e0c4fd85 |
/*
* Load, verify and execute ClamAV bytecode.
* |
c442ca9c |
* Copyright (C) 2013-2019 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
* Copyright (C) 2009-2013 Sourcefire, Inc. |
e0c4fd85 |
*
* Authors: Török Edvin
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
#ifndef BYTECODE_PRIV_H
#define BYTECODE_PRIV_H |
8cc286f5 |
|
75e18b29 |
#include <zlib.h> |
0a11015b |
#include "bytecode.h" |
8cc286f5 |
#include "type_desc.h" |
88815fd8 |
#include "execs.h"
#include "bytecode_hooks.h" |
74b00233 |
#include "fmap.h" |
2d45ef06 |
#include "mpool.h" |
7b33a366 |
#include "hashtab.h" |
8a8dbd59 |
#include "events.h" |
46e2863c |
|
e0c4fd85 |
typedef uint32_t operand_t;
typedef uint16_t bbid_t;
typedef uint16_t funcid_t;
struct cli_bc_callop {
operand_t* ops; |
6922903a |
uint16_t* opsizes; |
e0c4fd85 |
funcid_t funcid; |
2545f976 |
uint8_t numOps; |
e0c4fd85 |
};
struct branch {
operand_t condition;
bbid_t br_true;
bbid_t br_false;
};
struct cli_bc_cast {
uint64_t mask; |
82ca2ab4 |
operand_t source;
uint8_t size;/* 0: 1-bit, 1: 8b, 2: 16b, 3: 32b, 4: 64b */ |
e0c4fd85 |
}; |
82ca2ab4 |
typedef uint8_t interp_op_t; |
e0c4fd85 |
struct cli_bc_inst {
enum bc_opcode opcode;
uint16_t type; |
f3b2dc9e |
operand_t dest; |
2545f976 |
interp_op_t interp_op;/* opcode for interpreter */ |
e0c4fd85 |
union { |
90c0acc7 |
operand_t unaryop;
struct cli_bc_cast cast;
operand_t binop[2];
operand_t three[3];
struct cli_bc_callop ops;
struct branch branch;
bbid_t jump; |
e0c4fd85 |
} u;
};
struct cli_bc_bb {
unsigned numInsts;
struct cli_bc_inst *insts;
};
struct cli_bc_func {
uint8_t numArgs;
uint16_t numLocals;
uint32_t numInsts; |
6922903a |
uint32_t numValues;/* without constants */ |
e0c4fd85 |
uint32_t numConstants; |
6922903a |
uint32_t numBytes;/* stack size */ |
e0c4fd85 |
uint16_t numBB; |
3b33bd68 |
uint16_t returnType; |
e0c4fd85 |
uint16_t *types;
uint32_t insn_idx;
struct cli_bc_bb *BB;
struct cli_bc_inst *allinsts; |
6922903a |
uint64_t *constants; |
53bd5bb1 |
unsigned *dbgnodes; |
e0c4fd85 |
}; |
53bd5bb1 |
struct cli_bc_dbgnode_element {
unsigned nodeid;
unsigned len; |
2545f976 |
char *string; |
53bd5bb1 |
uint64_t constant;
};
struct cli_bc_dbgnode {
unsigned numelements;
struct cli_bc_dbgnode_element* elements;
};
|
6922903a |
#define MAX_OP ~0u |
0a11015b |
enum trace_level {
trace_none=0,
trace_func,
trace_param,
trace_scope,
trace_line,
trace_col,
trace_op,
trace_val
}; |
6ad39a40 |
struct bc_buffer {
unsigned char *data;
unsigned size;
unsigned write_cursor;
unsigned read_cursor;
};
struct bc_inflate {
z_stream stream;
int32_t from;
int32_t to;
int8_t needSync;
};
|
b00a7cc8 |
struct bc_jsnorm {
struct parser_state *state;
int32_t from;
};
|
8a8dbd59 |
enum bc_events {
BCEV_VIRUSNAME,
BCEV_EXEC_RETURNVALUE,
BCEV_WRITE,
BCEV_OFFSET,
BCEV_READ,
BCEV_DBG_STR,
BCEV_DBG_INT,
BCEV_MEM_1,
BCEV_MEM_2,
BCEV_FIND,
BCEV_EXTRACTED,
BCEV_EXEC_TIME,
/* API failures (that are not serious), count must be 0 for testmode */
BCEV_API_WARN_BEGIN,
BCEV_READ_ERR,
BCEV_DISASM_FAIL,
BCEV_API_WARN_END,
/* real errors (write failure) are reported via cli_event_error_str */
BCEV_LASTEVENT
};
|
e0c4fd85 |
struct cli_bc_ctx { |
99536a17 |
uint8_t timeout;/* must be first byte in struct! */ |
2545f976 |
uint16_t funcid;
unsigned numParams; |
e0c4fd85 |
/* id and params of toplevel function called */ |
30188fcc |
const struct cli_bc *bc;
const struct cli_bc_func *func; |
b63681a5 |
uint32_t bytecode_timeout; |
6922903a |
unsigned bytes;
uint16_t *opsizes;
char *values; |
e0c4fd85 |
operand_t *operands; |
0fa95ef2 |
uint32_t file_size; |
2545f976 |
int outfd; |
4789b8a5 |
off_t off; |
74b00233 |
fmap_t *fmap; |
7a7365ef |
fmap_t *save_map; |
d38d6dad |
const char *virname; |
88815fd8 |
struct cli_bc_hooks hooks; |
1dae00eb |
struct cli_exe_info exeinfo; |
70c222c9 |
uint32_t lsigcnt[64];
uint32_t lsigoff[64]; |
dc200c6b |
uint32_t pdf_nobjs; |
89d5207b |
struct pdf_obj **pdf_objs; |
dc200c6b |
uint32_t* pdf_flags;
uint32_t pdf_size;
uint32_t pdf_startoff;
unsigned pdf_phase;
int32_t pdf_dumpedid; |
236fb136 |
const struct cli_exe_section *sections; |
762d46e8 |
uint32_t resaddr; |
3ae0a76d |
char *tempfile;
void *ctx;
unsigned written; |
d9fbce26 |
unsigned filewritten;
unsigned found; |
2545f976 |
unsigned ninflates; |
0a11015b |
bc_dbg_callback_trace trace;
bc_dbg_callback_trace_op trace_op;
bc_dbg_callback_trace_val trace_val; |
688799d1 |
bc_dbg_callback_trace_ptr trace_ptr; |
0a11015b |
const char *directory;
const char *file; |
65c740d7 |
const char *scope; |
2545f976 |
unsigned trace_level; |
65c740d7 |
uint32_t scopeid; |
0a11015b |
unsigned line;
unsigned col; |
2d45ef06 |
mpool_t *mpool; |
6ad39a40 |
struct bc_inflate* inflates;
struct bc_buffer *buffers;
unsigned nbuffers; |
7b33a366 |
unsigned nhashsets; |
b00a7cc8 |
unsigned njsnorms;
unsigned jsnormwritten; |
2545f976 |
struct cli_hashset *hashsets;
struct bc_jsnorm* jsnorms;
char *jsnormdir; |
7a7365ef |
struct cli_map *maps;
unsigned nmaps;
unsigned containertype;
unsigned extracted_file_input; |
d5ffa2ac |
const struct cli_environment *env;
unsigned bytecode_disable_status; |
8a8dbd59 |
cli_events_t *bc_events; |
4116c65d |
int on_jit;
int no_diff; |
f3575db2 |
#if HAVE_JSON |
3107a6c2 |
void **jsonobjs; |
f3575db2 |
unsigned njsonobjs;
#endif |
e0c4fd85 |
}; |
d1487222 |
struct cli_all_bc; |
ec5cccc7 |
int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct cli_bc_func *func, const struct cli_bc_inst *inst); |
d1487222 |
#ifdef __cplusplus
extern "C" {
#endif
|
85a25497 |
int cli_vm_execute_jit(const struct cli_all_bc *bcs, struct cli_bc_ctx *ctx, const struct cli_bc_func *func); |
d1487222 |
int cli_bytecode_prepare_jit(struct cli_all_bc *bc); |
6eeadbfe |
int cli_bytecode_init_jit(struct cli_all_bc *bc, unsigned dconfmask); |
a5a19f45 |
int cli_bytecode_done_jit(struct cli_all_bc *bc, int partial); |
d1487222 |
#ifdef __cplusplus
}
#endif |
e0c4fd85 |
#endif |