997a1efe |
/*
* ClamAV bytecode definitions.
* |
c442ca9c |
* Copyright (C) 2013-2019 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
* Copyright (C) 2009-2013 Sourcefire, Inc. |
997a1efe |
*
* Authors: Török Edvin
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
#ifndef CLAMBC_H
#define CLAMBC_H
struct bytecode_metadata { |
a35cfe51 |
char *compiler;
char *sigmaker;
uint64_t timestamp; |
3735fda1 |
unsigned formatlevel;
unsigned minfunc, maxfunc;
unsigned maxresource;/* reserved */ |
a35cfe51 |
unsigned targetExclude; |
997a1efe |
};
|
3735fda1 |
#define BC_FORMAT_096 6
#define BC_FORMAT_LEVEL 7 |
997a1efe |
#define BC_HEADER "ClamBC"
enum bc_opcode { |
52dd3a6b |
OP_BC_ADD=1,
OP_BC_SUB,
OP_BC_MUL,
OP_BC_UDIV,
OP_BC_SDIV,
OP_BC_UREM,
OP_BC_SREM,
OP_BC_SHL,
OP_BC_LSHR,
OP_BC_ASHR,
OP_BC_AND,
OP_BC_OR,
OP_BC_XOR, |
997a1efe |
|
52dd3a6b |
OP_BC_TRUNC,
OP_BC_SEXT,
OP_BC_ZEXT, |
c3c97d4a |
|
52dd3a6b |
OP_BC_BRANCH,
OP_BC_JMP,
OP_BC_RET,
OP_BC_RET_VOID, |
997a1efe |
|
52dd3a6b |
OP_BC_ICMP_EQ,
OP_BC_ICMP_NE,
OP_BC_ICMP_UGT,
OP_BC_ICMP_UGE,
OP_BC_ICMP_ULT,
OP_BC_ICMP_ULE,
OP_BC_ICMP_SGT,
OP_BC_ICMP_SGE,
OP_BC_ICMP_SLE,
OP_BC_ICMP_SLT,
OP_BC_SELECT,
OP_BC_CALL_DIRECT,
OP_BC_CALL_API,
OP_BC_COPY,
OP_BC_GEP1, |
9463f9fd |
OP_BC_GEPZ, |
52dd3a6b |
OP_BC_GEPN,
OP_BC_STORE,
OP_BC_LOAD, |
250d92c5 |
OP_BC_MEMSET,
OP_BC_MEMCPY,
OP_BC_MEMMOVE,
OP_BC_MEMCMP,
OP_BC_ISBIGENDIAN,
OP_BC_ABORT, |
8997b147 |
OP_BC_BSWAP16,
OP_BC_BSWAP32,
OP_BC_BSWAP64, |
4395bb9a |
OP_BC_PTRDIFF32, |
44e13431 |
OP_BC_PTRTOINT64, |
52dd3a6b |
OP_BC_INVALID /* last */ |
997a1efe |
};
static const unsigned char operand_counts[] = {
0,
/* ADD -> XOR */
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
/* TRUNC -> ZEXT */ |
3555ee75 |
1, 1, 1, |
c3c97d4a |
/* BRANCH, JMP, RET */ |
dcee45cc |
3, 1, 1, 0, |
997a1efe |
/* ICMP */
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
/* SELECT */ |
a0d6fec0 |
3,
/* CALLs have variable number of operands */ |
8cc286f5 |
0, 0, |
52dd3a6b |
/* OP_BC_COPY */ |
f98c07e5 |
2, |
9463f9fd |
/* OP_BC_GEP1, OP_BC_GEPZ, OP_BC_GEPN, OP_BC_STORE, OP_BC_LOAD*/
3, 3, 0, 2, 1, |
250d92c5 |
/* OP_MEM* */
3, 3, 3, 3,
/* OP_BC_ISBIGENDIAN */
0, |
44e13431 |
/* OP_BC_ABORT, OP_BSWAP*, OP_PTRDIFF32, OP_PTRINT64 */
0, 1, 1, 1, 2, 1 |
997a1efe |
}; |
8cc286f5 |
|
88815fd8 |
enum bc_global {
_FIRST_GLOBAL = 0x8000,
GLOBAL_MATCH_COUNTS = 0x8000,
GLOBAL_KIND, |
ec41017b |
GLOBAL_VIRUSNAMES, |
250d92c5 |
GLOBAL_PEDATA, |
0fa95ef2 |
GLOBAL_FILESIZE, |
1c4683ac |
GLOBAL_MATCH_OFFSETS, |
88815fd8 |
_LAST_GLOBAL |
dcee45cc |
}; |
8cc286f5 |
|
dcee45cc |
#define BC_START_TID 69 |
997a1efe |
#endif |