Introduction to yara-ctypes-python

What is yara-ctypes:

  • A powerful python wrapper for yara-project’s libyara v1.6.
  • Supports thread safe matching of YARA rules.
  • namespace management to allow easy loading of multiple YARA rules into a single libyara context.
  • Comes with a scan module which exposes a user CLI and demonstrates a pattern for executing match jobs across a thread pool.

Why:

  • ctypes releases the GIL on system function calls... Run your PC to its true potential.
  • No more building the PyC extension...
  • I found a few bugs and memory leaks and wanted to make my life simple.

As a reference and guide to yara-ctypes see: yara-ctypes documentation

For additional tips / tricks with this wrapper feel free to post a question at the github yara-ctypes/issues page.

Project hosting provided by github.com.

[mjdorma+yara-ctypes@gmail.com]

Indices and tables