Browse code
apm/mbr/gpt: minor allmatch fixes
Kevin Lin authored on 2014/03/12 04:55:47Showing 3 changed files
| ... | ... |
@@ -55,7 +55,7 @@ int cli_scanapm(cli_ctx *ctx) |
| 55 | 55 |
{
|
| 56 | 56 |
struct apm_driver_desc_map ddm; |
| 57 | 57 |
struct apm_partition_info aptable, apentry; |
| 58 |
- int ret = 0, old_school = 0; |
|
| 58 |
+ int ret = CL_CLEAN, detection = CL_CLEAN, old_school = 0; |
|
| 59 | 59 |
size_t sectorsize, maplen, partsize, sectorcheck; |
| 60 | 60 |
off_t pos = 0, partoff = 0; |
| 61 | 61 |
unsigned i; |
| ... | ... |
@@ -139,10 +139,11 @@ int cli_scanapm(cli_ctx *ctx) |
| 139 | 139 |
/* check that the partition table fits in the space specified - HEURISTICS */ |
| 140 | 140 |
if ((ctx->options & CL_SCAN_PARTITION_INTXN) && (ctx->dconf->other & OTHER_CONF_PRTNINTXN)) {
|
| 141 | 141 |
ret = apm_prtn_intxn(ctx, aptable, sectorsize, old_school); |
| 142 |
- if ((ret != CL_CLEAN) && |
|
| 143 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 144 |
- |
|
| 145 |
- return ret; |
|
| 142 |
+ if (ret != CL_CLEAN) {
|
|
| 143 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 144 |
+ detection = CL_VIRUS; |
|
| 145 |
+ else |
|
| 146 |
+ return ret; |
|
| 146 | 147 |
} |
| 147 | 148 |
} |
| 148 | 149 |
|
| ... | ... |
@@ -223,13 +224,15 @@ int cli_scanapm(cli_ctx *ctx) |
| 223 | 223 |
cli_dbgmsg("Type: %s\n", (char*)apentry.type);
|
| 224 | 224 |
cli_dbgmsg("Signature: %x\n", apentry.signature);
|
| 225 | 225 |
cli_dbgmsg("Partition Count: %u\n", apentry.numPartitions);
|
| 226 |
- cli_dbgmsg("Blocks: [%u, +%u), ([%u, +%u))\n",
|
|
| 227 |
- apentry.pBlockStart, apentry.pBlockCount, partoff, partsize); |
|
| 226 |
+ cli_dbgmsg("Blocks: [%u, +%u), ([%lu, +%lu))\n",
|
|
| 227 |
+ apentry.pBlockStart, apentry.pBlockCount, (long unsigned)partoff, (long unsigned)partsize); |
|
| 228 | 228 |
|
| 229 | 229 |
/* send the partition to cli_map_scan */ |
| 230 | 230 |
ret = cli_map_scan(*ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY); |
| 231 |
- if ((ret != CL_CLEAN) && |
|
| 232 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 231 |
+ if (ret != CL_CLEAN) {
|
|
| 232 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 233 |
+ detection = CL_VIRUS; |
|
| 234 |
+ else |
|
| 233 | 235 |
return ret; |
| 234 | 236 |
} |
| 235 | 237 |
} |
| ... | ... |
@@ -238,7 +241,7 @@ int cli_scanapm(cli_ctx *ctx) |
| 238 | 238 |
cli_dbgmsg("cli_scanapm: max partitions reached\n");
|
| 239 | 239 |
} |
| 240 | 240 |
|
| 241 |
- return ret; |
|
| 241 |
+ return detection; |
|
| 242 | 242 |
} |
| 243 | 243 |
|
| 244 | 244 |
static int apm_prtn_intxn(cli_ctx *ctx, struct apm_partition_info aptable, size_t sectorsize, int old_school) |
| ... | ... |
@@ -246,7 +249,7 @@ static int apm_prtn_intxn(cli_ctx *ctx, struct apm_partition_info aptable, size_ |
| 246 | 246 |
prtn_intxn_list_t prtncheck; |
| 247 | 247 |
struct apm_partition_info apentry; |
| 248 | 248 |
unsigned i, pitxn; |
| 249 |
- int ret = 0, tmp = 0; |
|
| 249 |
+ int ret = CL_CLEAN, tmp = CL_CLEAN; |
|
| 250 | 250 |
off_t pos; |
| 251 | 251 |
uint32_t max_prtns = 0; |
| 252 | 252 |
|
| ... | ... |
@@ -103,7 +103,7 @@ int cli_scangpt(cli_ctx *ctx, size_t sectorsize) |
| 103 | 103 |
{
|
| 104 | 104 |
struct gpt_header phdr, shdr; |
| 105 | 105 |
enum GPT_SCANSTATE state = INVALID; |
| 106 |
- int ret = 0; |
|
| 106 |
+ int ret = CL_CLEAN, detection = CL_CLEAN; |
|
| 107 | 107 |
size_t maplen; |
| 108 | 108 |
off_t pos = 0; |
| 109 | 109 |
|
| ... | ... |
@@ -134,10 +134,11 @@ int cli_scangpt(cli_ctx *ctx, size_t sectorsize) |
| 134 | 134 |
|
| 135 | 135 |
/* check the protective mbr */ |
| 136 | 136 |
ret = gpt_check_mbr(ctx, sectorsize); |
| 137 |
- if ((ret != CL_CLEAN) && |
|
| 138 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 139 |
- |
|
| 140 |
- return ret; |
|
| 137 |
+ if (ret != CL_CLEAN) {
|
|
| 138 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 139 |
+ detection = CL_VIRUS; |
|
| 140 |
+ else |
|
| 141 |
+ return ret; |
|
| 141 | 142 |
} |
| 142 | 143 |
|
| 143 | 144 |
pos = GPT_PRIMARY_HDR_LBA * sectorsize; /* sector 1 (second sector) is the primary gpt header */ |
| ... | ... |
@@ -197,16 +198,18 @@ int cli_scangpt(cli_ctx *ctx, size_t sectorsize) |
| 197 | 197 |
/* check that the partition table has no intersections - HEURISTICS */ |
| 198 | 198 |
if ((ctx->options & CL_SCAN_PARTITION_INTXN) && (ctx->dconf->other & OTHER_CONF_PRTNINTXN)) {
|
| 199 | 199 |
ret = gpt_prtn_intxn(ctx, phdr, sectorsize); |
| 200 |
- if ((ret != CL_CLEAN) && |
|
| 201 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 202 |
- |
|
| 203 |
- return ret; |
|
| 200 |
+ if (ret != CL_CLEAN) {
|
|
| 201 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 202 |
+ detection = CL_VIRUS; |
|
| 203 |
+ else |
|
| 204 |
+ return ret; |
|
| 204 | 205 |
} |
| 205 | 206 |
ret = gpt_prtn_intxn(ctx, shdr, sectorsize); |
| 206 |
- if ((ret != CL_CLEAN) && |
|
| 207 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 208 |
- |
|
| 209 |
- return ret; |
|
| 207 |
+ if (ret != CL_CLEAN) {
|
|
| 208 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 209 |
+ detection = CL_VIRUS; |
|
| 210 |
+ else |
|
| 211 |
+ return ret; |
|
| 210 | 212 |
} |
| 211 | 213 |
} |
| 212 | 214 |
|
| ... | ... |
@@ -215,44 +218,52 @@ int cli_scangpt(cli_ctx *ctx, size_t sectorsize) |
| 215 | 215 |
case PRIMARY_ONLY: |
| 216 | 216 |
cli_dbgmsg("cli_scangpt: Scanning primary GPT partitions only\n");
|
| 217 | 217 |
ret = gpt_scan_partitions(ctx, phdr, sectorsize); |
| 218 |
- if ((ret != CL_CLEAN) && |
|
| 219 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 220 |
- break; |
|
| 218 |
+ if (ret != CL_CLEAN) {
|
|
| 219 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 220 |
+ detection = CL_VIRUS; |
|
| 221 |
+ else |
|
| 222 |
+ return ret; |
|
| 221 | 223 |
} |
| 222 | 224 |
break; |
| 223 | 225 |
case SECONDARY_ONLY: |
| 224 | 226 |
cli_dbgmsg("cli_scangpt: Scanning secondary GPT partitions only\n");
|
| 225 | 227 |
ret = gpt_scan_partitions(ctx, shdr, sectorsize); |
| 226 |
- if ((ret != CL_CLEAN) && |
|
| 227 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 228 |
- break; |
|
| 228 |
+ if (ret != CL_CLEAN) {
|
|
| 229 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 230 |
+ detection = CL_VIRUS; |
|
| 231 |
+ else |
|
| 232 |
+ return ret; |
|
| 229 | 233 |
} |
| 230 | 234 |
break; |
| 231 | 235 |
case BOTH: |
| 232 | 236 |
cli_dbgmsg("cli_scangpt: Scanning primary GPT partitions\n");
|
| 233 | 237 |
ret = gpt_scan_partitions(ctx, phdr, sectorsize); |
| 234 |
- if ((ret != CL_CLEAN) && |
|
| 235 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 236 |
- break; |
|
| 238 |
+ if (ret != CL_CLEAN) {
|
|
| 239 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 240 |
+ detection = CL_VIRUS; |
|
| 241 |
+ else |
|
| 242 |
+ return ret; |
|
| 237 | 243 |
} |
| 238 | 244 |
cli_dbgmsg("cli_scangpt: Scanning secondary GPT partitions\n");
|
| 239 | 245 |
ret = gpt_scan_partitions(ctx, shdr, sectorsize); |
| 240 |
- if ((ret != CL_CLEAN) && |
|
| 241 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 242 |
- break; |
|
| 246 |
+ if (ret != CL_CLEAN) {
|
|
| 247 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 248 |
+ detection = CL_VIRUS; |
|
| 249 |
+ else |
|
| 250 |
+ return ret; |
|
| 243 | 251 |
} |
| 244 | 252 |
break; |
| 245 | 253 |
default: |
| 246 | 254 |
cli_dbgmsg("cli_scangpt: State is invalid\n");
|
| 247 | 255 |
} |
| 248 | 256 |
|
| 249 |
- return ret; |
|
| 257 |
+ return detection; |
|
| 250 | 258 |
} |
| 251 | 259 |
|
| 252 | 260 |
static int gpt_scan_partitions(cli_ctx *ctx, struct gpt_header hdr, size_t sectorsize) |
| 253 | 261 |
{
|
| 254 | 262 |
struct gpt_partition_entry gpe; |
| 255 |
- int ret = 0; |
|
| 263 |
+ int ret = CL_CLEAN, detection = CL_CLEAN; |
|
| 256 | 264 |
size_t maplen, part_size = 0; |
| 257 | 265 |
off_t pos = 0, part_off = 0; |
| 258 | 266 |
unsigned i = 0, j = 0; |
| ... | ... |
@@ -337,9 +348,10 @@ static int gpt_scan_partitions(cli_ctx *ctx, struct gpt_header hdr, size_t secto |
| 337 | 337 |
part_off = gpe.firstLBA * sectorsize; |
| 338 | 338 |
part_size = (gpe.lastLBA - gpe.firstLBA + 1) * sectorsize; |
| 339 | 339 |
ret = cli_map_scan(*ctx->fmap, part_off, part_size, ctx, CL_TYPE_PART_ANY); |
| 340 |
- if ((ret != CL_CLEAN) && |
|
| 341 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 342 |
- //gpt_printName(gpe.name, "Detection in Partition"); |
|
| 340 |
+ if (ret != CL_CLEAN) {
|
|
| 341 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 342 |
+ detection = CL_VIRUS; |
|
| 343 |
+ else |
|
| 343 | 344 |
return ret; |
| 344 | 345 |
} |
| 345 | 346 |
} |
| ... | ... |
@@ -352,7 +364,7 @@ static int gpt_scan_partitions(cli_ctx *ctx, struct gpt_header hdr, size_t secto |
| 352 | 352 |
cli_dbgmsg("cli_scangpt: max partitions reached\n");
|
| 353 | 353 |
} |
| 354 | 354 |
|
| 355 |
- return ret; |
|
| 355 |
+ return detection; |
|
| 356 | 356 |
} |
| 357 | 357 |
|
| 358 | 358 |
static int gpt_validate_header(cli_ctx *ctx, struct gpt_header hdr, size_t sectorsize) |
| ... | ... |
@@ -599,7 +611,7 @@ static int gpt_prtn_intxn(cli_ctx *ctx, struct gpt_header hdr, size_t sectorsize |
| 599 | 599 |
prtn_intxn_list_t prtncheck; |
| 600 | 600 |
struct gpt_partition_entry gpe; |
| 601 | 601 |
unsigned i, pitxn; |
| 602 |
- int ret = 0, tmp = 0; |
|
| 602 |
+ int ret = CL_CLEAN, tmp = CL_CLEAN; |
|
| 603 | 603 |
off_t pos; |
| 604 | 604 |
size_t maplen; |
| 605 | 605 |
uint32_t max_prtns = 0; |
| ... | ... |
@@ -99,7 +99,7 @@ int cli_scanmbr(cli_ctx *ctx, size_t sectorsize) |
| 99 | 99 |
{
|
| 100 | 100 |
struct mbr_boot_record mbr; |
| 101 | 101 |
enum MBR_STATE state = SEEN_NOTHING; |
| 102 |
- int ret = CL_CLEAN; |
|
| 102 |
+ int ret = CL_CLEAN, detection = CL_CLEAN; |
|
| 103 | 103 |
off_t pos = 0, mbr_base = 0, partoff = 0; |
| 104 | 104 |
unsigned i = 0, prtncount = 0; |
| 105 | 105 |
size_t maplen, partsize; |
| ... | ... |
@@ -145,18 +145,21 @@ int cli_scanmbr(cli_ctx *ctx, size_t sectorsize) |
| 145 | 145 |
|
| 146 | 146 |
/* MBR is valid, examine bootstrap code */ |
| 147 | 147 |
ret = cli_map_scan(*ctx->fmap, 0, sectorsize, ctx, CL_TYPE_ANY); |
| 148 |
- if ((ret != CL_CLEAN) && |
|
| 149 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 150 |
- return ret; |
|
| 148 |
+ if (ret != CL_CLEAN) {
|
|
| 149 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 150 |
+ detection = CL_VIRUS; |
|
| 151 |
+ else |
|
| 152 |
+ return ret; |
|
| 151 | 153 |
} |
| 152 | 154 |
|
| 153 | 155 |
/* check that the partition table has no intersections - HEURISTICS */ |
| 154 | 156 |
if ((ctx->options & CL_SCAN_PARTITION_INTXN) && (ctx->dconf->other & OTHER_CONF_PRTNINTXN)) {
|
| 155 | 157 |
ret = mbr_primary_prtn_intxn(ctx, mbr, sectorsize); |
| 156 |
- if ((ret != CL_CLEAN) && |
|
| 157 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 158 |
- |
|
| 159 |
- return ret; |
|
| 158 |
+ if (ret != CL_CLEAN) {
|
|
| 159 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 160 |
+ detection = CL_VIRUS; |
|
| 161 |
+ else |
|
| 162 |
+ return ret; |
|
| 160 | 163 |
} |
| 161 | 164 |
} |
| 162 | 165 |
|
| ... | ... |
@@ -186,9 +189,11 @@ int cli_scanmbr(cli_ctx *ctx, size_t sectorsize) |
| 186 | 186 |
|
| 187 | 187 |
ret = mbr_scanextprtn(ctx, &prtncount, mbr.entries[i].firstLBA, |
| 188 | 188 |
mbr.entries[i].numLBA, sectorsize); |
| 189 |
- if ((ret != CL_CLEAN) && |
|
| 190 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 191 |
- return ret; |
|
| 189 |
+ if (ret != CL_CLEAN) {
|
|
| 190 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 191 |
+ detection = CL_VIRUS; |
|
| 192 |
+ else |
|
| 193 |
+ return ret; |
|
| 192 | 194 |
} |
| 193 | 195 |
} |
| 194 | 196 |
else {
|
| ... | ... |
@@ -198,8 +203,10 @@ int cli_scanmbr(cli_ctx *ctx, size_t sectorsize) |
| 198 | 198 |
partsize = mbr.entries[i].numLBA * sectorsize; |
| 199 | 199 |
mbr_parsemsg("cli_map_scan: [%u, +%u)\n", partoff, partsize);
|
| 200 | 200 |
ret = cli_map_scan(*ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY); |
| 201 |
- if ((ret != CL_CLEAN) && |
|
| 202 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 201 |
+ if (ret != CL_CLEAN) {
|
|
| 202 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 203 |
+ detection = CL_VIRUS; |
|
| 204 |
+ else |
|
| 203 | 205 |
return ret; |
| 204 | 206 |
} |
| 205 | 207 |
} |
| ... | ... |
@@ -208,14 +215,15 @@ int cli_scanmbr(cli_ctx *ctx, size_t sectorsize) |
| 208 | 208 |
if (prtncount >= ctx->engine->maxpartitions) {
|
| 209 | 209 |
cli_dbgmsg("cli_scanmbr: maximum partitions reached\n");
|
| 210 | 210 |
} |
| 211 |
- return ret; |
|
| 211 |
+ |
|
| 212 |
+ return detection; |
|
| 212 | 213 |
} |
| 213 | 214 |
|
| 214 | 215 |
static int mbr_scanextprtn(cli_ctx *ctx, unsigned *prtncount, off_t extlba, size_t extlbasize, size_t sectorsize) |
| 215 | 216 |
{
|
| 216 | 217 |
struct mbr_boot_record ebr; |
| 217 | 218 |
enum MBR_STATE state = SEEN_NOTHING; |
| 218 |
- int ret = CL_CLEAN; |
|
| 219 |
+ int ret = CL_CLEAN, detection = CL_CLEAN; |
|
| 219 | 220 |
off_t pos = 0, mbr_base = 0, logiclba = 0, extoff = 0, partoff = 0; |
| 220 | 221 |
size_t partsize, extsize; |
| 221 | 222 |
unsigned i = 0, j = 0; |
| ... | ... |
@@ -338,9 +346,11 @@ static int mbr_scanextprtn(cli_ctx *ctx, unsigned *prtncount, off_t extlba, size |
| 338 | 338 |
} |
| 339 | 339 |
|
| 340 | 340 |
ret = cli_map_scan(*ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY); |
| 341 |
- if ((ret != CL_CLEAN) && |
|
| 342 |
- !((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS))) {
|
|
| 343 |
- return ret; |
|
| 341 |
+ if (ret != CL_CLEAN) {
|
|
| 342 |
+ if ((ctx->options & CL_SCAN_ALLMATCHES) && (ret == CL_VIRUS)) |
|
| 343 |
+ detection = CL_VIRUS; |
|
| 344 |
+ else |
|
| 345 |
+ return ret; |
|
| 344 | 346 |
} |
| 345 | 347 |
} |
| 346 | 348 |
} |
| ... | ... |
@@ -357,7 +367,8 @@ static int mbr_scanextprtn(cli_ctx *ctx, unsigned *prtncount, off_t extlba, size |
| 357 | 357 |
} while (logiclba != 0 && (*prtncount) < ctx->engine->maxpartitions); |
| 358 | 358 |
|
| 359 | 359 |
cli_dbgmsg("cli_scanmbr: examined %u logical partitions\n", i);
|
| 360 |
- return ret; |
|
| 360 |
+ |
|
| 361 |
+ return detection; |
|
| 361 | 362 |
} |
| 362 | 363 |
|
| 363 | 364 |
void mbr_convert_to_host(struct mbr_boot_record *record) |
| ... | ... |
@@ -450,7 +461,7 @@ static int mbr_primary_prtn_intxn(cli_ctx *ctx, struct mbr_boot_record mbr, size |
| 450 | 450 |
{
|
| 451 | 451 |
prtn_intxn_list_t prtncheck; |
| 452 | 452 |
unsigned i = 0, pitxn = 0, prtncount = 0; |
| 453 |
- int ret = 0, tmp = 0; |
|
| 453 |
+ int ret = CL_CLEAN, tmp = CL_CLEAN; |
|
| 454 | 454 |
|
| 455 | 455 |
prtn_intxn_list_init(&prtncheck); |
| 456 | 456 |
|
| ... | ... |
@@ -518,7 +529,7 @@ static int mbr_extended_prtn_intxn(cli_ctx *ctx, unsigned *prtncount, off_t extl |
| 518 | 518 |
struct mbr_boot_record ebr; |
| 519 | 519 |
prtn_intxn_list_t prtncheck; |
| 520 | 520 |
unsigned i, pitxn; |
| 521 |
- int ret = 0, mbr_base = 0, tmp = 0; |
|
| 521 |
+ int ret = CL_CLEAN, tmp = CL_CLEAN, mbr_base = 0; |
|
| 522 | 522 |
off_t pos = 0, logiclba = 0; |
| 523 | 523 |
|
| 524 | 524 |
mbr_base = sectorsize - sizeof(struct mbr_boot_record); |