a test that used to run is failing on our build server. This test still runs on the development machines, however, which probably indicates some concurrency issues.
The test is below and it fails on our build server with the error:
Error Message:
libyaraNET.CompilationException : Error compiling rules.
too many strings in rule "SetRules" (limit: 0) on line 10 in file: C:\jenkins\workspace\nuget-yara\libs\lib-magnet-yara\Magnet.Yara\Magnet.Yara.Test\bin\x64\Release\netcoreapp3.1..\..\..\..\TestRules\SetRules.yar
Stack Trace:
at libyaraNET.Compiler.AddRuleFile(String path) in D:\a_work\7\s\libyara.NET\Compiler.h:line 71
at Magnet.Yara.Tests.LibYaraLibraryTests.MultiCompilerTest() in C:\jenkins\workspace\nuget-yara\libs\lib-magnet-yara\Magnet.Yara\Magnet.Yara.Test\LibYaraLibraryTests.cs:line 47
--- End of stack trace from previous location where exception was thrown ---

[Fact]
        public async Task MultiCompilerTest()
        {
            // one single context
            using var _context = new YaraContext();
            var disposables = new List<Compiler>();

            var ruleFiles = Directory.GetFiles(_testRulesFolder)
                .Where(x => x.Contains("IncludeDependency.yar") || x.Contains("UnrelatedSettRules.yar") ||
                            x.Contains("SetRules.yar")).ToList();

            // multiple compilers, one per rule file
            foreach (var testFile in ruleFiles)
            {
                var compiler = new Compiler();
                compiler.AddRuleFile(testFile);
                disposables.Add(compiler);
            }

            var scanResults = new ConcurrentBag<ScanResult>();

            var testFiles = new List<string>
            {
                Path.Combine(_testDataFolder, "SetRulesTestData.txt"),
                Path.Combine(_testDataFolder, "SetRulesTestData5.txt"),
                Path.Combine(_testDataFolder, "SetRulesTestData.txt"),
                Path.Combine(_testDataFolder, "SetRulesTestData5.txt"),
                Path.Combine(_testDataFolder, "SetRulesTestData.txt"),
                Path.Combine(_testDataFolder, "SetRulesTestData5.txt"),
            };

            // get all the rules from all the compilers
            var rulesDict = disposables.ToDictionary(x => x, x => x.GetRules());

            // only use one single scanner
            var scanner = new Scanner();
            var workTasks = testFiles.Select(testFile => Task.Run(() =>
                {
                    _outputHelper.WriteLine($"Start processing on {testFile}");
                    using var stream = File.OpenRead(testFile);
                    foreach (var rules in rulesDict.Values)
                    {
                        // scan using all the rules from all compilers against the single file
                        scanner.ScanMemory(stream.ReadToEnd(), rules).ForEach(x => scanResults.Add(x));
                    }

                    Task.Delay(2000);
                    _outputHelper.WriteLine($"Finished scanning {testFile}");
                }))
                .ToList();

            await Task.WhenAll(workTasks);
            foreach (Compiler compiler in disposables)
            {
                compiler.Dispose();
            }

            Assert.Equal(12, scanResults.Count);
        }

Hello!
I notice that after scanning the file, the file is still in use and the handle is not closed properly.
Scanner.h > line 76 "auto fd = CreateFile(nativePath.c_str(),"

Hi,

Really can't find the issue here,

I have a working install on dev system with the YARA engine but when deployed the TestApp (from this project) to a server I get this:

Unhandled Exception: System.IO.FileNotFoundException: Could not load file or assembly 'libyara.NET.dll' or one of its dependencies. The specified module could not be found.

Have done all the usual dependency walking stuff, checking the file isnt locked (or obv missing) but still no joy.

I resorted to installing a new copy of VS2017 onto a virgin Windows Server 2016 box and then compiled this project and abd the TestApp aworked! Copy all the contents of microsoft\libyara.NET\TestApp\bin\x64\Debug to problem server and get the same error.

For me, it's either VS2017 is installing some dependency which this library needs or there is some lock to the machine it's compiled on - either way I can't figure it out so really appreciate any help or guidance on this.

Thanks.

J.

System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
at yr_compiler_create(_YR_COMPILER** )
at libyaraNET.Compiler..ctor()
at libyaraNET.Compiler.CompileRulesFile(String path)
at libyaraNET.QuickScan.Memory(IntPtr buffer, Int32 length, String rulesPath, ScanFlags flags)
at libyaraNET.QuickScan.Memory(Byte[] buffer, String rulesPath, ScanFlags flags)

LibyaraNet version 4.0.2

Hi - -as per my previous messages, this all works fine on dev environment but as soon as we move the testapp to a virgin Windows 2016 box we receive:

Unhandled Exception: System.IO.FileLoadException: Could not load file or assembly 'libyara.NET, Version=4.0.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A) ---> System.Security.SecurityException: Strong name validation failed. (Exception from HRESULT: 0x8013141A)

Somewhat driving us bonkers so any help would be appreciated.

I tried to add the package Microsoft.O365.Security.Native.libyara.NET.Core to my .net core project. I set it to build in x64 only. But I am getting this error message that say

Severity	Code	Description	Project	File	Line	Suppression State
Warning	NU1701	Package 'Microsoft.O365.Security.Native.libyara.NET.Core 4.0.3' was restored using '.NETFramework,Version=v4.6.1, .NETFramework,Version=v4.6.2, .NETFramework,Version=v4.7, .NETFramework,Version=v4.7.1, .NETFramework,Version=v4.7.2, .NETFramework,Version=v4.8' instead of the project target framework '.NETCoreApp,Version=v3.1'. This package may not be fully compatible with your project.

When I deploy the resulting project to windows it works okay, but if I try to use it in Linux I am getting some errors. Am I missing something? Is this package able to used in Linux? I tried to look online but couldn't find much help. Thanks!

I'm getting an exception:
Error compiling rules.
unknown module "hash"

I see modules are not supported, but would be really nice if they were. Feature request?

Hello guys.
How to update libyara into v.4.5.0 ? Thank you.

Edit:
I manually update mine.