Some days you just gotta write some C to stay sane

yarable.c

#include "yara.h"
#include "stdio.h"

int callback_function(int, void*, void*);

int main() {
	int ret = yr_initialize();
	YR_COMPILER* compiler = malloc(sizeof(YR_COMPILER));
        int compiler_create = yr_compiler_create(&compiler);

	// some rule
    char* yara_rule_str = "import \"pe\"\nrule HelloWorld : Hello World\n{\n\tmeta:\n   my_identifier_1 = \"Some string data\"\n   my_identifier_2 = 24\n   my_identifier_3 = true\n\tstrings:\n\t\t$a = \"Hello world\"\n\n\tcondition:\n\t\t$a\n}rule NoMatch \n{\n\tmeta:\n    my_identifier_1 = \"Some string data\"\n    my_identifier_2 = 24\n    my_identifier_3 = true\n\tstrings:\n\t\t$a = \"nomatch\"\n\n\tcondition:\n\t\t$a\n}";

	ret = yr_compiler_add_string(compiler, yara_rule_str, NULL);

	//int yr_rules_scan_mem(YR_RULES* rules, uint8_t* buffer, size_t buffer_size, int flags, YR_CALLBACK_FUNC callback, void* user_data, int timeout);

	int (*ptrFunc)(int, void*, void*);
	ptrFunc = callback_function;

	YR_RULES* rules = malloc(sizeof(YR_RULES));
	ret = yr_compiler_get_rules(compiler,&rules);

	uint8_t* buffer = "Hello world";

	for (int i = 0; i < 256; ++i) {
	  ret = yr_rules_scan_mem(rules, buffer, 12, 0, ptrFunc, NULL, 10000);
	}
	printf("Returning %d\n", ret);
	return ret;
}

int callback_function(
    int message,
    void* message_data,
    void* user_data) {

	switch (message) {
		case CALLBACK_MSG_RULE_MATCHING:
			printf("Match!\n");
			break;
		case CALLBACK_MSG_RULE_NOT_MATCHING:
			printf("No Match!\n");
			break;
		case CALLBACK_MSG_SCAN_FINISHED:
			printf("Scan done!\n");
			break;
		case CALLBACK_MSG_IMPORT_MODULE:
			printf("Import!\n");
			break;
		case CALLBACK_MSG_MODULE_IMPORTED:
			printf("Imported!\n");
			break;
	}

	return 0;
}