... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Fri May 7 09:56:57 EEST 2010 (edwin) |
|
2 |
+------------------------------------- |
|
3 |
+ * libclamav/bytecode*: add match_offsets support. |
|
4 |
+ |
|
1 | 5 |
Wed May 5 21:28:04 CEST 2010 (tk) |
2 | 6 |
---------------------------------- |
3 | 7 |
* shared/output.c: workaround FreeBSD's file locking issue (bb#1918) |
... | ... |
@@ -386,6 +386,7 @@ int main(int argc, char *argv[]) |
386 | 386 |
} |
387 | 387 |
/* for testing */ |
388 | 388 |
ctx->hooks.match_counts = deadbeefcounts; |
389 |
+ ctx->hooks.match_offsets = deadbeefcounts; |
|
389 | 390 |
rc = cli_bytecode_run(&bcs, bc, ctx); |
390 | 391 |
if (rc != CL_SUCCESS) { |
391 | 392 |
fprintf(stderr,"Unable to run bytecode: %s\n", cl_strerror(rc)); |
... | ... |
@@ -49,6 +49,24 @@ static const uint32_t nomatch[64] = { |
49 | 49 |
0, 0, 0, 0, 0, 0, 0, 0, |
50 | 50 |
0, 0, 0, 0, 0, 0, 0, 0 |
51 | 51 |
}; |
52 |
+static const uint32_t nooffsets[64] = { |
|
53 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
54 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
55 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
56 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
57 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
58 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
59 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
60 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
61 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
62 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
63 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
64 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
65 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
66 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
67 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, |
|
68 |
+ CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE, CLI_OFF_NONE |
|
69 |
+}; |
|
52 | 70 |
|
53 | 71 |
static const uint16_t nokind; |
54 | 72 |
static const uint32_t nofilesize; |
... | ... |
@@ -61,6 +79,8 @@ static void context_safe(struct cli_bc_ctx *ctx) |
61 | 61 |
ctx->hooks.kind = &nokind; |
62 | 62 |
if (!ctx->hooks.match_counts) |
63 | 63 |
ctx->hooks.match_counts = nomatch; |
64 |
+ if (!ctx->hooks.match_offsets) |
|
65 |
+ ctx->hooks.match_counts = nooffsets; |
|
64 | 66 |
if (!ctx->hooks.filesize) |
65 | 67 |
ctx->hooks.filesize = &nofilesize; |
66 | 68 |
if (!ctx->hooks.pedata) |
... | ... |
@@ -1940,6 +1960,7 @@ int cli_bytecode_runlsig(cli_ctx *cctx, const struct cli_all_bc *bcs, unsigned b |
1940 | 1940 |
memset(&ctx, 0, sizeof(ctx)); |
1941 | 1941 |
cli_bytecode_context_setfuncid(&ctx, bc, 0); |
1942 | 1942 |
ctx.hooks.match_counts = lsigcnt; |
1943 |
+ ctx.hooks.match_offsets = lsigsuboff; |
|
1943 | 1944 |
cli_bytecode_context_setctx(&ctx, cctx); |
1944 | 1945 |
cli_bytecode_context_setfile(&ctx, map); |
1945 | 1946 |
|
... | ... |
@@ -54,6 +54,12 @@ enum BytecodeKind { |
54 | 54 |
|
55 | 55 |
enum { PE_INVALID_RVA = 0xFFFFFFFF }; |
56 | 56 |
|
57 |
+/** LibClamAV functionality level constants */ |
|
58 |
+enum FunctionalityLevels { |
|
59 |
+ FUNC_LEVEL_096 = 51, |
|
60 |
+ FUNC_LEVEL_096_dev |
|
61 |
+}; |
|
62 |
+ |
|
57 | 63 |
#ifdef __CLAMBC__ |
58 | 64 |
|
59 | 65 |
/** @brief Logical signature match counts |
... | ... |
@@ -62,6 +68,13 @@ enum { PE_INVALID_RVA = 0xFFFFFFFF }; |
62 | 62 |
* access it. |
63 | 63 |
* */ |
64 | 64 |
extern const uint32_t __clambc_match_counts[64]; |
65 |
+ |
|
66 |
+/** @brief Logical signature match offsets |
|
67 |
+ * This is a low-level variable, use the Macros in bytecode_local.h instead to |
|
68 |
+ * access it. |
|
69 |
+ */ |
|
70 |
+extern const uint32_t __clambc_match_offsets[64]; |
|
71 |
+ |
|
65 | 72 |
/** PE data, if this is a PE hook */ |
66 | 73 |
extern const struct cli_pe_hook_data __clambc_pedata; |
67 | 74 |
/** File size (max 4G) */ |
... | ... |
@@ -81,6 +81,8 @@ int32_t cli_bcapi_jsnorm_done(struct cli_bc_ctx *ctx , int32_t); |
81 | 81 |
|
82 | 82 |
const struct cli_apiglobal cli_globals[] = { |
83 | 83 |
/* Bytecode globals BEGIN */ |
84 |
+ {"__clambc_match_offsets", GLOBAL_MATCH_OFFSETS, 76, |
|
85 |
+ ((char*)&((struct cli_bc_ctx*)0)->hooks.match_offsets - (char*)NULL)}, |
|
84 | 86 |
{"__clambc_kind", GLOBAL_KIND, 16, |
85 | 87 |
((char*)&((struct cli_bc_ctx*)0)->hooks.kind - (char*)NULL)}, |
86 | 88 |
{"__clambc_match_counts", GLOBAL_MATCH_COUNTS, 76, |
... | ... |
@@ -62,11 +62,11 @@ struct pe_image_optional_hdr32 { |
62 | 62 |
uint32_t FileAlignment; /**< usually 32 or 512 */ |
63 | 63 |
uint16_t MajorOperatingSystemVersion; /**< not used */ |
64 | 64 |
uint16_t MinorOperatingSystemVersion; /**< not used */ |
65 |
- uint16_t MajorImageVersion; /** unreliable */ |
|
66 |
- uint16_t MinorImageVersion; /** unreliable */ |
|
65 |
+ uint16_t MajorImageVersion; /**< unreliable */ |
|
66 |
+ uint16_t MinorImageVersion; /**< unreliable */ |
|
67 | 67 |
uint16_t MajorSubsystemVersion; |
68 | 68 |
uint16_t MinorSubsystemVersion; |
69 |
- uint32_t Win32VersionValue; /* ? */ |
|
69 |
+ uint32_t Win32VersionValue; /*< ? */ |
|
70 | 70 |
uint32_t SizeOfImage; |
71 | 71 |
uint32_t SizeOfHeaders; |
72 | 72 |
uint32_t CheckSum; /**< NT drivers only */ |
... | ... |
@@ -76,7 +76,7 @@ struct pe_image_optional_hdr32 { |
76 | 76 |
uint32_t SizeOfStackCommit; |
77 | 77 |
uint32_t SizeOfHeapReserve; |
78 | 78 |
uint32_t SizeOfHeapCommit; |
79 |
- uint32_t LoaderFlags; /* ? */ |
|
79 |
+ uint32_t LoaderFlags; /*< ? */ |
|
80 | 80 |
uint32_t NumberOfRvaAndSizes; /**< unreliable */ |
81 | 81 |
struct pe_image_data_dir DataDirectory[16]; |
82 | 82 |
}; |
... | ... |
@@ -138,14 +138,14 @@ struct pe_image_section_hdr { |
138 | 138 |
/** Data for the bytecode PE hook */ |
139 | 139 |
struct cli_pe_hook_data { |
140 | 140 |
uint32_t offset; |
141 |
- uint32_t ep; |
|
142 |
- uint16_t nsections; |
|
141 |
+ uint32_t ep; /**< EntryPoint as file offset */ |
|
142 |
+ uint16_t nsections;/**< Number of sections */ |
|
143 | 143 |
uint16_t dummy; /* align */ |
144 |
- struct pe_image_file_hdr file_hdr; |
|
145 |
- struct pe_image_optional_hdr32 opt32; |
|
144 |
+ struct pe_image_file_hdr file_hdr;/**< Header for this PE file */ |
|
145 |
+ struct pe_image_optional_hdr32 opt32; /**< 32-bit PE optional header */ |
|
146 | 146 |
uint32_t dummy2; /* align */ |
147 |
- struct pe_image_optional_hdr64 opt64; |
|
148 |
- struct pe_image_data_dir dirs[16]; |
|
147 |
+ struct pe_image_optional_hdr64 opt64;/**< 64-bit PE optional header */ |
|
148 |
+ struct pe_image_data_dir dirs[16]; /**< PE data directory header */ |
|
149 | 149 |
uint32_t e_lfanew;/**< address of new exe header */ |
150 | 150 |
uint32_t overlays;/**< number of overlays */ |
151 | 151 |
int32_t overlays_sz;/**< size of overlays */ |