I understand that some tweaking might be necessary to the yara processor,
but I am wondering if something like this would be possbile.
If in the past I had stored the "strings" output of a particular file,
could I pump that into a modified yara processor and have everything work?
Are there some
You could do that. You would lose any capabilities based upon most of the
modules (PE, elf, etc). The math module would still work but I'm not sure how
relevant it would be. More importantly I'm not sure what doing this would get
you that running YARA on the original files wouldn't also get you,
