Browse code
Initial support for loading .cbc files from DB.
Török Edvin authored on 2009/09/22 01:24:16Showing 15 changed files
- clamd/clamd.c
- clamscan/manager.c
- libclamav/bytecode.c
- libclamav/bytecode_api_decl.c
- libclamav/bytecode_vm.c
- libclamav/c++/bytecode2llvm.cpp
- libclamav/clamav.h
- libclamav/clambc.h
- libclamav/dconf.c
- libclamav/dconf.h
- libclamav/others.h
- libclamav/readdb.c
- libclamav/readdb.h
- shared/optparser.c
- unit_tests/check_bytecode.c
| ... | ... |
@@ -400,6 +400,9 @@ int main(int argc, char **argv) |
| 400 | 400 |
else |
| 401 | 401 |
logg("#Not loading phishing signatures.\n");
|
| 402 | 402 |
|
| 403 |
+ if(optget(opts,"Bytecode")->enabled) |
|
| 404 |
+ dboptions |= CL_DB_BYTECODE; |
|
| 405 |
+ |
|
| 403 | 406 |
if(optget(opts,"PhishingScanURLs")->enabled) |
| 404 | 407 |
dboptions |= CL_DB_PHISHING_URLS; |
| 405 | 408 |
else |
| ... | ... |
@@ -352,6 +352,9 @@ int scanmanager(const struct optstruct *opts) |
| 352 | 352 |
if(optget(opts,"phishing-scan-urls")->enabled) |
| 353 | 353 |
dboptions |= CL_DB_PHISHING_URLS; |
| 354 | 354 |
|
| 355 |
+ if(optget(opts,"bytecode")->enabled) |
|
| 356 |
+ dboptions |= CL_DB_BYTECODE; |
|
| 357 |
+ |
|
| 355 | 358 |
if((ret = cl_init(CL_INIT_DEFAULT))) {
|
| 356 | 359 |
logg("!Can't initialize libclamav: %s\n", cl_strerror(ret));
|
| 357 | 360 |
return 50; |
| ... | ... |
@@ -420,7 +420,7 @@ static int parseLSig(struct cli_bc *bc, unsigned char *buffer) |
| 420 | 420 |
return CL_EMALFDB; |
| 421 | 421 |
} |
| 422 | 422 |
bc->lsig = NULL; |
| 423 |
- bc->lsig = cli_strdup(buffer[1]); |
|
| 423 |
+ bc->lsig = cli_strdup(buffer + 1); |
|
| 424 | 424 |
return CL_SUCCESS; |
| 425 | 425 |
} |
| 426 | 426 |
|
| ... | ... |
@@ -890,26 +890,26 @@ static int parseBB(struct cli_bc *bc, unsigned func, unsigned bb, unsigned char |
| 890 | 890 |
cli_errmsg("Invalid type or operand\n");
|
| 891 | 891 |
return CL_EMALFDB; |
| 892 | 892 |
} |
| 893 |
- if (inst.opcode >= OP_INVALID) {
|
|
| 893 |
+ if (inst.opcode >= OP_BC_INVALID) {
|
|
| 894 | 894 |
cli_errmsg("Invalid opcode: %u\n", inst.opcode);
|
| 895 | 895 |
return CL_EMALFDB; |
| 896 | 896 |
} |
| 897 | 897 |
|
| 898 | 898 |
switch (inst.opcode) {
|
| 899 |
- case OP_JMP: |
|
| 899 |
+ case OP_BC_JMP: |
|
| 900 | 900 |
inst.u.jump = readBBID(bcfunc, buffer, &offset, len, &ok); |
| 901 | 901 |
break; |
| 902 |
- case OP_RET: |
|
| 902 |
+ case OP_BC_RET: |
|
| 903 | 903 |
inst.type = readNumber(buffer, &offset, len, &ok); |
| 904 | 904 |
inst.u.unaryop = readOperand(bcfunc, buffer, &offset, len, &ok); |
| 905 | 905 |
break; |
| 906 |
- case OP_BRANCH: |
|
| 906 |
+ case OP_BC_BRANCH: |
|
| 907 | 907 |
inst.u.branch.condition = readOperand(bcfunc, buffer, &offset, len, &ok); |
| 908 | 908 |
inst.u.branch.br_true = readBBID(bcfunc, buffer, &offset, len, &ok); |
| 909 | 909 |
inst.u.branch.br_false = readBBID(bcfunc, buffer, &offset, len, &ok); |
| 910 | 910 |
break; |
| 911 |
- case OP_CALL_API:/* fall-through */ |
|
| 912 |
- case OP_CALL_DIRECT: |
|
| 911 |
+ case OP_BC_CALL_API:/* fall-through */ |
|
| 912 |
+ case OP_BC_CALL_DIRECT: |
|
| 913 | 913 |
numOp = readFixedNumber(buffer, &offset, len, &ok, 1); |
| 914 | 914 |
if (ok) {
|
| 915 | 915 |
inst.u.ops.numOps = numOp; |
| ... | ... |
@@ -919,7 +919,7 @@ static int parseBB(struct cli_bc *bc, unsigned func, unsigned bb, unsigned char |
| 919 | 919 |
cli_errmsg("Out of memory allocating operands\n");
|
| 920 | 920 |
return CL_EMALFDB; |
| 921 | 921 |
} |
| 922 |
- if (inst.opcode == OP_CALL_DIRECT) |
|
| 922 |
+ if (inst.opcode == OP_BC_CALL_DIRECT) |
|
| 923 | 923 |
inst.u.ops.funcid = readFuncID(bc, buffer, &offset, len, &ok); |
| 924 | 924 |
else |
| 925 | 925 |
inst.u.ops.funcid = readAPIFuncID(bc, buffer, &offset, len, &ok); |
| ... | ... |
@@ -928,9 +928,9 @@ static int parseBB(struct cli_bc *bc, unsigned func, unsigned bb, unsigned char |
| 928 | 928 |
} |
| 929 | 929 |
} |
| 930 | 930 |
break; |
| 931 |
- case OP_ZEXT: |
|
| 932 |
- case OP_SEXT: |
|
| 933 |
- case OP_TRUNC: |
|
| 931 |
+ case OP_BC_ZEXT: |
|
| 932 |
+ case OP_BC_SEXT: |
|
| 933 |
+ case OP_BC_TRUNC: |
|
| 934 | 934 |
inst.u.cast.source = readOperand(bcfunc, buffer, &offset, len, &ok); |
| 935 | 935 |
inst.u.cast.mask = bcfunc->types[inst.u.cast.source]; |
| 936 | 936 |
if (inst.u.cast.mask == 1) |
| ... | ... |
@@ -944,21 +944,21 @@ static int parseBB(struct cli_bc *bc, unsigned func, unsigned bb, unsigned char |
| 944 | 944 |
else if (inst.u.cast.mask <= 64) |
| 945 | 945 |
inst.u.cast.size = 4; |
| 946 | 946 |
/* calculate mask */ |
| 947 |
- if (inst.opcode != OP_SEXT) |
|
| 947 |
+ if (inst.opcode != OP_BC_SEXT) |
|
| 948 | 948 |
inst.u.cast.mask = inst.u.cast.mask != 64 ? |
| 949 | 949 |
(1ull<<inst.u.cast.mask)-1 : |
| 950 | 950 |
~0ull; |
| 951 | 951 |
break; |
| 952 |
- case OP_ICMP_EQ: |
|
| 953 |
- case OP_ICMP_NE: |
|
| 954 |
- case OP_ICMP_UGT: |
|
| 955 |
- case OP_ICMP_UGE: |
|
| 956 |
- case OP_ICMP_ULT: |
|
| 957 |
- case OP_ICMP_ULE: |
|
| 958 |
- case OP_ICMP_SGT: |
|
| 959 |
- case OP_ICMP_SGE: |
|
| 960 |
- case OP_ICMP_SLE: |
|
| 961 |
- case OP_ICMP_SLT: |
|
| 952 |
+ case OP_BC_ICMP_EQ: |
|
| 953 |
+ case OP_BC_ICMP_NE: |
|
| 954 |
+ case OP_BC_ICMP_UGT: |
|
| 955 |
+ case OP_BC_ICMP_UGE: |
|
| 956 |
+ case OP_BC_ICMP_ULT: |
|
| 957 |
+ case OP_BC_ICMP_ULE: |
|
| 958 |
+ case OP_BC_ICMP_SGT: |
|
| 959 |
+ case OP_BC_ICMP_SGE: |
|
| 960 |
+ case OP_BC_ICMP_SLE: |
|
| 961 |
+ case OP_BC_ICMP_SLT: |
|
| 962 | 962 |
/* instruction type must be correct before readOperand! */ |
| 963 | 963 |
inst.type = readNumber(buffer, &offset, len, &ok); |
| 964 | 964 |
/* fall-through */ |
| ... | ... |
@@ -1160,8 +1160,8 @@ int cli_bytecode_run(const struct cli_all_bc *bcs, const struct cli_bc *bc, stru |
| 1160 | 1160 |
func.numBytes = ctx->bytes; |
| 1161 | 1161 |
memset(ctx->values+ctx->bytes-8, 0, 8); |
| 1162 | 1162 |
|
| 1163 |
- inst.opcode = OP_CALL_DIRECT; |
|
| 1164 |
- inst.interp_op = OP_CALL_DIRECT*5; |
|
| 1163 |
+ inst.opcode = OP_BC_CALL_DIRECT; |
|
| 1164 |
+ inst.interp_op = OP_BC_CALL_DIRECT*5; |
|
| 1165 | 1165 |
inst.dest = func.numArgs; |
| 1166 | 1166 |
inst.type = 0; |
| 1167 | 1167 |
inst.u.ops.numOps = ctx->numParams; |
| ... | ... |
@@ -1194,7 +1194,7 @@ void cli_bytecode_destroy(struct cli_bc *bc) |
| 1194 | 1194 |
for(k=0;k<BB->numInsts;k++) {
|
| 1195 | 1195 |
struct cli_bc_inst *ii = &BB->insts[k]; |
| 1196 | 1196 |
if (operand_counts[ii->opcode] > 3 || |
| 1197 |
- ii->opcode == OP_CALL_DIRECT || ii->opcode == OP_CALL_API) {
|
|
| 1197 |
+ ii->opcode == OP_BC_CALL_DIRECT || ii->opcode == OP_BC_CALL_API) {
|
|
| 1198 | 1198 |
free(ii->u.ops.ops); |
| 1199 | 1199 |
free(ii->u.ops.opsizes); |
| 1200 | 1200 |
} |
| ... | ... |
@@ -1251,57 +1251,57 @@ static int cli_bytecode_prepare_interpreter(struct cli_bc *bc) |
| 1251 | 1251 |
struct cli_bc_inst *inst = &bcfunc->allinsts[j]; |
| 1252 | 1252 |
inst->dest = map[inst->dest]; |
| 1253 | 1253 |
switch (inst->opcode) {
|
| 1254 |
- case OP_ADD: |
|
| 1255 |
- case OP_SUB: |
|
| 1256 |
- case OP_MUL: |
|
| 1257 |
- case OP_UDIV: |
|
| 1258 |
- case OP_SDIV: |
|
| 1259 |
- case OP_UREM: |
|
| 1260 |
- case OP_SREM: |
|
| 1261 |
- case OP_SHL: |
|
| 1262 |
- case OP_LSHR: |
|
| 1263 |
- case OP_ASHR: |
|
| 1264 |
- case OP_AND: |
|
| 1265 |
- case OP_OR: |
|
| 1266 |
- case OP_XOR: |
|
| 1267 |
- case OP_ICMP_EQ: |
|
| 1268 |
- case OP_ICMP_NE: |
|
| 1269 |
- case OP_ICMP_UGT: |
|
| 1270 |
- case OP_ICMP_UGE: |
|
| 1271 |
- case OP_ICMP_ULT: |
|
| 1272 |
- case OP_ICMP_ULE: |
|
| 1273 |
- case OP_ICMP_SGT: |
|
| 1274 |
- case OP_ICMP_SGE: |
|
| 1275 |
- case OP_ICMP_SLT: |
|
| 1276 |
- case OP_ICMP_SLE: |
|
| 1277 |
- case OP_COPY: |
|
| 1278 |
- case OP_STORE: |
|
| 1254 |
+ case OP_BC_ADD: |
|
| 1255 |
+ case OP_BC_SUB: |
|
| 1256 |
+ case OP_BC_MUL: |
|
| 1257 |
+ case OP_BC_UDIV: |
|
| 1258 |
+ case OP_BC_SDIV: |
|
| 1259 |
+ case OP_BC_UREM: |
|
| 1260 |
+ case OP_BC_SREM: |
|
| 1261 |
+ case OP_BC_SHL: |
|
| 1262 |
+ case OP_BC_LSHR: |
|
| 1263 |
+ case OP_BC_ASHR: |
|
| 1264 |
+ case OP_BC_AND: |
|
| 1265 |
+ case OP_BC_OR: |
|
| 1266 |
+ case OP_BC_XOR: |
|
| 1267 |
+ case OP_BC_ICMP_EQ: |
|
| 1268 |
+ case OP_BC_ICMP_NE: |
|
| 1269 |
+ case OP_BC_ICMP_UGT: |
|
| 1270 |
+ case OP_BC_ICMP_UGE: |
|
| 1271 |
+ case OP_BC_ICMP_ULT: |
|
| 1272 |
+ case OP_BC_ICMP_ULE: |
|
| 1273 |
+ case OP_BC_ICMP_SGT: |
|
| 1274 |
+ case OP_BC_ICMP_SGE: |
|
| 1275 |
+ case OP_BC_ICMP_SLT: |
|
| 1276 |
+ case OP_BC_ICMP_SLE: |
|
| 1277 |
+ case OP_BC_COPY: |
|
| 1278 |
+ case OP_BC_STORE: |
|
| 1279 | 1279 |
MAP(inst->u.binop[0]); |
| 1280 | 1280 |
MAP(inst->u.binop[1]); |
| 1281 | 1281 |
break; |
| 1282 |
- case OP_SEXT: |
|
| 1283 |
- case OP_ZEXT: |
|
| 1284 |
- case OP_TRUNC: |
|
| 1282 |
+ case OP_BC_SEXT: |
|
| 1283 |
+ case OP_BC_ZEXT: |
|
| 1284 |
+ case OP_BC_TRUNC: |
|
| 1285 | 1285 |
MAP(inst->u.cast.source); |
| 1286 | 1286 |
break; |
| 1287 |
- case OP_BRANCH: |
|
| 1287 |
+ case OP_BC_BRANCH: |
|
| 1288 | 1288 |
MAP(inst->u.branch.condition); |
| 1289 | 1289 |
break; |
| 1290 |
- case OP_JMP: |
|
| 1290 |
+ case OP_BC_JMP: |
|
| 1291 | 1291 |
break; |
| 1292 |
- case OP_RET: |
|
| 1292 |
+ case OP_BC_RET: |
|
| 1293 | 1293 |
MAP(inst->u.unaryop); |
| 1294 | 1294 |
break; |
| 1295 |
- case OP_SELECT: |
|
| 1295 |
+ case OP_BC_SELECT: |
|
| 1296 | 1296 |
MAP(inst->u.three[0]); |
| 1297 | 1297 |
MAP(inst->u.three[1]); |
| 1298 | 1298 |
MAP(inst->u.three[2]); |
| 1299 | 1299 |
break; |
| 1300 |
- case OP_CALL_API:/* fall-through */ |
|
| 1301 |
- case OP_CALL_DIRECT: |
|
| 1300 |
+ case OP_BC_CALL_API:/* fall-through */ |
|
| 1301 |
+ case OP_BC_CALL_DIRECT: |
|
| 1302 | 1302 |
{
|
| 1303 | 1303 |
struct cli_bc_func *target = NULL; |
| 1304 |
- if (inst->opcode == OP_CALL_DIRECT) {
|
|
| 1304 |
+ if (inst->opcode == OP_BC_CALL_DIRECT) {
|
|
| 1305 | 1305 |
target = &bc->funcs[inst->u.ops.funcid]; |
| 1306 | 1306 |
if (inst->u.ops.funcid > bc->num_func) {
|
| 1307 | 1307 |
cli_errmsg("bytecode: called function out of range: %u > %u\n", inst->u.ops.funcid, bc->num_func);
|
| ... | ... |
@@ -1328,21 +1328,21 @@ static int cli_bytecode_prepare_interpreter(struct cli_bc *bc) |
| 1328 | 1328 |
inst->u.ops.opsizes = NULL; |
| 1329 | 1329 |
for (k=0;k<inst->u.ops.numOps;k++) {
|
| 1330 | 1330 |
MAP(inst->u.ops.ops[k]); |
| 1331 |
- if (inst->opcode == OP_CALL_DIRECT) |
|
| 1331 |
+ if (inst->opcode == OP_BC_CALL_DIRECT) |
|
| 1332 | 1332 |
inst->u.ops.opsizes[k] = typesize(bc, target->types[k]); |
| 1333 | 1333 |
else |
| 1334 | 1334 |
inst->u.ops.opsizes[k] = 32; /*XXX*/ |
| 1335 | 1335 |
} |
| 1336 | 1336 |
break; |
| 1337 | 1337 |
} |
| 1338 |
- case OP_LOAD: |
|
| 1338 |
+ case OP_BC_LOAD: |
|
| 1339 | 1339 |
MAP(inst->u.unaryop); |
| 1340 | 1340 |
break; |
| 1341 |
- case OP_GEP1: |
|
| 1341 |
+ case OP_BC_GEP1: |
|
| 1342 | 1342 |
MAP(inst->u.binop[0]); |
| 1343 | 1343 |
MAP(inst->u.binop[1]); |
| 1344 | 1344 |
break; |
| 1345 |
- case OP_GEP2: |
|
| 1345 |
+ case OP_BC_GEP2: |
|
| 1346 | 1346 |
MAP(inst->u.three[0]); |
| 1347 | 1347 |
MAP(inst->u.three[1]); |
| 1348 | 1348 |
MAP(inst->u.three[2]); |
| ... | ... |
@@ -28,7 +28,7 @@ uint32_t cli_bcapi_test0(struct cli_bc_ctx *ctx, struct foo*, uint32_t); |
| 28 | 28 |
uint32_t cli_bcapi_test1(struct cli_bc_ctx *ctx, uint32_t, uint32_t); |
| 29 | 29 |
int32_t cli_bcapi_read(struct cli_bc_ctx *ctx, uint8_t*, int32_t); |
| 30 | 30 |
int32_t cli_bcapi_seek(struct cli_bc_ctx *ctx, int32_t, uint32_t); |
| 31 |
-uint32_t cli_bcapi_debug_print_str(struct cli_bc_ctx *ctx, const uint8_t*, uint32_t); |
|
| 31 |
+uint32_t cli_bcapi_debug_print_str(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t); |
|
| 32 | 32 |
uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t, uint32_t); |
| 33 | 33 |
|
| 34 | 34 |
static uint16_t cli_tmp0[]={32, 70, 32};
|
| ... | ... |
@@ -298,7 +298,7 @@ static always_inline struct stack_entry *pop_stack(struct stack *stack, |
| 298 | 298 |
|
| 299 | 299 |
#define BINOP(i) inst->u.binop[i] |
| 300 | 300 |
|
| 301 |
-#define DEFINE_BINOP_HELPER(opc, OP, W0, W1, W2, W3, W4) \ |
|
| 301 |
+#define DEFINE_BINOP_BC_HELPER(opc, OP, W0, W1, W2, W3, W4) \ |
|
| 302 | 302 |
case opc*5: {\
|
| 303 | 303 |
uint8_t op0, op1, res;\ |
| 304 | 304 |
int8_t sop0, sop1;\ |
| ... | ... |
@@ -350,8 +350,8 @@ static always_inline struct stack_entry *pop_stack(struct stack *stack, |
| 350 | 350 |
break;\ |
| 351 | 351 |
} |
| 352 | 352 |
|
| 353 |
-#define DEFINE_BINOP(opc, OP) DEFINE_BINOP_HELPER(opc, OP, WRITE8, WRITE8, WRITE16, WRITE32, WRITE64) |
|
| 354 |
-#define DEFINE_ICMPOP(opc, OP) DEFINE_BINOP_HELPER(opc, OP, WRITE8, WRITE8, WRITE8, WRITE8, WRITE8) |
|
| 353 |
+#define DEFINE_BINOP(opc, OP) DEFINE_BINOP_BC_HELPER(opc, OP, WRITE8, WRITE8, WRITE16, WRITE32, WRITE64) |
|
| 354 |
+#define DEFINE_ICMPOP(opc, OP) DEFINE_BINOP_BC_HELPER(opc, OP, WRITE8, WRITE8, WRITE8, WRITE8, WRITE8) |
|
| 355 | 355 |
|
| 356 | 356 |
#define CHECK_OP(cond, msg) if((cond)) { cli_dbgmsg(msg); stop = CL_EBYTECODE; break;}
|
| 357 | 357 |
|
| ... | ... |
@@ -409,7 +409,7 @@ static always_inline struct stack_entry *pop_stack(struct stack *stack, |
| 409 | 409 |
default: CHECK_UNREACHABLE;\ |
| 410 | 410 |
} |
| 411 | 411 |
|
| 412 |
-#define DEFINE_OP_RET_N(OP, T, R0, W0) \ |
|
| 412 |
+#define DEFINE_OP_BC_RET_N(OP, T, R0, W0) \ |
|
| 413 | 413 |
case OP: {\
|
| 414 | 414 |
T tmp;\ |
| 415 | 415 |
R0(tmp, inst->u.unaryop);\ |
| ... | ... |
@@ -447,77 +447,77 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 447 | 447 |
do {
|
| 448 | 448 |
pc++; |
| 449 | 449 |
switch (inst->interp_op) {
|
| 450 |
- DEFINE_BINOP(OP_ADD, res = op0 + op1); |
|
| 451 |
- DEFINE_BINOP(OP_SUB, res = op0 - op1); |
|
| 452 |
- DEFINE_BINOP(OP_MUL, res = op0 * op1); |
|
| 450 |
+ DEFINE_BINOP(OP_BC_ADD, res = op0 + op1); |
|
| 451 |
+ DEFINE_BINOP(OP_BC_SUB, res = op0 - op1); |
|
| 452 |
+ DEFINE_BINOP(OP_BC_MUL, res = op0 * op1); |
|
| 453 | 453 |
|
| 454 |
- DEFINE_BINOP(OP_UDIV, CHECK_OP(op1 == 0, "bytecode attempted to execute udiv#0\n"); |
|
| 454 |
+ DEFINE_BINOP(OP_BC_UDIV, CHECK_OP(op1 == 0, "bytecode attempted to execute udiv#0\n"); |
|
| 455 | 455 |
res=op0/op1); |
| 456 |
- DEFINE_BINOP(OP_SDIV, CHECK_OP(check_sdivops(sop0, sop1), "bytecode attempted to execute sdiv#0\n"); |
|
| 456 |
+ DEFINE_BINOP(OP_BC_SDIV, CHECK_OP(check_sdivops(sop0, sop1), "bytecode attempted to execute sdiv#0\n"); |
|
| 457 | 457 |
res=sop0/sop1); |
| 458 |
- DEFINE_BINOP(OP_UREM, CHECK_OP(op1 == 0, "bytecode attempted to execute urem#0\n"); |
|
| 458 |
+ DEFINE_BINOP(OP_BC_UREM, CHECK_OP(op1 == 0, "bytecode attempted to execute urem#0\n"); |
|
| 459 | 459 |
res=op0 % op1); |
| 460 |
- DEFINE_BINOP(OP_SREM, CHECK_OP(check_sdivops(sop0,sop1), "bytecode attempted to execute urem#0\n"); |
|
| 460 |
+ DEFINE_BINOP(OP_BC_SREM, CHECK_OP(check_sdivops(sop0,sop1), "bytecode attempted to execute urem#0\n"); |
|
| 461 | 461 |
res=sop0 % sop1); |
| 462 | 462 |
|
| 463 |
- DEFINE_BINOP(OP_SHL, CHECK_OP(op1 > inst->type, "bytecode attempted to execute shl greater than bitwidth\n"); |
|
| 463 |
+ DEFINE_BINOP(OP_BC_SHL, CHECK_OP(op1 > inst->type, "bytecode attempted to execute shl greater than bitwidth\n"); |
|
| 464 | 464 |
res = op0 << op1); |
| 465 |
- DEFINE_BINOP(OP_LSHR, CHECK_OP(op1 > inst->type, "bytecode attempted to execute lshr greater than bitwidth\n"); |
|
| 465 |
+ DEFINE_BINOP(OP_BC_LSHR, CHECK_OP(op1 > inst->type, "bytecode attempted to execute lshr greater than bitwidth\n"); |
|
| 466 | 466 |
res = op0 >> op1); |
| 467 |
- DEFINE_BINOP(OP_ASHR, CHECK_OP(op1 > inst->type, "bytecode attempted to execute ashr greater than bitwidth\n"); |
|
| 467 |
+ DEFINE_BINOP(OP_BC_ASHR, CHECK_OP(op1 > inst->type, "bytecode attempted to execute ashr greater than bitwidth\n"); |
|
| 468 | 468 |
res = CLI_SRS(sop0, op1)); |
| 469 | 469 |
|
| 470 |
- DEFINE_BINOP(OP_AND, res = op0 & op1); |
|
| 471 |
- DEFINE_BINOP(OP_OR, res = op0 | op1); |
|
| 472 |
- DEFINE_BINOP(OP_XOR, res = op0 ^ op1); |
|
| 470 |
+ DEFINE_BINOP(OP_BC_AND, res = op0 & op1); |
|
| 471 |
+ DEFINE_BINOP(OP_BC_OR, res = op0 | op1); |
|
| 472 |
+ DEFINE_BINOP(OP_BC_XOR, res = op0 ^ op1); |
|
| 473 | 473 |
|
| 474 |
- DEFINE_CASTOP(OP_SEXT, |
|
| 474 |
+ DEFINE_CASTOP(OP_BC_SEXT, |
|
| 475 | 475 |
CHOOSE(READ1(sres, inst->u.cast.source); res = sres ? ~0ull : 0, |
| 476 | 476 |
READ8(sres, inst->u.cast.source); res=sres=SIGNEXT(sres, inst->u.cast.mask), |
| 477 | 477 |
READ16(sres, inst->u.cast.source); res=sres=SIGNEXT(sres, inst->u.cast.mask), |
| 478 | 478 |
READ32(sres, inst->u.cast.source); res=sres=SIGNEXT(sres, inst->u.cast.mask), |
| 479 | 479 |
READ64(sres, inst->u.cast.source); res=sres=SIGNEXT(sres, inst->u.cast.mask))); |
| 480 |
- DEFINE_CASTOP(OP_ZEXT, |
|
| 480 |
+ DEFINE_CASTOP(OP_BC_ZEXT, |
|
| 481 | 481 |
CHOOSE(READ1(res, inst->u.cast.source), |
| 482 | 482 |
READ8(res, inst->u.cast.source), |
| 483 | 483 |
READ16(res, inst->u.cast.source), |
| 484 | 484 |
READ32(res, inst->u.cast.source), |
| 485 | 485 |
READ64(res, inst->u.cast.source))); |
| 486 |
- DEFINE_CASTOP(OP_TRUNC, |
|
| 486 |
+ DEFINE_CASTOP(OP_BC_TRUNC, |
|
| 487 | 487 |
CHOOSE(READ1(res, inst->u.cast.source), |
| 488 | 488 |
READ8(res, inst->u.cast.source), |
| 489 | 489 |
READ16(res, inst->u.cast.source), |
| 490 | 490 |
READ32(res, inst->u.cast.source), |
| 491 | 491 |
READ64(res, inst->u.cast.source))); |
| 492 | 492 |
|
| 493 |
- DEFINE_OP(OP_BRANCH) |
|
| 493 |
+ DEFINE_OP(OP_BC_BRANCH) |
|
| 494 | 494 |
stop = jump(func, (values[inst->u.branch.condition]&1) ? |
| 495 | 495 |
inst->u.branch.br_true : inst->u.branch.br_false, |
| 496 | 496 |
&bb, &inst, &bb_inst); |
| 497 | 497 |
continue; |
| 498 | 498 |
|
| 499 |
- DEFINE_OP(OP_JMP) |
|
| 499 |
+ DEFINE_OP(OP_BC_JMP) |
|
| 500 | 500 |
stop = jump(func, inst->u.jump, &bb, &inst, &bb_inst); |
| 501 | 501 |
continue; |
| 502 | 502 |
|
| 503 |
- DEFINE_OP_RET_N(OP_RET*5, uint8_t, READ1, WRITE8); |
|
| 504 |
- DEFINE_OP_RET_N(OP_RET*5+1, uint8_t, READ8, WRITE8); |
|
| 505 |
- DEFINE_OP_RET_N(OP_RET*5+2, uint16_t, READ16, WRITE16); |
|
| 506 |
- DEFINE_OP_RET_N(OP_RET*5+3, uint32_t, READ32, WRITE32); |
|
| 507 |
- DEFINE_OP_RET_N(OP_RET*5+4, uint64_t, READ64, WRITE64); |
|
| 508 |
- |
|
| 509 |
- DEFINE_ICMPOP(OP_ICMP_EQ, res = (op0 == op1)); |
|
| 510 |
- DEFINE_ICMPOP(OP_ICMP_NE, res = (op0 != op1)); |
|
| 511 |
- DEFINE_ICMPOP(OP_ICMP_UGT, res = (op0 > op1)); |
|
| 512 |
- DEFINE_ICMPOP(OP_ICMP_UGE, res = (op0 >= op1)); |
|
| 513 |
- DEFINE_ICMPOP(OP_ICMP_ULT, res = (op0 < op1)); |
|
| 514 |
- DEFINE_ICMPOP(OP_ICMP_ULE, res = (op0 <= op1)); |
|
| 515 |
- DEFINE_ICMPOP(OP_ICMP_SGT, res = (sop0 > sop1)); |
|
| 516 |
- DEFINE_ICMPOP(OP_ICMP_SGE, res = (sop0 >= sop1)); |
|
| 517 |
- DEFINE_ICMPOP(OP_ICMP_SLE, res = (sop0 <= sop1)); |
|
| 518 |
- DEFINE_ICMPOP(OP_ICMP_SLT, res = (sop0 < sop1)); |
|
| 519 |
- |
|
| 520 |
- case OP_SELECT*5: |
|
| 503 |
+ DEFINE_OP_BC_RET_N(OP_BC_RET*5, uint8_t, READ1, WRITE8); |
|
| 504 |
+ DEFINE_OP_BC_RET_N(OP_BC_RET*5+1, uint8_t, READ8, WRITE8); |
|
| 505 |
+ DEFINE_OP_BC_RET_N(OP_BC_RET*5+2, uint16_t, READ16, WRITE16); |
|
| 506 |
+ DEFINE_OP_BC_RET_N(OP_BC_RET*5+3, uint32_t, READ32, WRITE32); |
|
| 507 |
+ DEFINE_OP_BC_RET_N(OP_BC_RET*5+4, uint64_t, READ64, WRITE64); |
|
| 508 |
+ |
|
| 509 |
+ DEFINE_ICMPOP(OP_BC_ICMP_EQ, res = (op0 == op1)); |
|
| 510 |
+ DEFINE_ICMPOP(OP_BC_ICMP_NE, res = (op0 != op1)); |
|
| 511 |
+ DEFINE_ICMPOP(OP_BC_ICMP_UGT, res = (op0 > op1)); |
|
| 512 |
+ DEFINE_ICMPOP(OP_BC_ICMP_UGE, res = (op0 >= op1)); |
|
| 513 |
+ DEFINE_ICMPOP(OP_BC_ICMP_ULT, res = (op0 < op1)); |
|
| 514 |
+ DEFINE_ICMPOP(OP_BC_ICMP_ULE, res = (op0 <= op1)); |
|
| 515 |
+ DEFINE_ICMPOP(OP_BC_ICMP_SGT, res = (sop0 > sop1)); |
|
| 516 |
+ DEFINE_ICMPOP(OP_BC_ICMP_SGE, res = (sop0 >= sop1)); |
|
| 517 |
+ DEFINE_ICMPOP(OP_BC_ICMP_SLE, res = (sop0 <= sop1)); |
|
| 518 |
+ DEFINE_ICMPOP(OP_BC_ICMP_SLT, res = (sop0 < sop1)); |
|
| 519 |
+ |
|
| 520 |
+ case OP_BC_SELECT*5: |
|
| 521 | 521 |
{
|
| 522 | 522 |
uint8_t t0, t1, t2; |
| 523 | 523 |
READ1(t0, inst->u.three[0]); |
| ... | ... |
@@ -526,7 +526,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 526 | 526 |
WRITE8(inst->dest, t0 ? t1 : t2); |
| 527 | 527 |
break; |
| 528 | 528 |
} |
| 529 |
- case OP_SELECT*5+1: |
|
| 529 |
+ case OP_BC_SELECT*5+1: |
|
| 530 | 530 |
{
|
| 531 | 531 |
uint8_t t0, t1, t2; |
| 532 | 532 |
READ1(t0, inst->u.three[0]); |
| ... | ... |
@@ -535,7 +535,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 535 | 535 |
WRITE8(inst->dest, t0 ? t1 : t2); |
| 536 | 536 |
break; |
| 537 | 537 |
} |
| 538 |
- case OP_SELECT*5+2: |
|
| 538 |
+ case OP_BC_SELECT*5+2: |
|
| 539 | 539 |
{
|
| 540 | 540 |
uint8_t t0; |
| 541 | 541 |
uint16_t t1, t2; |
| ... | ... |
@@ -545,7 +545,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 545 | 545 |
WRITE16(inst->dest, t0 ? t1 : t2); |
| 546 | 546 |
break; |
| 547 | 547 |
} |
| 548 |
- case OP_SELECT*5+3: |
|
| 548 |
+ case OP_BC_SELECT*5+3: |
|
| 549 | 549 |
{
|
| 550 | 550 |
uint8_t t0; |
| 551 | 551 |
uint32_t t1, t2; |
| ... | ... |
@@ -555,7 +555,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 555 | 555 |
WRITE32(inst->dest, t0 ? t1 : t2); |
| 556 | 556 |
break; |
| 557 | 557 |
} |
| 558 |
- case OP_SELECT*5+4: |
|
| 558 |
+ case OP_BC_SELECT*5+4: |
|
| 559 | 559 |
{
|
| 560 | 560 |
uint8_t t0; |
| 561 | 561 |
uint64_t t1, t2; |
| ... | ... |
@@ -566,7 +566,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 566 | 566 |
break; |
| 567 | 567 |
} |
| 568 | 568 |
|
| 569 |
- DEFINE_OP(OP_CALL_API) {
|
|
| 569 |
+ DEFINE_OP(OP_BC_CALL_API) {
|
|
| 570 | 570 |
const struct cli_apicall *api = &cli_apicalls[inst->u.ops.funcid]; |
| 571 | 571 |
int32_t res; |
| 572 | 572 |
CHECK_APIID(inst->u.ops.funcid); |
| ... | ... |
@@ -594,7 +594,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 594 | 594 |
break; |
| 595 | 595 |
} |
| 596 | 596 |
|
| 597 |
- DEFINE_OP(OP_CALL_DIRECT) |
|
| 597 |
+ DEFINE_OP(OP_BC_CALL_DIRECT) |
|
| 598 | 598 |
CHECK_FUNCID(inst->u.ops.funcid); |
| 599 | 599 |
func2 = &bc->funcs[inst->u.ops.funcid]; |
| 600 | 600 |
CHECK_EQ(func2->numArgs, inst->u.ops.numOps); |
| ... | ... |
@@ -657,35 +657,35 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 657 | 657 |
stack_depth++; |
| 658 | 658 |
continue; |
| 659 | 659 |
|
| 660 |
- case OP_COPY*5: |
|
| 660 |
+ case OP_BC_COPY*5: |
|
| 661 | 661 |
{
|
| 662 | 662 |
uint8_t op; |
| 663 | 663 |
READ1(op, BINOP(0)); |
| 664 | 664 |
WRITE8(BINOP(1), op); |
| 665 | 665 |
break; |
| 666 | 666 |
} |
| 667 |
- case OP_COPY*5+1: |
|
| 667 |
+ case OP_BC_COPY*5+1: |
|
| 668 | 668 |
{
|
| 669 | 669 |
uint8_t op; |
| 670 | 670 |
READ8(op, BINOP(0)); |
| 671 | 671 |
WRITE8(BINOP(1), op); |
| 672 | 672 |
break; |
| 673 | 673 |
} |
| 674 |
- case OP_COPY*5+2: |
|
| 674 |
+ case OP_BC_COPY*5+2: |
|
| 675 | 675 |
{
|
| 676 | 676 |
uint16_t op; |
| 677 | 677 |
READ16(op, BINOP(0)); |
| 678 | 678 |
WRITE16(BINOP(1), op); |
| 679 | 679 |
break; |
| 680 | 680 |
} |
| 681 |
- case OP_COPY*5+3: |
|
| 681 |
+ case OP_BC_COPY*5+3: |
|
| 682 | 682 |
{
|
| 683 | 683 |
uint32_t op; |
| 684 | 684 |
READ32(op, BINOP(0)); |
| 685 | 685 |
WRITE32(BINOP(1), op); |
| 686 | 686 |
break; |
| 687 | 687 |
} |
| 688 |
- case OP_COPY*5+4: |
|
| 688 |
+ case OP_BC_COPY*5+4: |
|
| 689 | 689 |
{
|
| 690 | 690 |
uint64_t op; |
| 691 | 691 |
READ32(op, BINOP(0)); |
| ... | ... |
@@ -693,29 +693,29 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 693 | 693 |
break; |
| 694 | 694 |
} |
| 695 | 695 |
|
| 696 |
- case OP_LOAD*5: |
|
| 697 |
- case OP_LOAD*5+1: |
|
| 696 |
+ case OP_BC_LOAD*5: |
|
| 697 |
+ case OP_BC_LOAD*5+1: |
|
| 698 | 698 |
{
|
| 699 | 699 |
uint8_t *ptr; |
| 700 | 700 |
READP(ptr, inst->u.unaryop); |
| 701 | 701 |
WRITE8(inst->dest, (*ptr)); |
| 702 | 702 |
break; |
| 703 | 703 |
} |
| 704 |
- case OP_LOAD*5+2: |
|
| 704 |
+ case OP_BC_LOAD*5+2: |
|
| 705 | 705 |
{
|
| 706 | 706 |
const union unaligned_16 *ptr; |
| 707 | 707 |
READP(ptr, inst->u.unaryop); |
| 708 | 708 |
WRITE16(inst->dest, (ptr->una_u16)); |
| 709 | 709 |
break; |
| 710 | 710 |
} |
| 711 |
- case OP_LOAD*5+3: |
|
| 711 |
+ case OP_BC_LOAD*5+3: |
|
| 712 | 712 |
{
|
| 713 | 713 |
const union unaligned_32 *ptr; |
| 714 | 714 |
READP(ptr, inst->u.unaryop); |
| 715 | 715 |
WRITE32(inst->dest, (ptr->una_u32)); |
| 716 | 716 |
break; |
| 717 | 717 |
} |
| 718 |
- case OP_LOAD*5+4: |
|
| 718 |
+ case OP_BC_LOAD*5+4: |
|
| 719 | 719 |
{
|
| 720 | 720 |
const union unaligned_64 *ptr; |
| 721 | 721 |
READP(ptr, inst->u.unaryop); |
| ... | ... |
@@ -723,7 +723,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 723 | 723 |
break; |
| 724 | 724 |
} |
| 725 | 725 |
|
| 726 |
- case OP_STORE*5: |
|
| 726 |
+ case OP_BC_STORE*5: |
|
| 727 | 727 |
{
|
| 728 | 728 |
uint8_t *ptr; |
| 729 | 729 |
uint8_t v; |
| ... | ... |
@@ -732,7 +732,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 732 | 732 |
*ptr = v; |
| 733 | 733 |
break; |
| 734 | 734 |
} |
| 735 |
- case OP_STORE*5+1: |
|
| 735 |
+ case OP_BC_STORE*5+1: |
|
| 736 | 736 |
{
|
| 737 | 737 |
uint8_t *ptr; |
| 738 | 738 |
uint8_t v; |
| ... | ... |
@@ -741,7 +741,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 741 | 741 |
*ptr = v; |
| 742 | 742 |
break; |
| 743 | 743 |
} |
| 744 |
- case OP_STORE*5+2: |
|
| 744 |
+ case OP_BC_STORE*5+2: |
|
| 745 | 745 |
{
|
| 746 | 746 |
union unaligned_16 *ptr; |
| 747 | 747 |
uint16_t v; |
| ... | ... |
@@ -750,7 +750,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 750 | 750 |
ptr->una_s16 = v; |
| 751 | 751 |
break; |
| 752 | 752 |
} |
| 753 |
- case OP_STORE*5+3: |
|
| 753 |
+ case OP_BC_STORE*5+3: |
|
| 754 | 754 |
{
|
| 755 | 755 |
union unaligned_32 *ptr; |
| 756 | 756 |
uint32_t v; |
| ... | ... |
@@ -759,7 +759,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 759 | 759 |
ptr->una_u32 = v; |
| 760 | 760 |
break; |
| 761 | 761 |
} |
| 762 |
- case OP_STORE*5+4: |
|
| 762 |
+ case OP_BC_STORE*5+4: |
|
| 763 | 763 |
{
|
| 764 | 764 |
union unaligned_64 *ptr; |
| 765 | 765 |
uint64_t v; |
| ... | ... |
@@ -768,7 +768,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 768 | 768 |
ptr->una_u64 = v; |
| 769 | 769 |
break; |
| 770 | 770 |
} |
| 771 |
- /* TODO: implement OP_GEP1, OP_GEP2, OP_GEPN */ |
|
| 771 |
+ /* TODO: implement OP_BC_GEP1, OP_BC_GEP2, OP_BC_GEPN */ |
|
| 772 | 772 |
default: |
| 773 | 773 |
cli_errmsg("Opcode %u of type %u is not implemented yet!\n",
|
| 774 | 774 |
inst->interp_op/5, inst->interp_op%5); |
| ... | ... |
@@ -425,20 +425,20 @@ public: |
| 425 | 425 |
const struct cli_bc_inst *inst = &bb->insts[j]; |
| 426 | 426 |
Value *Op0, *Op1, *Op2; |
| 427 | 427 |
// libclamav has already validated this. |
| 428 |
- assert(inst->opcode < OP_INVALID && "Invalid opcode"); |
|
| 428 |
+ assert(inst->opcode < OP_BC_INVALID && "Invalid opcode"); |
|
| 429 | 429 |
switch (inst->opcode) {
|
| 430 |
- case OP_JMP: |
|
| 431 |
- case OP_BRANCH: |
|
| 432 |
- case OP_CALL_API: |
|
| 433 |
- case OP_CALL_DIRECT: |
|
| 434 |
- case OP_ZEXT: |
|
| 435 |
- case OP_SEXT: |
|
| 436 |
- case OP_TRUNC: |
|
| 437 |
- case OP_GEP1: |
|
| 438 |
- case OP_GEP2: |
|
| 439 |
- case OP_GEPN: |
|
| 440 |
- case OP_STORE: |
|
| 441 |
- case OP_COPY: |
|
| 430 |
+ case OP_BC_JMP: |
|
| 431 |
+ case OP_BC_BRANCH: |
|
| 432 |
+ case OP_BC_CALL_API: |
|
| 433 |
+ case OP_BC_CALL_DIRECT: |
|
| 434 |
+ case OP_BC_ZEXT: |
|
| 435 |
+ case OP_BC_SEXT: |
|
| 436 |
+ case OP_BC_TRUNC: |
|
| 437 |
+ case OP_BC_GEP1: |
|
| 438 |
+ case OP_BC_GEP2: |
|
| 439 |
+ case OP_BC_GEPN: |
|
| 440 |
+ case OP_BC_STORE: |
|
| 441 |
+ case OP_BC_COPY: |
|
| 442 | 442 |
// these instructions represents operands differently |
| 443 | 443 |
break; |
| 444 | 444 |
default: |
| ... | ... |
@@ -459,23 +459,23 @@ public: |
| 459 | 459 |
} |
| 460 | 460 |
|
| 461 | 461 |
switch (inst->opcode) {
|
| 462 |
- case OP_ADD: |
|
| 462 |
+ case OP_BC_ADD: |
|
| 463 | 463 |
Store(inst->dest, Builder.CreateAdd(Op0, Op1)); |
| 464 | 464 |
break; |
| 465 |
- case OP_SUB: |
|
| 465 |
+ case OP_BC_SUB: |
|
| 466 | 466 |
Store(inst->dest, Builder.CreateSub(Op0, Op1)); |
| 467 | 467 |
break; |
| 468 |
- case OP_MUL: |
|
| 468 |
+ case OP_BC_MUL: |
|
| 469 | 469 |
Store(inst->dest, Builder.CreateMul(Op0, Op1)); |
| 470 | 470 |
break; |
| 471 |
- case OP_UDIV: |
|
| 471 |
+ case OP_BC_UDIV: |
|
| 472 | 472 |
{
|
| 473 | 473 |
Value *Bad = Builder.CreateICmpEQ(Op1, ConstantInt::get(Op1->getType(), 0)); |
| 474 | 474 |
InsertVerify(Bad, Fail, FHandler, F); |
| 475 | 475 |
Store(inst->dest, Builder.CreateUDiv(Op0, Op1)); |
| 476 | 476 |
break; |
| 477 | 477 |
} |
| 478 |
- case OP_SDIV: |
|
| 478 |
+ case OP_BC_SDIV: |
|
| 479 | 479 |
{
|
| 480 | 480 |
//TODO: also verify Op0 == -1 && Op1 = INT_MIN |
| 481 | 481 |
Value *Bad = Builder.CreateICmpEQ(Op1, ConstantInt::get(Op1->getType(), 0)); |
| ... | ... |
@@ -483,14 +483,14 @@ public: |
| 483 | 483 |
Store(inst->dest, Builder.CreateSDiv(Op0, Op1)); |
| 484 | 484 |
break; |
| 485 | 485 |
} |
| 486 |
- case OP_UREM: |
|
| 486 |
+ case OP_BC_UREM: |
|
| 487 | 487 |
{
|
| 488 | 488 |
Value *Bad = Builder.CreateICmpEQ(Op1, ConstantInt::get(Op1->getType(), 0)); |
| 489 | 489 |
InsertVerify(Bad, Fail, FHandler, F); |
| 490 | 490 |
Store(inst->dest, Builder.CreateURem(Op0, Op1)); |
| 491 | 491 |
break; |
| 492 | 492 |
} |
| 493 |
- case OP_SREM: |
|
| 493 |
+ case OP_BC_SREM: |
|
| 494 | 494 |
{
|
| 495 | 495 |
//TODO: also verify Op0 == -1 && Op1 = INT_MIN |
| 496 | 496 |
Value *Bad = Builder.CreateICmpEQ(Op1, ConstantInt::get(Op1->getType(), 0)); |
| ... | ... |
@@ -498,46 +498,46 @@ public: |
| 498 | 498 |
Store(inst->dest, Builder.CreateSRem(Op0, Op1)); |
| 499 | 499 |
break; |
| 500 | 500 |
} |
| 501 |
- case OP_SHL: |
|
| 501 |
+ case OP_BC_SHL: |
|
| 502 | 502 |
Store(inst->dest, Builder.CreateShl(Op0, Op1)); |
| 503 | 503 |
break; |
| 504 |
- case OP_LSHR: |
|
| 504 |
+ case OP_BC_LSHR: |
|
| 505 | 505 |
Store(inst->dest, Builder.CreateLShr(Op0, Op1)); |
| 506 | 506 |
break; |
| 507 |
- case OP_ASHR: |
|
| 507 |
+ case OP_BC_ASHR: |
|
| 508 | 508 |
Store(inst->dest, Builder.CreateAShr(Op0, Op1)); |
| 509 | 509 |
break; |
| 510 |
- case OP_AND: |
|
| 510 |
+ case OP_BC_AND: |
|
| 511 | 511 |
Store(inst->dest, Builder.CreateAnd(Op0, Op1)); |
| 512 | 512 |
break; |
| 513 |
- case OP_OR: |
|
| 513 |
+ case OP_BC_OR: |
|
| 514 | 514 |
Store(inst->dest, Builder.CreateOr(Op0, Op1)); |
| 515 | 515 |
break; |
| 516 |
- case OP_XOR: |
|
| 516 |
+ case OP_BC_XOR: |
|
| 517 | 517 |
Store(inst->dest, Builder.CreateXor(Op0, Op1)); |
| 518 | 518 |
break; |
| 519 |
- case OP_TRUNC: |
|
| 519 |
+ case OP_BC_TRUNC: |
|
| 520 | 520 |
{
|
| 521 | 521 |
Value *Src = convertOperand(func, inst, inst->u.cast.source); |
| 522 | 522 |
const Type *Ty = mapType(func->types[inst->dest]); |
| 523 | 523 |
Store(inst->dest, Builder.CreateTrunc(Src, Ty)); |
| 524 | 524 |
break; |
| 525 | 525 |
} |
| 526 |
- case OP_ZEXT: |
|
| 526 |
+ case OP_BC_ZEXT: |
|
| 527 | 527 |
{
|
| 528 | 528 |
Value *Src = convertOperand(func, inst, inst->u.cast.source); |
| 529 | 529 |
const Type *Ty = mapType(func->types[inst->dest]); |
| 530 | 530 |
Store(inst->dest, Builder.CreateZExt(Src, Ty)); |
| 531 | 531 |
break; |
| 532 | 532 |
} |
| 533 |
- case OP_SEXT: |
|
| 533 |
+ case OP_BC_SEXT: |
|
| 534 | 534 |
{
|
| 535 | 535 |
Value *Src = convertOperand(func, inst, inst->u.cast.source); |
| 536 | 536 |
const Type *Ty = mapType(func->types[inst->dest]); |
| 537 | 537 |
Store(inst->dest, Builder.CreateSExt(Src, Ty)); |
| 538 | 538 |
break; |
| 539 | 539 |
} |
| 540 |
- case OP_BRANCH: |
|
| 540 |
+ case OP_BC_BRANCH: |
|
| 541 | 541 |
{
|
| 542 | 542 |
Value *Cond = convertOperand(func, inst, inst->u.branch.condition); |
| 543 | 543 |
BasicBlock *True = BB[inst->u.branch.br_true]; |
| ... | ... |
@@ -549,46 +549,46 @@ public: |
| 549 | 549 |
Builder.CreateCondBr(Cond, True, False); |
| 550 | 550 |
break; |
| 551 | 551 |
} |
| 552 |
- case OP_JMP: |
|
| 552 |
+ case OP_BC_JMP: |
|
| 553 | 553 |
{
|
| 554 | 554 |
BasicBlock *Jmp = BB[inst->u.jump]; |
| 555 | 555 |
Builder.CreateBr(Jmp); |
| 556 | 556 |
break; |
| 557 | 557 |
} |
| 558 |
- case OP_RET: |
|
| 558 |
+ case OP_BC_RET: |
|
| 559 | 559 |
Builder.CreateRet(Op0); |
| 560 | 560 |
break; |
| 561 |
- case OP_ICMP_EQ: |
|
| 561 |
+ case OP_BC_ICMP_EQ: |
|
| 562 | 562 |
Store(inst->dest, Builder.CreateICmpEQ(Op0, Op1)); |
| 563 | 563 |
break; |
| 564 |
- case OP_ICMP_NE: |
|
| 564 |
+ case OP_BC_ICMP_NE: |
|
| 565 | 565 |
Store(inst->dest, Builder.CreateICmpNE(Op0, Op1)); |
| 566 | 566 |
break; |
| 567 |
- case OP_ICMP_UGT: |
|
| 567 |
+ case OP_BC_ICMP_UGT: |
|
| 568 | 568 |
Store(inst->dest, Builder.CreateICmpUGT(Op0, Op1)); |
| 569 | 569 |
break; |
| 570 |
- case OP_ICMP_UGE: |
|
| 570 |
+ case OP_BC_ICMP_UGE: |
|
| 571 | 571 |
Store(inst->dest, Builder.CreateICmpUGE(Op0, Op1)); |
| 572 | 572 |
break; |
| 573 |
- case OP_ICMP_ULT: |
|
| 573 |
+ case OP_BC_ICMP_ULT: |
|
| 574 | 574 |
Store(inst->dest, Builder.CreateICmpULT(Op0, Op1)); |
| 575 | 575 |
break; |
| 576 |
- case OP_ICMP_ULE: |
|
| 576 |
+ case OP_BC_ICMP_ULE: |
|
| 577 | 577 |
Store(inst->dest, Builder.CreateICmpULE(Op0, Op1)); |
| 578 | 578 |
break; |
| 579 |
- case OP_ICMP_SGT: |
|
| 579 |
+ case OP_BC_ICMP_SGT: |
|
| 580 | 580 |
Store(inst->dest, Builder.CreateICmpSGT(Op0, Op1)); |
| 581 | 581 |
break; |
| 582 |
- case OP_ICMP_SGE: |
|
| 582 |
+ case OP_BC_ICMP_SGE: |
|
| 583 | 583 |
Store(inst->dest, Builder.CreateICmpSGE(Op0, Op1)); |
| 584 | 584 |
break; |
| 585 |
- case OP_ICMP_SLT: |
|
| 585 |
+ case OP_BC_ICMP_SLT: |
|
| 586 | 586 |
Store(inst->dest, Builder.CreateICmpSLT(Op0, Op1)); |
| 587 | 587 |
break; |
| 588 |
- case OP_SELECT: |
|
| 588 |
+ case OP_BC_SELECT: |
|
| 589 | 589 |
Store(inst->dest, Builder.CreateSelect(Op0, Op1, Op2)); |
| 590 | 590 |
break; |
| 591 |
- case OP_COPY: |
|
| 591 |
+ case OP_BC_COPY: |
|
| 592 | 592 |
{
|
| 593 | 593 |
Value *Dest = Values[inst->u.binop[1]]; |
| 594 | 594 |
const PointerType *PTy = cast<PointerType>(Dest->getType()); |
| ... | ... |
@@ -596,7 +596,7 @@ public: |
| 596 | 596 |
Builder.CreateStore(Op0, Dest); |
| 597 | 597 |
break; |
| 598 | 598 |
} |
| 599 |
- case OP_CALL_DIRECT: |
|
| 599 |
+ case OP_BC_CALL_DIRECT: |
|
| 600 | 600 |
{
|
| 601 | 601 |
Function *DestF = Functions[inst->u.ops.funcid]; |
| 602 | 602 |
SmallVector<Value*, 2> args; |
| ... | ... |
@@ -610,7 +610,7 @@ public: |
| 610 | 610 |
Store(inst->dest, CI); |
| 611 | 611 |
break; |
| 612 | 612 |
} |
| 613 |
- case OP_CALL_API: |
|
| 613 |
+ case OP_BC_CALL_API: |
|
| 614 | 614 |
{
|
| 615 | 615 |
assert(inst->u.ops.funcid < cli_apicall_maxapi && "APICall out of range"); |
| 616 | 616 |
const struct cli_apicall *api = &cli_apicalls[inst->u.ops.funcid]; |
| ... | ... |
@@ -624,14 +624,14 @@ public: |
| 624 | 624 |
Store(inst->dest, Builder.CreateCall(DestF, args.begin(), args.end())); |
| 625 | 625 |
break; |
| 626 | 626 |
} |
| 627 |
- case OP_GEP1: |
|
| 627 |
+ case OP_BC_GEP1: |
|
| 628 | 628 |
{
|
| 629 | 629 |
Value *V = Values[inst->u.binop[0]]; |
| 630 | 630 |
Value *Op = convertOperand(func, I32Ty, inst->u.binop[1]); |
| 631 | 631 |
Store(inst->dest, Builder.CreateGEP(V, Op)); |
| 632 | 632 |
break; |
| 633 | 633 |
} |
| 634 |
- case OP_GEP2: |
|
| 634 |
+ case OP_BC_GEP2: |
|
| 635 | 635 |
{
|
| 636 | 636 |
std::vector<Value*> Idxs; |
| 637 | 637 |
Value *V = Values[inst->u.three[0]]; |
| ... | ... |
@@ -640,7 +640,7 @@ public: |
| 640 | 640 |
Store(inst->dest, Builder.CreateGEP(V, Idxs.begin(), Idxs.end())); |
| 641 | 641 |
break; |
| 642 | 642 |
} |
| 643 |
- case OP_GEPN: |
|
| 643 |
+ case OP_BC_GEPN: |
|
| 644 | 644 |
{
|
| 645 | 645 |
std::vector<Value*> Idxs; |
| 646 | 646 |
assert(inst->u.ops.numOps > 1); |
| ... | ... |
@@ -650,7 +650,7 @@ public: |
| 650 | 650 |
Store(inst->dest, Builder.CreateGEP(V, Idxs.begin(), Idxs.end())); |
| 651 | 651 |
break; |
| 652 | 652 |
} |
| 653 |
- case OP_STORE: |
|
| 653 |
+ case OP_BC_STORE: |
|
| 654 | 654 |
{
|
| 655 | 655 |
Value *Dest = convertOperand(func, inst, inst->u.binop[1]); |
| 656 | 656 |
const Type *ETy = cast<PointerType>(Dest->getType())->getElementType(); |
| ... | ... |
@@ -658,7 +658,7 @@ public: |
| 658 | 658 |
Dest); |
| 659 | 659 |
break; |
| 660 | 660 |
} |
| 661 |
- case OP_LOAD: |
|
| 661 |
+ case OP_BC_LOAD: |
|
| 662 | 662 |
Op0 = Builder.CreateLoad(Op0); |
| 663 | 663 |
Store(inst->dest, Op0); |
| 664 | 664 |
break; |
| ... | ... |
@@ -858,7 +858,9 @@ int bytecode_init(void) |
| 858 | 858 |
if (llvm_is_multithreaded()) |
| 859 | 859 |
return 0; |
| 860 | 860 |
llvm_install_error_handler(llvm_error_handler); |
| 861 |
+#ifdef CL_DEBUG |
|
| 861 | 862 |
sys::PrintStackTraceOnErrorSignal(); |
| 863 |
+#endif |
|
| 862 | 864 |
atexit(do_shutdown); |
| 863 | 865 |
|
| 864 | 866 |
llvm_start_multithreaded(); |
| ... | ... |
@@ -876,6 +878,7 @@ int cli_bytecode_init_jit(struct cli_all_bc *bcs) |
| 876 | 876 |
bcs->engine = new(std::nothrow) struct cli_bcengine; |
| 877 | 877 |
if (!bcs->engine) |
| 878 | 878 |
return CL_EMEM; |
| 879 |
+ bcs->engine->EE = 0; |
|
| 879 | 880 |
return 0; |
| 880 | 881 |
} |
| 881 | 882 |
|
| ... | ... |
@@ -80,9 +80,10 @@ typedef enum {
|
| 80 | 80 |
#define CL_DB_PUA_EXCLUDE 0x200 |
| 81 | 81 |
#define CL_DB_COMPILED 0x400 /* internal */ |
| 82 | 82 |
#define CL_DB_DIRECTORY 0x800 /* internal */ |
| 83 |
+#define CL_DB_BYTECODE 0x1000 |
|
| 83 | 84 |
|
| 84 | 85 |
/* recommended db settings */ |
| 85 |
-#define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_CVDNOTMP) |
|
| 86 |
+#define CL_DB_STDOPT (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_CVDNOTMP | CL_DB_BYTECODE) |
|
| 86 | 87 |
|
| 87 | 88 |
/* scan options */ |
| 88 | 89 |
#define CL_SCAN_RAW 0x0 |
| ... | ... |
@@ -32,49 +32,49 @@ struct bytecode_metadata {
|
| 32 | 32 |
#define BC_HEADER "ClamBC" |
| 33 | 33 |
|
| 34 | 34 |
enum bc_opcode {
|
| 35 |
- OP_ADD=1, |
|
| 36 |
- OP_SUB, |
|
| 37 |
- OP_MUL, |
|
| 38 |
- OP_UDIV, |
|
| 39 |
- OP_SDIV, |
|
| 40 |
- OP_UREM, |
|
| 41 |
- OP_SREM, |
|
| 42 |
- OP_SHL, |
|
| 43 |
- OP_LSHR, |
|
| 44 |
- OP_ASHR, |
|
| 45 |
- OP_AND, |
|
| 46 |
- OP_OR, |
|
| 47 |
- OP_XOR, |
|
| 35 |
+ OP_BC_ADD=1, |
|
| 36 |
+ OP_BC_SUB, |
|
| 37 |
+ OP_BC_MUL, |
|
| 38 |
+ OP_BC_UDIV, |
|
| 39 |
+ OP_BC_SDIV, |
|
| 40 |
+ OP_BC_UREM, |
|
| 41 |
+ OP_BC_SREM, |
|
| 42 |
+ OP_BC_SHL, |
|
| 43 |
+ OP_BC_LSHR, |
|
| 44 |
+ OP_BC_ASHR, |
|
| 45 |
+ OP_BC_AND, |
|
| 46 |
+ OP_BC_OR, |
|
| 47 |
+ OP_BC_XOR, |
|
| 48 | 48 |
|
| 49 |
- OP_TRUNC, |
|
| 50 |
- OP_SEXT, |
|
| 51 |
- OP_ZEXT, |
|
| 49 |
+ OP_BC_TRUNC, |
|
| 50 |
+ OP_BC_SEXT, |
|
| 51 |
+ OP_BC_ZEXT, |
|
| 52 | 52 |
|
| 53 |
- OP_BRANCH, |
|
| 54 |
- OP_JMP, |
|
| 55 |
- OP_RET, |
|
| 56 |
- OP_RET_VOID, |
|
| 53 |
+ OP_BC_BRANCH, |
|
| 54 |
+ OP_BC_JMP, |
|
| 55 |
+ OP_BC_RET, |
|
| 56 |
+ OP_BC_RET_VOID, |
|
| 57 | 57 |
|
| 58 |
- OP_ICMP_EQ, |
|
| 59 |
- OP_ICMP_NE, |
|
| 60 |
- OP_ICMP_UGT, |
|
| 61 |
- OP_ICMP_UGE, |
|
| 62 |
- OP_ICMP_ULT, |
|
| 63 |
- OP_ICMP_ULE, |
|
| 64 |
- OP_ICMP_SGT, |
|
| 65 |
- OP_ICMP_SGE, |
|
| 66 |
- OP_ICMP_SLE, |
|
| 67 |
- OP_ICMP_SLT, |
|
| 68 |
- OP_SELECT, |
|
| 69 |
- OP_CALL_DIRECT, |
|
| 70 |
- OP_CALL_API, |
|
| 71 |
- OP_COPY, |
|
| 72 |
- OP_GEP1, |
|
| 73 |
- OP_GEP2, |
|
| 74 |
- OP_GEPN, |
|
| 75 |
- OP_STORE, |
|
| 76 |
- OP_LOAD, |
|
| 77 |
- OP_INVALID /* last */ |
|
| 58 |
+ OP_BC_ICMP_EQ, |
|
| 59 |
+ OP_BC_ICMP_NE, |
|
| 60 |
+ OP_BC_ICMP_UGT, |
|
| 61 |
+ OP_BC_ICMP_UGE, |
|
| 62 |
+ OP_BC_ICMP_ULT, |
|
| 63 |
+ OP_BC_ICMP_ULE, |
|
| 64 |
+ OP_BC_ICMP_SGT, |
|
| 65 |
+ OP_BC_ICMP_SGE, |
|
| 66 |
+ OP_BC_ICMP_SLE, |
|
| 67 |
+ OP_BC_ICMP_SLT, |
|
| 68 |
+ OP_BC_SELECT, |
|
| 69 |
+ OP_BC_CALL_DIRECT, |
|
| 70 |
+ OP_BC_CALL_API, |
|
| 71 |
+ OP_BC_COPY, |
|
| 72 |
+ OP_BC_GEP1, |
|
| 73 |
+ OP_BC_GEP2, |
|
| 74 |
+ OP_BC_GEPN, |
|
| 75 |
+ OP_BC_STORE, |
|
| 76 |
+ OP_BC_LOAD, |
|
| 77 |
+ OP_BC_INVALID /* last */ |
|
| 78 | 78 |
}; |
| 79 | 79 |
|
| 80 | 80 |
static const unsigned char operand_counts[] = {
|
| ... | ... |
@@ -91,9 +91,9 @@ static const unsigned char operand_counts[] = {
|
| 91 | 91 |
3, |
| 92 | 92 |
/* CALLs have variable number of operands */ |
| 93 | 93 |
0, 0, |
| 94 |
- /* OP_COPY */ |
|
| 94 |
+ /* OP_BC_COPY */ |
|
| 95 | 95 |
2, |
| 96 |
- /* OP_GEP1, OP_GEP2, OP_GEPN, OP_STORE, OP_LOAD*/ |
|
| 96 |
+ /* OP_BC_GEP1, OP_BC_GEP2, OP_BC_GEPN, OP_BC_STORE, OP_BC_LOAD*/ |
|
| 97 | 97 |
2, 3, 0, 2, 1 |
| 98 | 98 |
}; |
| 99 | 99 |
|
| ... | ... |
@@ -114,6 +114,11 @@ static struct dconf_module modules[] = {
|
| 114 | 114 |
{ "PHISHING", "ENGINE", PHISHING_CONF_ENGINE, 1 },
|
| 115 | 115 |
{ "PHISHING", "ENTCONV", PHISHING_CONF_ENTCONV, 1 },
|
| 116 | 116 |
|
| 117 |
+ { "BYTECODE", "INTERPRETER", BYTECODE_INTERPRETER, 1 },
|
|
| 118 |
+ { "BYTECODE", "JIT X86", BYTECODE_JIT_X86, 1 },
|
|
| 119 |
+ { "BYTECODE", "JIT PPC", BYTECODE_JIT_PPC, 1 },
|
|
| 120 |
+ { "BYTECODE", "JIT ARM", BYTECODE_JIT_ARM, 0 },
|
|
| 121 |
+ |
|
| 117 | 122 |
{ NULL, NULL, 0, 0 }
|
| 118 | 123 |
}; |
| 119 | 124 |
|
| ... | ... |
@@ -161,6 +166,9 @@ struct cli_dconf *cli_dconf_init(void) |
| 161 | 161 |
} else if(!strcmp(modules[i].mname, "PHISHING")) {
|
| 162 | 162 |
if(modules[i].state) |
| 163 | 163 |
dconf->phishing |= modules[i].bflag; |
| 164 |
+ } else if(!strcmp(modules[i].mname, "BYTECODE")) {
|
|
| 165 |
+ if (modules[i].state) |
|
| 166 |
+ dconf->bytecode |= modules[i].bflag; |
|
| 164 | 167 |
} |
| 165 | 168 |
} |
| 166 | 169 |
|
| ... | ... |
@@ -170,7 +178,7 @@ struct cli_dconf *cli_dconf_init(void) |
| 170 | 170 |
void cli_dconf_print(struct cli_dconf *dconf) |
| 171 | 171 |
{
|
| 172 | 172 |
unsigned int pe = 0, elf = 0, macho = 0, arch = 0, doc = 0, mail = 0; |
| 173 |
- unsigned int other = 0, phishing = 0, i; |
|
| 173 |
+ unsigned int other = 0, phishing = 0, i, bytecode=0; |
|
| 174 | 174 |
|
| 175 | 175 |
|
| 176 | 176 |
cli_dbgmsg("Dynamic engine configuration settings:\n");
|
| ... | ... |
@@ -247,6 +255,15 @@ void cli_dconf_print(struct cli_dconf *dconf) |
| 247 | 247 |
cli_dbgmsg(" * Submodule %10s:\t%s\n", modules[i].sname, (dconf->phishing & modules[i].bflag) ? "On" : "** Off **");
|
| 248 | 248 |
else |
| 249 | 249 |
continue; |
| 250 |
+ } else if(!strcmp(modules[i].mname, "BYTECODE")) {
|
|
| 251 |
+ if(!bytecode) {
|
|
| 252 |
+ cli_dbgmsg("Module BYTECODE %s\n", dconf->phishing ? "On" : "Off");
|
|
| 253 |
+ bytecode = 1; |
|
| 254 |
+ } |
|
| 255 |
+ if(dconf->bytecode) |
|
| 256 |
+ cli_dbgmsg(" * Submodule %10s:\t%s\n", modules[i].sname, (dconf->bytecode & modules[i].bflag) ? "On" : "** Off **");
|
|
| 257 |
+ else |
|
| 258 |
+ continue; |
|
| 250 | 259 |
} |
| 251 | 260 |
} |
| 252 | 261 |
} |
| ... | ... |
@@ -370,6 +387,15 @@ int cli_dconf_load(FILE *fs, struct cl_engine *engine, unsigned int options, str |
| 370 | 370 |
break; |
| 371 | 371 |
} |
| 372 | 372 |
} |
| 373 |
+ |
|
| 374 |
+ if(!strncmp(buffer, "BYTECODE:", 9) && chkflevel(buffer, 2)) {
|
|
| 375 |
+ if(sscanf(buffer + 9, "0x%x", &val) == 1) {
|
|
| 376 |
+ engine->dconf->bytecode = val; |
|
| 377 |
+ } else {
|
|
| 378 |
+ ret = CL_EMALFDB; |
|
| 379 |
+ break; |
|
| 380 |
+ } |
|
| 381 |
+ } |
|
| 373 | 382 |
} |
| 374 | 383 |
|
| 375 | 384 |
if(ret) {
|
| ... | ... |
@@ -39,6 +39,7 @@ struct cli_dconf {
|
| 39 | 39 |
uint32_t mail; |
| 40 | 40 |
uint32_t other; |
| 41 | 41 |
uint32_t phishing; |
| 42 |
+ uint32_t bytecode; |
|
| 42 | 43 |
}; |
| 43 | 44 |
|
| 44 | 45 |
/* PE flags */ |
| ... | ... |
@@ -103,6 +104,14 @@ struct cli_dconf {
|
| 103 | 103 |
#define PHISHING_CONF_ENGINE 0x1 |
| 104 | 104 |
#define PHISHING_CONF_ENTCONV 0x2 |
| 105 | 105 |
|
| 106 |
+/* Bytecode flags */ |
|
| 107 |
+#define BYTECODE_INTERPRETER 0x1 |
|
| 108 |
+#define BYTECODE_JIT_X86 0x2 |
|
| 109 |
+#define BYTECODE_JIT_PPC 0x4 |
|
| 110 |
+#define BYTECODE_JIT_ARM 0x8 |
|
| 111 |
+ |
|
| 112 |
+#define BYTECODE_ENGINE_MASK (BYTECODE_INTERPRETER | BYTECODE_JIT_X86 | BYTECODE_JIT_PPC | BYTECODE_JIT_ARM) |
|
| 113 |
+ |
|
| 106 | 114 |
#ifdef USE_MPOOL |
| 107 | 115 |
struct cli_dconf *cli_dconf_init(mpool_t *); |
| 108 | 116 |
#define cli_mpool_dconf_init(a) cli_dconf_init(a) |
| ... | ... |
@@ -39,6 +39,7 @@ |
| 39 | 39 |
#include "dconf.h" |
| 40 | 40 |
#include "libclamunrar_iface/unrar_iface.h" |
| 41 | 41 |
#include "regex/regex.h" |
| 42 |
+#include "bytecode.h" |
|
| 42 | 43 |
|
| 43 | 44 |
/* |
| 44 | 45 |
* CL_FLEVEL is the signature f-level specific to the current code and |
| ... | ... |
@@ -175,6 +176,9 @@ struct cl_engine {
|
| 175 | 175 |
|
| 176 | 176 |
/* Used for memory pools */ |
| 177 | 177 |
mpool_t *mempool; |
| 178 |
+ |
|
| 179 |
+ /* Used for bytecode */ |
|
| 180 |
+ struct cli_all_bc bcs; |
|
| 178 | 181 |
}; |
| 179 | 182 |
|
| 180 | 183 |
struct cl_settings {
|
| ... | ... |
@@ -70,7 +70,8 @@ |
| 70 | 70 |
#endif |
| 71 | 71 |
|
| 72 | 72 |
#include "mpool.h" |
| 73 |
- |
|
| 73 |
+#include "bytecode.h" |
|
| 74 |
+#include "bytecode_priv.h" |
|
| 74 | 75 |
#ifdef CL_THREAD_SAFE |
| 75 | 76 |
# include <pthread.h> |
| 76 | 77 |
static pthread_mutex_t cli_ref_mutex = PTHREAD_MUTEX_INITIALIZER; |
| ... | ... |
@@ -1013,6 +1014,29 @@ static int cli_loadldb(FILE *fs, struct cl_engine *engine, unsigned int *signo, |
| 1013 | 1013 |
return CL_SUCCESS; |
| 1014 | 1014 |
} |
| 1015 | 1015 |
|
| 1016 |
+static int cli_loadcbc(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio, const char *dbname) |
|
| 1017 |
+{
|
|
| 1018 |
+ int rc; |
|
| 1019 |
+ struct cli_all_bc *bcs = &engine->bcs; |
|
| 1020 |
+ struct cli_bc *bc; |
|
| 1021 |
+ if(!(engine->dconf->bytecode & BYTECODE_ENGINE_MASK)) {
|
|
| 1022 |
+ return CL_SUCCESS; |
|
| 1023 |
+ } |
|
| 1024 |
+ bcs->all_bcs = cli_realloc2(bcs->all_bcs, sizeof(*bcs->all_bcs)*(bcs->count+1)); |
|
| 1025 |
+ if (!bcs->all_bcs) {
|
|
| 1026 |
+ cli_errmsg("cli_loadcbc: Can't allocate memory for bytecode entry\n");
|
|
| 1027 |
+ return CL_EMEM; |
|
| 1028 |
+ } |
|
| 1029 |
+ bcs->count++; |
|
| 1030 |
+ bc = &bcs->all_bcs[bcs->count-1]; |
|
| 1031 |
+ rc = cli_bytecode_load(bc, fs, dbio); |
|
| 1032 |
+ if (rc != CL_SUCCESS) {
|
|
| 1033 |
+ fprintf(stderr,"Unable to load %s bytecode: %s\n", dbname, cl_strerror(rc)); |
|
| 1034 |
+ return rc; |
|
| 1035 |
+ } |
|
| 1036 |
+ return CL_SUCCESS; |
|
| 1037 |
+} |
|
| 1038 |
+ |
|
| 1016 | 1039 |
#define FTM_TOKENS 8 |
| 1017 | 1040 |
static int cli_loadftm(FILE *fs, struct cl_engine *engine, unsigned int options, unsigned int internal, struct cli_dbio *dbio) |
| 1018 | 1041 |
{
|
| ... | ... |
@@ -1608,7 +1632,11 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo |
| 1608 | 1608 |
ret = cli_loadldb(fs, engine, signo, options | CL_DB_PUA_MODE, dbio, dbname); |
| 1609 | 1609 |
else |
| 1610 | 1610 |
skipped = 1; |
| 1611 |
- |
|
| 1611 |
+ } else if(cli_strbcasestr(filename, ".cbc")) {
|
|
| 1612 |
+ if(options & CL_DB_BYTECODE) |
|
| 1613 |
+ ret = cli_loadcbc(fs, engine, signo, options, dbio, dbname); |
|
| 1614 |
+ else |
|
| 1615 |
+ skipped = 1; |
|
| 1612 | 1616 |
} else if(cli_strbcasestr(dbname, ".sdb")) {
|
| 1613 | 1617 |
ret = cli_loadndb(fs, engine, signo, 1, options, dbio, dbname); |
| 1614 | 1618 |
|
| ... | ... |
@@ -1782,10 +1810,17 @@ int cl_load(const char *path, struct cl_engine *engine, unsigned int *signo, uns |
| 1782 | 1782 |
if((ret = phishing_init(engine))) |
| 1783 | 1783 |
return ret; |
| 1784 | 1784 |
|
| 1785 |
+ if((dboptions & CL_DB_BYTECODE) && !engine->bcs.engine && (engine->dconf->bytecode & BYTECODE_ENGINE_MASK)) {
|
|
| 1786 |
+ if((ret = cli_bytecode_init(&engine->bcs))) |
|
| 1787 |
+ return ret; |
|
| 1788 |
+ } else {
|
|
| 1789 |
+ cli_dbgmsg("Bytecode engine disabled\n");
|
|
| 1790 |
+ } |
|
| 1791 |
+ |
|
| 1785 | 1792 |
engine->dboptions |= dboptions; |
| 1786 | 1793 |
|
| 1787 | 1794 |
switch(sb.st_mode & S_IFMT) {
|
| 1788 |
- case S_IFREG: |
|
| 1795 |
+ case S_IFREG: |
|
| 1789 | 1796 |
ret = cli_load(path, engine, signo, dboptions, NULL); |
| 1790 | 1797 |
break; |
| 1791 | 1798 |
|
| ... | ... |
@@ -2092,6 +2127,14 @@ int cl_engine_free(struct cl_engine *engine) |
| 2092 | 2092 |
mpool_free(engine->mempool, metah); |
| 2093 | 2093 |
} |
| 2094 | 2094 |
|
| 2095 |
+ if(engine->dconf->bytecode & BYTECODE_ENGINE_MASK) {
|
|
| 2096 |
+ unsigned i; |
|
| 2097 |
+ if (engine->bcs.all_bcs) |
|
| 2098 |
+ for(i=0;i<engine->bcs.count;i++) |
|
| 2099 |
+ cli_bytecode_destroy(&engine->bcs.all_bcs[i]); |
|
| 2100 |
+ cli_bytecode_done(&engine->bcs); |
|
| 2101 |
+ free(engine->bcs.all_bcs); |
|
| 2102 |
+ } |
|
| 2095 | 2103 |
if(engine->dconf->phishing & PHISHING_CONF_ENGINE) |
| 2096 | 2104 |
phishing_done(engine); |
| 2097 | 2105 |
if(engine->dconf) |
| ... | ... |
@@ -2168,6 +2211,12 @@ int cl_engine_compile(struct cl_engine *engine) |
| 2168 | 2168 |
cli_dconf_print(engine->dconf); |
| 2169 | 2169 |
mpool_flush(engine->mempool); |
| 2170 | 2170 |
|
| 2171 |
+ /* Compile bytecode */ |
|
| 2172 |
+ if((ret = cli_bytecode_prepare(&engine->bcs))) {
|
|
| 2173 |
+ fprintf(stderr,"Unable to compile/load bytecode: %s\n", cl_strerror(ret)); |
|
| 2174 |
+ return ret; |
|
| 2175 |
+ } |
|
| 2176 |
+ |
|
| 2171 | 2177 |
engine->dboptions |= CL_DB_COMPILED; |
| 2172 | 2178 |
return CL_SUCCESS; |
| 2173 | 2179 |
} |
| ... | ... |
@@ -47,6 +47,7 @@ |
| 47 | 47 |
cli_strbcasestr(ext, ".pdb") || \ |
| 48 | 48 |
cli_strbcasestr(ext, ".gdb") || \ |
| 49 | 49 |
cli_strbcasestr(ext, ".wdb") || \ |
| 50 |
+ cli_strbcasestr(ext, ".cbc") || \ |
|
| 50 | 51 |
cli_strbcasestr(ext, ".ftm") || \ |
| 51 | 52 |
cli_strbcasestr(ext, ".ign") || \ |
| 52 | 53 |
cli_strbcasestr(ext, ".cfg") || \ |
| ... | ... |
@@ -233,7 +233,7 @@ const struct clam_option clam_options[] = {
|
| 233 | 233 |
{ "AllowSupplementaryGroups", NULL, 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Initialize a supplementary group access (the process must be started by root).", "no" },
|
| 234 | 234 |
|
| 235 | 235 |
/* Scan options */ |
| 236 |
- |
|
| 236 |
+ { "Bytecode", "bytecode", 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.", "yes" },
|
|
| 237 | 237 |
{ "DetectPUA", "detect-pua", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "Detect Potentially Unwanted Applications.", "yes" },
|
| 238 | 238 |
|
| 239 | 239 |
{ "ExcludePUA", "exclude-pua", 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD | OPT_CLAMSCAN, "Exclude a specific PUA category. This directive can be used multiple times.\nSee http://www.clamav.net/support/pua for the complete list of PUA\ncategories.", "NetTool\nPWTool" },
|
| ... | ... |
@@ -129,6 +129,14 @@ START_TEST (test_div0) |
| 129 | 129 |
} |
| 130 | 130 |
END_TEST |
| 131 | 131 |
|
| 132 |
+START_TEST (test_lsig) |
|
| 133 |
+{
|
|
| 134 |
+ cl_init(CL_INIT_DEFAULT); |
|
| 135 |
+ runtest("input/lsig.cbc", 0, CL_EBYTECODE, 0);
|
|
| 136 |
+// runtest("input/lsig.cbc", 0, CL_EBYTECODE, 1);
|
|
| 137 |
+} |
|
| 138 |
+END_TEST |
|
| 139 |
+ |
|
| 132 | 140 |
Suite *test_bytecode_suite(void) |
| 133 | 141 |
{
|
| 134 | 142 |
Suite *s = suite_create("bytecode");
|