| ca019d6d |
/* |
| c442ca9c |
* Copyright (C) 2013-2019 Cisco Systems, Inc. and/or its affiliates. All rights reserved. |
| ca019d6d |
* Copyright (C) 2013 Sourcefire, Inc.
*
* Authors: David Raynor <draynor@sourcefire.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
#ifndef __DMG_H
#define __DMG_H
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
|
| 95b2d68c |
#include "clamav-types.h" |
| ca019d6d |
#include "others.h"
|
| 217295cc |
/* Simple stripe types */
#define DMG_STRIPE_EMPTY 0x00000000
#define DMG_STRIPE_STORED 0x00000001
#define DMG_STRIPE_ZEROES 0x00000002
/* Compressed stripe type */
#define DMG_STRIPE_ADC 0x80000004
#define DMG_STRIPE_DEFLATE 0x80000005
#define DMG_STRIPE_BZ 0x80000006
/* Stripe types that are only seen with sector count zero */
#define DMG_STRIPE_SKIP 0x7FFFFFFE
#define DMG_STRIPE_END 0xFFFFFFFF
/* So far, this has been constant */
#define DMG_SECTOR_SIZE 512
|
| ca019d6d |
#ifndef HAVE_ATTRIB_PACKED
#define __attribute__(x)
#endif
#ifdef HAVE_PRAGMA_PACK
#pragma pack(1)
#endif
#ifdef HAVE_PRAGMA_PACK_HPPA
#pragma pack 1
#endif
/* 512-byte block, remember these are big-endian! */
struct dmg_koly_block {
uint32_t magic __attribute__ ((packed));
uint32_t version __attribute__ ((packed));
uint32_t headerLength __attribute__ ((packed));
uint32_t flags __attribute__ ((packed));
uint64_t runningOffset __attribute__ ((packed));
uint64_t dataForkOffset __attribute__ ((packed));
uint64_t dataForkLength __attribute__ ((packed));
uint64_t resourceForkOffset __attribute__ ((packed));
uint64_t resourceForkLength __attribute__ ((packed));
uint32_t segment __attribute__ ((packed));
uint32_t segmentCount __attribute__ ((packed));
/* technically uuid */
uint8_t segmentID[16];
uint32_t dataChecksumFields[34] __attribute__ ((packed));
uint64_t xmlOffset __attribute__ ((packed));
uint64_t xmlLength __attribute__ ((packed));
uint8_t padding[120];
uint32_t masterChecksumFields[34] __attribute__ ((packed));
uint32_t imageVariant __attribute__ ((packed));
uint64_t sectorCount __attribute__ ((packed));
uint32_t reserved[3] __attribute__ ((packed));
};
/* 204-byte block, still big-endian */
struct dmg_mish_block { |
| 217295cc |
uint32_t magic __attribute__ ((packed));
uint32_t version __attribute__ ((packed)); |
| ca019d6d |
|
| 217295cc |
uint64_t startSector __attribute__ ((packed));
uint64_t sectorCount __attribute__ ((packed));
uint64_t dataOffset __attribute__ ((packed));
uint32_t bufferCount __attribute__ ((packed));
uint32_t descriptorBlocks __attribute__ ((packed)); |
| ca019d6d |
uint8_t reserved[24];
|
| 217295cc |
uint32_t checksum[34] __attribute__ ((packed));
uint32_t blockDataCount __attribute__ ((packed));
};
/* 40-byte block, big-endian */
struct dmg_block_data {
uint32_t type __attribute__ ((packed));
uint32_t reserved __attribute__ ((packed));
uint64_t startSector __attribute__ ((packed));
uint64_t sectorCount __attribute__ ((packed));
uint64_t dataOffset __attribute__ ((packed));
uint64_t dataLength __attribute__ ((packed));
};
struct dmg_mish_with_stripes {
struct dmg_mish_block *mish;
struct dmg_block_data *stripes; |
| bc4b91ec |
struct dmg_mish_with_stripes *next; |
| ca019d6d |
};
#ifdef HAVE_PRAGMA_PACK
#pragma pack()
#endif
#ifdef HAVE_PRAGMA_PACK_HPPA
#pragma pack
#endif
int cli_scandmg(cli_ctx *ctx);
#endif |