Closed dadokkio closed 3 months ago
serialize_into
is the way for saving compiled rules to a file, the file format is different from the one used in yara
. You can't load a file generated by yara
with yara-x
or viceversa.
Ok, that's what I thought. My workflow is to generate a single yara rule to be used in volatility3 for some plugins (eg. yarascan). So for now I cannot replace rule generation because it's not compatible, but I'll try to add support for serialized yara-x rule there.
Sorry to add other question to this closed topic but not sure if this requires a dedicated ones. In yara-python the matched object had also a matched_data attribute with the string value that matched in addition to the identifier. Now that seems to be not available anymore so I'm obtaining it slicing data using offset and length. It's this correct?
Hi, I was using the rule save functionality in order to merge multiple yara rules in a single file. Something like:
I was looking for something similar in yara-x but the only save related functionality is the rule serialize_info function but the generated file is different for the old save one. Will the save option be added to rule? There is another way to obtain same functionality?