[Forensics-changes] [yara] 132/368: Document CALLBACK_MSG_MODULE_IMPORTED.

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.5.0
in repository yara.

commit c21eb6ba6f62a8bc4cfc922c15a6dcff334556c0
Author: Wesley Shields <wxs at atarininja.org>
Date:   Sat Jan 2 20:30:38 2016 -0500

    Document CALLBACK_MSG_MODULE_IMPORTED.
    
    Looks like this was never documented in the recent changes.
---
 docs/capi.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/capi.rst b/docs/capi.rst
index 6d0428a..240b5c9 100644
--- a/docs/capi.rst
+++ b/docs/capi.rst
@@ -156,6 +156,7 @@ Possible values for ``message`` are::
   CALLBACK_MSG_RULE_NOT_MATCHING
   CALLBACK_MSG_SCAN_FINISHED
   CALLBACK_MSG_IMPORT_MODULE
+  CALLBACK_MSG_MODULE_IMPORTED
 
 Your callback function will be called once for each rule with either
 a ``CALLBACK_MSG_RULE_MATCHING`` or ``CALLBACK_MSG_RULE_NOT_MATCHING`` message,
@@ -175,6 +176,11 @@ while setting ``module_data_size`` to the size of the data. This way you can
 pass additional data to those modules requiring it, like the
 :ref:`Cuckoo-module` for example.
 
+The callback is also called once for each file that is scanned by each module
+that is imported. When this happens ``message_data`` points to a
+:c:type:`YR_OBJECT_STRUCTURE` structure. This structure contains all the
+information from the module, including any stored data and functions.
+
 Lastly, the callback function is also called with the
 ``CALLBACK_MSG_SCAN_FINISHED`` message when the scan is finished. In this case
 ``message_data`` is ``NULL``.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git