997a1efe |
/*
* Load, verify and execute ClamAV bytecode.
* |
e1cbc270 |
* Copyright (C) 2013-2019 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
* Copyright (C) 2009-2013 Sourcefire, Inc. |
997a1efe |
*
* Authors: Török Edvin
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
#ifndef BYTECODE_H
#define BYTECODE_H |
e030ba4f |
#include "clamav-types.h" |
997a1efe |
#include "clambc.h" |
250d92c5 |
#include <stdio.h> |
74b00233 |
#include "fmap.h" |
927d0548 |
#include "bytecode_detect.h" |
cf0cd429 |
|
997a1efe |
struct cli_dbio;
struct cli_bc_ctx;
struct cli_bc_func; |
3555ee75 |
struct cli_bc_value; |
7a9022c9 |
struct cli_bc_inst; |
8cc286f5 |
struct cli_bc_type; |
d1487222 |
struct cli_bc_engine; |
53bd5bb1 |
struct cli_bc_dbgnode; |
d1487222 |
struct bitset_tag; |
ab636570 |
struct cl_engine; |
997a1efe |
|
6922903a |
enum bc_state { |
4789b8a5 |
bc_skip, |
6922903a |
bc_loaded,
bc_jit, |
927d0548 |
bc_interp,
bc_disabled |
6922903a |
};
|
997a1efe |
struct cli_bc { |
54402320 |
struct bytecode_metadata metadata;
unsigned id;
unsigned kind;
unsigned num_types;
unsigned num_func;
struct cli_bc_func *funcs;
struct cli_bc_type *types;
uint64_t **globals;
uint16_t *globaltys;
size_t num_globals;
enum bc_state state;
struct bitset_tag *uses_apis;
char *lsig;
char *vnameprefix;
char **vnames;
unsigned vnames_cnt;
uint16_t start_tid;
struct cli_bc_dbgnode *dbgnodes;
unsigned dbgnode_cnt;
unsigned hook_lsig_id;
unsigned trusted;
uint32_t numGlobalBytes;
uint8_t *globalBytes;
uint32_t sigtime_id, sigmatch_id; |
288057e9 |
char *hook_name; |
d1487222 |
};
struct cli_all_bc {
struct cli_bc *all_bcs;
unsigned count;
struct cli_bcengine *engine; |
927d0548 |
struct cli_environment env; |
288057e9 |
int inited; |
997a1efe |
};
|
ab636570 |
struct cli_pe_hook_data; |
236fb136 |
struct cli_exe_section; |
dc200c6b |
struct pdf_obj; |
7a9022c9 |
struct cli_bc_ctx *cli_bytecode_context_alloc(void); |
3ae0a76d |
/* FIXME: we can't include others.h because others.h includes us...*/
void cli_bytecode_context_setctx(struct cli_bc_ctx *ctx, void *cctx); |
30188fcc |
int cli_bytecode_context_setfuncid(struct cli_bc_ctx *ctx, const struct cli_bc *bc, unsigned funcid); |
7a9022c9 |
int cli_bytecode_context_setparam_int(struct cli_bc_ctx *ctx, unsigned i, uint64_t c);
int cli_bytecode_context_setparam_ptr(struct cli_bc_ctx *ctx, unsigned i, void *data, unsigned datalen); |
74b00233 |
int cli_bytecode_context_setfile(struct cli_bc_ctx *ctx, fmap_t *map); |
236fb136 |
int cli_bytecode_context_setpe(struct cli_bc_ctx *ctx, const struct cli_pe_hook_data *data, const struct cli_exe_section *sections); |
1158b285 |
int cli_bytecode_context_setpdf(struct cli_bc_ctx *ctx, unsigned phase, unsigned nobjs, struct pdf_obj **objs, uint32_t *pdf_flags, uint32_t pdfsize, uint32_t pdfstartoff); |
7a9022c9 |
int cli_bytecode_context_clear(struct cli_bc_ctx *ctx); |
3ae0a76d |
/* returns file descriptor, sets tempfile. Caller takes ownership, and is
* responsible for freeing/unlinking */
int cli_bytecode_context_getresult_file(struct cli_bc_ctx *ctx, char **tempfilename); |
f3b2dc9e |
uint64_t cli_bytecode_context_getresult_int(struct cli_bc_ctx *ctx); |
7a9022c9 |
void cli_bytecode_context_destroy(struct cli_bc_ctx *ctx); |
997a1efe |
|
853b6e5d |
#ifdef __cplusplus
extern "C" {
#endif |
2487a4a3 |
extern int have_clamjit; |
853b6e5d |
#ifdef __cplusplus
}
#endif |
927d0548 |
int cli_bytecode_init(struct cli_all_bc *allbc); |
54402320 |
int cli_bytecode_load(struct cli_bc *bc, FILE *f, struct cli_dbio *dbio, int security, int sigperf); |
540fc128 |
int cli_bytecode_prepare2(struct cl_engine *engine, struct cli_all_bc *allbc, unsigned dconfmask); |
85a25497 |
int cli_bytecode_run(const struct cli_all_bc *bcs, const struct cli_bc *bc, struct cli_bc_ctx *ctx); |
997a1efe |
void cli_bytecode_destroy(struct cli_bc *bc); |
d1487222 |
int cli_bytecode_done(struct cli_all_bc *allbc); |
0ff13b31 |
/* Bytecode IR descriptions */ |
a35cfe51 |
void cli_bytecode_describe(const struct cli_bc *bc); |
0ff13b31 |
void cli_bytetype_describe(const struct cli_bc *bc);
void cli_bytevalue_describe(const struct cli_bc *bc, unsigned funcid);
void cli_byteinst_describe(const struct cli_bc_inst *inst, unsigned *bbnum);
void cli_bytefunc_describe(const struct cli_bc *bc, unsigned funcid);
|
d38d6dad |
/* Hooks */ |
ab636570 |
struct cli_exe_info; |
f4e34215 |
struct cli_ctx_tag; |
762d46e8 |
struct cli_target_info; |
288057e9 |
int cli_bytecode_runlsig(struct cli_ctx_tag *ctx, struct cli_target_info *info, const struct cli_all_bc *bcs, unsigned bc_idx, const uint32_t *lsigcnt, const uint32_t *lsigsuboff, fmap_t *map); |
6ad45a29 |
int cli_bytecode_runhook(struct cli_ctx_tag *cctx, const struct cl_engine *engine, struct cli_bc_ctx *ctx, unsigned id, fmap_t *map); |
d38d6dad |
|
29227461 |
#ifdef __cplusplus
extern "C" {
#endif
|
0a11015b |
int bytecode_init(void);
/* Bytecode internal debug API */ |
29227461 |
void cli_bytecode_debug(int argc, char **argv); |
12c6a97e |
void cli_bytecode_printversion(void); |
65c740d7 |
void cli_bytecode_debug_printsrc(const struct cli_bc_ctx *ctx); |
2a7f1cda |
void cli_printcxxver(void); |
0a11015b |
|
288057e9 |
typedef void (*bc_dbg_callback_trace)(struct cli_bc_ctx *, unsigned event);
typedef void (*bc_dbg_callback_trace_op)(struct cli_bc_ctx *, const char *op);
typedef void (*bc_dbg_callback_trace_val)(struct cli_bc_ctx *, const char *name, uint32_t value);
typedef void (*bc_dbg_callback_trace_ptr)(struct cli_bc_ctx *, const void *val);
void cli_bytecode_context_set_trace(struct cli_bc_ctx *, unsigned level,
bc_dbg_callback_trace,
bc_dbg_callback_trace_op,
bc_dbg_callback_trace_val,
bc_dbg_callback_trace_ptr); |
54402320 |
void cli_sigperf_print(void);
void cli_sigperf_events_destroy(void); |
29227461 |
#ifdef __cplusplus
}
#endif |
1a486dca |
|
997a1efe |
#endif |