@@ -21,8 +21,9 @@

  */

 #ifndef BYTECODE_H

 #define BYTECODE_H

-#include <stdio.h>

+#include <stdint.h>

 #include "clambc.h"

+#include <stdio.h>

 struct cli_dbio;

 struct cli_bc_ctx;

@@ -90,3 +90,16 @@ uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx* ctx, const uint8_t *name, uin

     ctx->virname = name;

     return 0;

 }

+

+uint32_t cli_bcapi_disasm_x86(struct cli_bc_ctx *ctx, struct DISASM_RESULT *res, uint32_t len)

+{

+    //TODO: call disasm_x86_wrap, which outputs a MARIO struct

+}

+

+int32_t cli_bcapi_write(struct cli_bc_ctx *ctx, uint8_t*data, int32_t len)

+{

+    //TODO: write to tempfile (checking maxsize), and later scan it via

+    //magicscandesc

+}

+

+

@@ -24,12 +24,13 @@

 #ifdef __CLAMBC__

 #include "bytecode_execs.h"

-//#include "bytecode_pe.h"

+#include "bytecode_pe.h"

+#include "bytecode_disasm.h"

 #endif

 #ifndef __CLAMBC__

 #include "execs.h"

-#include "pe.h"

+struct DISASM_RESULT;

 #endif

 struct foo {

@@ -64,6 +65,7 @@ enum {

     SEEK_END

 };

+int32_t write(uint8_t *data, int32_t size);

 /* seeks current position to @pos, from @whence, returns current position from

  * start of file */

 int32_t seek(int32_t pos, uint32_t whence);

@@ -73,7 +75,8 @@ uint32_t setvirusname(const uint8_t *name, uint32_t len);

 uint32_t debug_print_str(const uint8_t *str, uint32_t len);

 uint32_t debug_print_uint(uint32_t a, uint32_t b);

-//const char *LogicalSignature;

+// disassembles at current file position, use lseek to disasm someplace else

+uint32_t disasm_x86(struct DISASM_RESULT*, uint32_t len);

 #endif

 #endif

@@ -29,16 +29,18 @@

 uint32_t cli_bcapi_test0(struct cli_bc_ctx *ctx, struct foo*, uint32_t);

 uint32_t cli_bcapi_test1(struct cli_bc_ctx *ctx, uint32_t, uint32_t);

 int32_t cli_bcapi_read(struct cli_bc_ctx *ctx, uint8_t*, int32_t);

+int32_t cli_bcapi_write(struct cli_bc_ctx *ctx, uint8_t*, int32_t);

 int32_t cli_bcapi_seek(struct cli_bc_ctx *ctx, int32_t, uint32_t);

 uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

 uint32_t cli_bcapi_debug_print_str(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

 uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t, uint32_t);

+uint32_t cli_bcapi_disasm_x86(struct cli_bc_ctx *ctx, struct DISASM_RESULT*, uint32_t);

 const struct cli_apiglobal cli_globals[] = {

 /* Bytecode globals BEGIN */

-	{"__clambc_match_counts", GLOBAL_MATCH_COUNTS, 73,

+	{"__clambc_match_counts", GLOBAL_MATCH_COUNTS, 82,

 	 ((char*)&((struct cli_bc_ctx*)0)->hooks.match_counts - (char*)NULL)},

-	{"__clambc_exeinfo", GLOBAL_EXEINFO, 70,

+	{"__clambc_exeinfo", GLOBAL_EXEINFO, 79,

 	 ((char*)&((struct cli_bc_ctx*)0)->hooks.exeinfo - (char*)NULL)},

 	{"__clambc_kind", GLOBAL_KIND, 16,

 	 ((char*)&((struct cli_bc_ctx*)0)->hooks.kind - (char*)NULL)},

@@ -47,40 +49,72 @@ const struct cli_apiglobal cli_globals[] = {

 /* Bytecode globals END */

 };

 const unsigned cli_apicall_maxglobal = _LAST_GLOBAL-1;

-static uint16_t cli_tmp0[]={};

-static uint16_t cli_tmp1[]={71, 32, 32, 16};

-static uint16_t cli_tmp2[]={72};

-static uint16_t cli_tmp3[]={32, 32, 32, 32, 32, 32, 32, 32, 32};

-static uint16_t cli_tmp4[]={32};

-static uint16_t cli_tmp5[]={32, 32, 32};

-static uint16_t cli_tmp6[]={32, 65, 32};

-static uint16_t cli_tmp7[]={32, 77, 32};

+static uint16_t cli_tmp0[]={79, 77, 75, 72, 70, 32, 32};

+static uint16_t cli_tmp1[]={71};

+static uint16_t cli_tmp2[]={32, 32};

+static uint16_t cli_tmp3[]={73};

+static uint16_t cli_tmp4[]={16, 8, 8, 32, 32, 32, 32, 32, 64, 32, 32, 16, 16, 16, 16, 16, 16, 32, 32, 32, 32, 16, 16, 64, 64, 64, 64, 32, 32, 74};

+static uint16_t cli_tmp5[]={71};

+static uint16_t cli_tmp6[]={76};

+static uint16_t cli_tmp7[]={16, 8, 8, 32, 32, 32, 32, 32, 32, 32, 32, 32, 16, 16, 16, 16, 16, 16, 32, 32, 32, 32, 16, 16, 32, 32, 32, 32, 32, 32, 74};

 static uint16_t cli_tmp8[]={78};

-static uint16_t cli_tmp9[]={77};

+static uint16_t cli_tmp9[]={32, 16, 16, 32, 32, 32, 16, 16};

+static uint16_t cli_tmp10[]={80, 32, 32, 16};

+static uint16_t cli_tmp11[]={81};

+static uint16_t cli_tmp12[]={32, 32, 32, 32, 32, 32, 32, 32, 32};

+static uint16_t cli_tmp13[]={32};

+static uint16_t cli_tmp14[]={32, 84, 32};

+static uint16_t cli_tmp15[]={85};

+static uint16_t cli_tmp16[]={16, 8, 8, 8, 87, 86};

+static uint16_t cli_tmp17[]={8};

+static uint16_t cli_tmp18[]={88};

+static uint16_t cli_tmp19[]={8};

+static uint16_t cli_tmp20[]={32, 32, 32};

+static uint16_t cli_tmp21[]={32, 65, 32};

+static uint16_t cli_tmp22[]={32, 92, 32};

+static uint16_t cli_tmp23[]={93};

+static uint16_t cli_tmp24[]={92};

 const struct cli_bc_type cli_apicall_types[]={

-	{, cli_tmp0, , 0, 0},

-	{DStructType, cli_tmp1, 4, 0, 0},

-	{DPointerType, cli_tmp2, 1, 0, 0},

-	{DStructType, cli_tmp3, 9, 0, 0},

-	{DArrayType, cli_tmp4, 64, 0, 0},

-	{DFunctionType, cli_tmp5, 3, 0, 0},

-	{DFunctionType, cli_tmp6, 3, 0, 0},

-	{DFunctionType, cli_tmp7, 3, 0, 0},

+	{DStructType, cli_tmp0, 7, 0, 0},

+	{DPointerType, cli_tmp1, 1, 0, 0},

+	{DStructType, cli_tmp2, 2, 0, 0},

+	{DPointerType, cli_tmp3, 1, 0, 0},

+	{DStructType, cli_tmp4, 30, 0, 0},

+	{DArrayType, cli_tmp5, 16, 0, 0},

+	{DPointerType, cli_tmp6, 1, 0, 0},

+	{DStructType, cli_tmp7, 31, 0, 0},

 	{DPointerType, cli_tmp8, 1, 0, 0},

-	{DStructType, cli_tmp9, 1, 0, 0}

+	{DStructType, cli_tmp9, 8, 0, 0},

+	{DStructType, cli_tmp10, 4, 0, 0},

+	{DPointerType, cli_tmp11, 1, 0, 0},

+	{DStructType, cli_tmp12, 9, 0, 0},

+	{DArrayType, cli_tmp13, 64, 0, 0},

+	{DFunctionType, cli_tmp14, 3, 0, 0},

+	{DPointerType, cli_tmp15, 1, 0, 0},

+	{DStructType, cli_tmp16, 6, 0, 0},

+	{DArrayType, cli_tmp17, 29, 0, 0},

+	{DArrayType, cli_tmp18, 10, 0, 0},

+	{DArrayType, cli_tmp19, 3, 0, 0},

+	{DFunctionType, cli_tmp20, 3, 0, 0},

+	{DFunctionType, cli_tmp21, 3, 0, 0},

+	{DFunctionType, cli_tmp22, 3, 0, 0},

+	{DPointerType, cli_tmp23, 1, 0, 0},

+	{DStructType, cli_tmp24, 1, 0, 0}

 };

 const unsigned cli_apicall_maxtypes=sizeof(cli_apicall_types)/sizeof(cli_apicall_types[0]);

 const struct cli_apicall cli_apicalls[]={

 /* Bytecode APIcalls BEGIN */

-	{"test0", 7, 0, 1},

-	{"test1", 5, 0, 0},

-	{"read", 6, 1, 1},

-	{"seek", 5, 1, 0},

-	{"setvirusname", 6, 2, 1},

-	{"debug_print_str", 6, 3, 1},

-	{"debug_print_uint", 5, 2, 0}

+	{"test0", 22, 0, 1},

+	{"test1", 20, 0, 0},

+	{"read", 21, 1, 1},

+	{"write", 21, 2, 1},

+	{"seek", 20, 1, 0},

+	{"setvirusname", 21, 3, 1},

+	{"debug_print_str", 21, 4, 1},

+	{"debug_print_uint", 20, 2, 0},

+	{"disasm_x86", 14, 5, 1}

 /* Bytecode APIcalls END */

 };

 const cli_apicall_int2 cli_apicalls0[] = {

@@ -91,7 +125,9 @@ const cli_apicall_int2 cli_apicalls0[] = {

 const cli_apicall_pointer cli_apicalls1[] = {

 	(cli_apicall_pointer)cli_bcapi_test0,

 	(cli_apicall_pointer)cli_bcapi_read,

+	(cli_apicall_pointer)cli_bcapi_write,

 	(cli_apicall_pointer)cli_bcapi_setvirusname,

-	(cli_apicall_pointer)cli_bcapi_debug_print_str

+	(cli_apicall_pointer)cli_bcapi_debug_print_str,

+	(cli_apicall_pointer)cli_bcapi_disasm_x86

 };

 const unsigned cli_apicall_maxapi = sizeof(cli_apicalls)/sizeof(cli_apicalls[0]);

@@ -26,9 +26,11 @@ struct cli_bc_bctx;

 uint32_t cli_bcapi_test0(struct cli_bc_ctx *ctx, struct foo*, uint32_t);

 uint32_t cli_bcapi_test1(struct cli_bc_ctx *ctx, uint32_t, uint32_t);

 int32_t cli_bcapi_read(struct cli_bc_ctx *ctx, uint8_t*, int32_t);

+int32_t cli_bcapi_write(struct cli_bc_ctx *ctx, uint8_t*, int32_t);

 int32_t cli_bcapi_seek(struct cli_bc_ctx *ctx, int32_t, uint32_t);

 uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

 uint32_t cli_bcapi_debug_print_str(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);

 uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t, uint32_t);

+uint32_t cli_bcapi_disasm_x86(struct cli_bc_ctx *ctx, struct DISASM_RESULT*, uint32_t);

 #endif

@@ -24,8 +24,8 @@

 struct cli_bc_hooks {

 	 const uint32_t* match_counts;

-	 const struct cli_exe_info exeinfo;

-	 const uint16_t kind;

-	 const cli_pe_hook_data pedata;

+	 const struct cli_exe_info* exeinfo;

+	 const uint16_t* kind;

+	 const struct cli_pe_hook_data* pedata;

 };

 #endif

@@ -22,7 +22,6 @@

 #ifndef CLAMBC_H

 #define CLAMBC_H

-

 struct bytecode_metadata {

   unsigned long maxStack, maxMem;

   unsigned long maxTime;

@@ -75,6 +74,12 @@ enum bc_opcode {

   OP_BC_GEPN,

   OP_BC_STORE,

   OP_BC_LOAD,

+  OP_BC_MEMSET,

+  OP_BC_MEMCPY,

+  OP_BC_MEMMOVE,

+  OP_BC_MEMCMP,

+  OP_BC_ISBIGENDIAN,

+  OP_BC_ABORT,

   OP_BC_INVALID /* last */

 };

@@ -95,7 +100,13 @@ static const unsigned char operand_counts[] = {

   /* OP_BC_COPY */

   2,

   /* OP_BC_GEP1, OP_BC_GEP2, OP_BC_GEPN, OP_BC_STORE, OP_BC_LOAD*/

-  2, 3, 0, 2, 1

+  2, 3, 0, 2, 1,

+  /* OP_MEM* */

+  3, 3, 3, 3,

+  /* OP_BC_ISBIGENDIAN */

+  0,

+  /* OP_BC_ABORT */

+  0

 };

 enum bc_global {

@@ -104,6 +115,7 @@ enum bc_global {

   GLOBAL_KIND,

   GLOBAL_VIRUSNAMES,

   GLOBAL_EXEINFO,

+  GLOBAL_PEDATA,

   _LAST_GLOBAL

 };

@@ -18,6 +18,16 @@

  *  MA 02110-1301, USA.

  */

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include <stdio.h>

+#include <string.h>

+#include <assert.h>

+

+#include "others.h"

+

 #include "disasmpriv.h"

 #include "disasm.h"

@@ -1669,22 +1679,11 @@ static uint8_t *disasm_x86(uint8_t *command, unsigned int len, struct DISASMED *

   }

 }

-

 void disasmbuf(uint8_t *buff, unsigned int len, int fd) {

   uint8_t *next = buff;

   unsigned int counter=0;

   struct DISASMED s;

-  struct MARIO {

-    uint16_t real_op;

-    uint8_t opsize;

-    uint8_t adsize;

-    uint8_t segment;

-

-    uint8_t arg[3][10];

-

-    uint8_t extra[29];

-  } w;

-

+  struct DISASM_RESULT w;

   memset(&w.extra[0], 0, sizeof(w.extra));

   while(len && counter++<200) {

@@ -21,308 +21,7 @@

 #ifndef __DISASMPRIV_H

 #define __DISASMPRIV_H

-#if HAVE_CONFIG_H

-#include "clamav-config.h"

-#endif

-

-#include <stdio.h>

-#include <string.h>

-#include <assert.h>

-

-#include "others.h"

-

-enum X86OPS {

-  OP_INVALID,

-  OP_AAA,

-  OP_AAD,

-  OP_AAM,

-  OP_AAS,

-  OP_ADD,

-  OP_ADC,

-  OP_AND,

-  OP_ARPL,

-  OP_BOUND,

-  OP_BSF,

-  OP_BSR,

-  OP_BSWAP,

-  OP_BT,

-  OP_BTC,

-  OP_BTR,

-  OP_BTS,

-  OP_CALL,

-  OP_CDQ,

-  OP_CWD,

-  OP_CWDE,

-  OP_CBW,

-  OP_CLC,

-  OP_CLD,

-  OP_CLI,

-  OP_CLTS,

-  OP_CMC,

-  OP_CMOVO,

-  OP_CMOVNO,

-  OP_CMOVC,

-  OP_CMOVNC,

-  OP_CMOVZ,

-  OP_CMOVNZ,

-  OP_CMOVBE,

-  OP_CMOVA,

-  OP_CMOVS,

-  OP_CMOVNS,

-  OP_CMOVP,

-  OP_CMOVNP,

-  OP_CMOVL,

-  OP_CMOVGE,

-  OP_CMOVLE,

-  OP_CMOVG,

-  OP_CMP,

-  OP_CMPSD,

-  OP_CMPSW,

-  OP_CMPSB,

-  OP_CMPXCHG,

-  OP_CMPXCHG8B,

-  OP_CPUID,

-  OP_DAA,

-  OP_DAS,

-  OP_DEC,

-  OP_DIV,

-  OP_ENTER,

-  OP_FWAIT,

-  OP_HLT,

-  OP_IDIV,

-  OP_IMUL,

-  OP_INC,

-  OP_IN,

-  OP_INSD,

-  OP_INSW,

-  OP_INSB,

-  OP_INT,

-  OP_INT3,

-  OP_INTO,

-  OP_INVD,

-  OP_INVLPG,

-  OP_IRET,

-  OP_JO,

-  OP_JNO,

-  OP_JC,

-  OP_JNC,

-  OP_JZ,

-  OP_JNZ,

-  OP_JBE,

-  OP_JA,

-  OP_JS,

-  OP_JNS,

-  OP_JP,

-  OP_JNP,

-  OP_JL,

-  OP_JGE,

-  OP_JLE,

-  OP_JG,

-  OP_JMP,

-  OP_LAHF,

-  OP_LAR,

-  OP_LDS,

-  OP_LES,

-  OP_LFS,

-  OP_LGS,

-  OP_LEA,

-  OP_LEAVE,

-  OP_LGDT,

-  OP_LIDT,

-  OP_LLDT,

-  OP_PREFIX_LOCK,

-  OP_LODSD,

-  OP_LODSW,

-  OP_LODSB,

-  OP_LOOP,

-  OP_LOOPE,

-  OP_LOOPNE,

-  OP_JECXZ,

-  OP_LSL,

-  OP_LSS,

-  OP_LTR,

-  OP_MOV,

-  OP_MOVSD,

-  OP_MOVSW,

-  OP_MOVSB,

-  OP_MOVSX,

-  OP_MOVZX,

-  OP_MUL,

-  OP_NEG,

-  OP_NOP,

-  OP_NOT,

-  OP_OR,

-  OP_OUT,

-  OP_OUTSD,

-  OP_OUTSW,

-  OP_OUTSB,

-  OP_PUSH,

-  OP_PUSHAD,

-  OP_PUSHA,

-  OP_PUSHFD,

-  OP_PUSHF,

-  OP_POP,

-  OP_POPAD,

-  OP_POPFD,

-  OP_POPF,

-  OP_RCL,

-  OP_RCR,

-  OP_RDMSR,

-  OP_RDPMC,

-  OP_RDTSC,

-  OP_PREFIX_REPE,

-  OP_PREFIX_REPNE,

-  OP_RETF,

-  OP_RETN,

-  OP_ROL,

-  OP_ROR,

-  OP_RSM,

-  OP_SAHF,

-  OP_SAR,

-  OP_SBB,

-  OP_SCASD,

-  OP_SCASW,

-  OP_SCASB,

-  OP_SETO,

-  OP_SETNO,

-  OP_SETC,

-  OP_SETNC,

-  OP_SETZ,

-  OP_SETNZ,

-  OP_SETBE,

-  OP_SETA,

-  OP_SETS,

-  OP_SETNS,

-  OP_SETP,

-  OP_SETNP,

-  OP_SETL,

-  OP_SETGE,

-  OP_SETLE,

-  OP_SETG,

-  OP_SGDT,

-  OP_SIDT,

-  OP_SHL,

-  OP_SHLD,

-  OP_SHR,

-  OP_SHRD,

-  OP_SLDT,

-  OP_STOSD,

-  OP_STOSW,

-  OP_STOSB,

-  OP_STR,

-  OP_STC,

-  OP_STD,

-  OP_STI,

-  OP_SUB,

-  OP_SYSCALL,

-  OP_SYSENTER,

-  OP_SYSEXIT,

-  OP_SYSRET,

-  OP_TEST,

-  OP_UD2,

-  OP_VERR,

-  OP_VERRW,

-  OP_WBINVD,

-  OP_WRMSR,

-  OP_XADD,

-  OP_XCHG,

-  OP_XLAT,

-  OP_XOR,

-  OP_PREFIX_OPSIZE,

-  OP_PREFIX_ADDRSIZE,

-  OP_PREFIX_SEGMENT,

-  OP_2BYTE,

-

-  OP_FPU,

-

-  OP_F2XM1,

-  OP_FABS,

-  OP_FADD,

-  OP_FADDP,

-  OP_FBLD,

-  OP_FBSTP,

-  OP_FCHS,

-  OP_FCLEX,

-  OP_FCMOVB,

-  OP_FCMOVBE,

-  OP_FCMOVE,

-  OP_FCMOVNB,

-  OP_FCMOVNBE,

-  OP_FCMOVNE,

-  OP_FCMOVNU,

-  OP_FCMOVU,

-  OP_FCOM,

-  OP_FCOMI,

-  OP_FCOMIP,

-  OP_FCOMP,

-  OP_FCOMPP,

-  OP_FCOS,

-  OP_FDECSTP,

-  OP_FDIV,

-  OP_FDIVP,

-  OP_FDIVR,

-  OP_FDIVRP,

-  OP_FFREE,

-  OP_FIADD,

-  OP_FICOM,

-  OP_FICOMP,

-  OP_FIDIV,

-  OP_FIDIVR,

-  OP_FILD,

-  OP_FIMUL,

-  OP_FINCSTP,

-  OP_FINIT,

-  OP_FIST,

-  OP_FISTP,

-  OP_FISTTP,

-  OP_FISUB,

-  OP_FISUBR,

-  OP_FLD,

-  OP_FLD1,

-  OP_FLDCW,

-  OP_FLDENV,

-  OP_FLDL2E,

-  OP_FLDL2T,

-  OP_FLDLG2,

-  OP_FLDLN2,

-  OP_FLDPI,

-  OP_FLDZ,

-  OP_FMUL,

-  OP_FMULP,

-  OP_FNOP,

-  OP_FPATAN,

-  OP_FPREM,

-  OP_FPREM1,

-  OP_FPTAN,

-  OP_FRNDINT,

-  OP_FRSTOR,

-  OP_FSCALE,

-  OP_FSIN,

-  OP_FSINCOS,

-  OP_FSQRT,

-  OP_FSAVE,

-  OP_FST,

-  OP_FSTCW,

-  OP_FSTENV,

-  OP_FSTP,

-  OP_FSTSW,

-  OP_FSUB,

-  OP_FSUBP,

-  OP_FSUBR,

-  OP_FSUBRP,

-  OP_FTST,

-  OP_FUCOM,

-  OP_FUCOMI,

-  OP_FUCOMIP,

-  OP_FUCOMP,

-  OP_FUCOMPP,

-  OP_FXAM,

-  OP_FXCH,

-  OP_FXTRACT,

-  OP_FYL2X,

-  OP_FYL2XP1

-};

-

+#include "disasm-common.h"

 enum DIS_STATE {

   STATE_GETOP,

@@ -334,37 +33,6 @@ enum DIS_STATE {

   STATE_ERROR

 };

-enum DIS_ACCESS {

-  ACCESS_NOARG, /* arg not present */

-  ACCESS_IMM,   /* immediate */

-  ACCESS_REL,   /* +/- immediate */

-  ACCESS_REG,   /* register */

-  ACCESS_MEM    /* [something] */

-};

-

-enum DIS_SIZE { /* for mem access, immediate and relative */

-  SIZEB,

-  SIZEW,

-  SIZED,

-  SIZEF,

-  SIZEQ,

-  SIZET,

-  SIZEPTR

-};

-

-

-enum X86REGS {

-  REG_EAX, REG_ECX, REG_EDX, REG_EBX, REG_ESP, REG_EBP, REG_ESI, REG_EDI,

-  REG_AX, REG_CX, REG_DX, REG_BX, REG_SP, REG_BP, REG_SI, REG_DI,

-  REG_AH, REG_CH, REG_DH, REG_BH, REG_AL, REG_CL, REG_DL, REG_BL,

-  REG_ES, REG_CS, REG_SS, REG_DS, REG_FS, REG_GS,

-  REG_CR0, REG_CR1, REG_CR2, REG_CR3, REG_CR4, REG_CR5, REG_CR6, REG_CR7,

-  REG_DR0, REG_DR1, REG_DR2, REG_DR3, REG_DR4, REG_DR5, REG_DR6, REG_DR7,

-  REG_ST0, REG_ST1, REG_ST2, REG_ST3, REG_ST4, REG_ST5, REG_ST6, REG_ST7,

-  REG_INVALID

-};

-

-

 struct DIS_ARGS {

   enum DIS_ACCESS access;

   enum DIS_SIZE size;

@@ -388,7 +56,6 @@ struct DIS_ARGS {

   } arg;

 };

-

 /* FIXME: pack this thing and make macroes to access it in different compilers */

 struct DISASMED {

   uint16_t table_op;

@@ -1,7 +1,7 @@

-ClamBCaa`|``````|`afafp`clamcoincidencejb

+ClamBCaa`|``````|`ahafp`clamcoincidencejb

-Tedacb`bb`bb`b

-Eabaaabbed|afdgefcgdgac``

+Tedaa`ab`badacb`bb`bb`b

+Eabaaabbgd|afdgefcgdgac``

 G``

 A`b`bLacb`baab`bFadaa

 Bb`b`abbabHonnkm``odHm``oonnkdaaaaeab`b`Hhgfedcbadb`baboaaaDm``odDmjnmdTcab`babE

@@ -1,10 +1,10 @@

-ClamBCaa`|``````|`ajafp`clamcoincidencejb

+ClamBCaa`|``````|`alafp`clamcoincidencejb

-Tedcabidebidacb`bbidb`bacb`bb`bb`bebed

-Eababaabgd|afdgefcgdg`c``abbhd|afdgefcgdgac``

+Tedaa`cabkdebkdab`badacb`bbkdb`bacb`bb`bb`bebfd

+Eababaabid|afdgefcgdg`c``abbjd|afdgefcgdgac``

 G``

-A`b`bLahbedbfd`b`baab`baab`bFajac

-Bbfdaadb`@d@d``fb`aab`bacabbabHonnkm``odHm``oonnkdaaadeab`bacHhgfedcbadTaaadaaab

+A`b`bLahbfdbgd`b`baab`baab`bFajac

+Bbgdaadb`@d@d``bb``b`bacabbabHonnkm``odHm``oonnkdaaadeab`bacHhgfedcbadTaaadaaab

 Bb`baeabbaa`Honnkmjnmdaaafeab`baeHhgfedcbadb`bagoaafDm``odDmjnmdTcab`bag

 BTcab`bDmjnmdE

 Aab`bLabahaab`bFacaa

@@ -1,6 +1,6 @@

-ClamBCaa`|``````|`aebbep`clamcoincidencejb

+ClamBCaa`|``````|`agbbep`clamcoincidencejb

-Ted

+Tedaa`ab`bad

 E``

 G``

 A`b`bLbabb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bFbbbaa

@@ -1,6 +1,6 @@

-ClamBCaa`|``````|`aeabp`clamcoincidencejb

+ClamBCaa`|``````|`agabp`clamcoincidencejb

-Ted

+Tedaa`ab`bad

 E``

 G``

 A`b`bLaab`bFabaa

@@ -1,9 +1,11 @@

-ClamBCaa`|``c``a```|`alaap`clamcoincidencejb

+ClamBCaa`|``````|`bkaabp`clamcoincidencejb

 Trojan.Foo.{A,B};Target:0;((0|1|2)=42,2);aabb;ffffffff;aaccee;f00d

-Tedebkdebjdebadebcdacb`bbadb`bdb`db`bdabah

-Eaeaaaebid|amcgefdgfgifbgegcgnfafmfef``

-Gd```hahbkdBad@`bkdBbd@`bad@@`bad@Aa`bcdAcD```h`bcdAbD```h`bcd@D```h`bcdAaD```h`

+Tedebjeebieebheebgeebfeebeeebceebbeebadebcdaa`ab`badacb`bbadb`bdb`db`bchbadbdebadbdebadbdebadbdecab`bdagahdaiahdaeahdabbaddabahdakah

+Eafaaafbae|amcgefdgfgifbgegcgnfafmfef``

+Gd```hbeabjeBdeBbgBofBjfBafBnfBnbBfdBofBof@`bieBad@`bieBbd@`bhe@Aa@Ab`b`a@`b`aC``a`bgeBafBafBbfBbf@`bfeBffBffBffBffBffBffBffBff@`bgeBffB`cB`cBdf@`beeBafBafBcfBcfBefBef@`bce@Af@@AgAa@AhAc@AiAb`bad@Aa`bad@Ab`bad@Af`bad@Ag`bad@Ah`bad@Ai`bcdAcD```h`bcdAbD```h`bcd@D```h`bcdAaD```h`

 A`b`bLaeb`baaaabadb`bFahac

-Bb`b`gbAd`aaaaiab`b`AbdTaaaaabaa

-Baaabeab`b`AbdbadacoaabAb`Ac`b`badabbaeac@dTcab`b@d

+Bb`b`gbBaa`aaaaiab`b`AbdTaaaaabaa

+Baaabeab`b`AbdbadacoaabAk`Al`b`badabbafac@dTcab`b@d

 BTcab`b@dE

+A`aaLb`ab`bb`bb`bb`bb`baaaaaaaab`bb`bb`bb`bb`baaaaFbaaaa

+Bb`b`gbBca`b`baagbBda`b`babgbBba`b`baca`aa`b`bada`acabaaaeeab`badBjbdaaaffab`b`@daaagfab`baa@daaahfab`bab@db`bai`aafb`baj`aagb`bak`aahb`bala`ajaib`bama`alakaaaneab`bamAbdaaaok`anaeTcaaaaoE

@@ -1,6 +1,6 @@

-ClamBCaa`|``````|`aeaap`clamcoincidencejb

+ClamBCaa`|``````|`agaap`clamcoincidencejb

-Ted

+Tedaa`ab`bad

 E``

 G``

 A`b`bL`Faaaa