Introduction to yara-ctypes-python¶
What is yara-ctypes:
- A powerful python wrapper for yara-project’s libyara v1.6.
- Supports thread safe matching of YARA rules.
- namespace management to allow easy loading of multiple YARA rules into a single libyara context.
- Comes with a scan module which exposes a user CLI and demonstrates a pattern for executing match jobs across a thread pool.
Why:
- ctypes releases the GIL on system function calls... Run your PC to its true potential.
- No more building the PyC extension...
- I found a few bugs and memory leaks and wanted to make my life simple.
As a reference and guide to yara-ctypes see: yara-ctypes documentation
For additional tips / tricks with this wrapper feel free to post a question at the github yara-ctypes/issues page.
Project hosting provided by github.com.