git-svn: trunk@2537
aCaB authored on 2006/12/05 03:05:16... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Mon Dec 4 19:03:23 CET 2006 (acab) |
|
2 |
+----------------------------------- |
|
3 |
+ * libclamav/pe.c: fix newpe merge bugs (bb#171, bb#172) |
|
4 |
+ |
|
1 | 5 |
Mon Dec 4 14:17:47 CET 2006 (tk) |
2 | 6 |
--------------------------------- |
3 | 7 |
* freshclam/manager.c: add "-exp" to UserAgent string if compiled with |
... | ... |
@@ -60,6 +60,9 @@ |
60 | 60 |
#define PE32_SIGNATURE 0x010b |
61 | 61 |
#define PE32P_SIGNATURE 0x020b |
62 | 62 |
|
63 |
+#define optional_hdr64 pe_opt.opt64 |
|
64 |
+#define optional_hdr32 pe_opt.opt32 |
|
65 |
+ |
|
63 | 66 |
#define UPX_NRV2B "\x11\xdb\x11\xc9\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9\x11\xc9\x75\x20\x41\x01\xdb" |
64 | 67 |
#define UPX_NRV2D "\x83\xf0\xff\x74\x78\xd1\xf8\x89\xc5\xeb\x0b\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9" |
65 | 68 |
#define UPX_NRV2E "\xeb\x52\x31\xc9\x83\xe8\x03\x72\x11\xc1\xe0\x08\x8a\x06\x46\x83\xf0\xff\x74\x75\xd1\xf8\x89\xc5" |
... | ... |
@@ -235,8 +238,6 @@ int cli_scanpe(int desc, cli_ctx *ctx) |
235 | 235 |
struct pe_image_optional_hdr64 opt64; |
236 | 236 |
struct pe_image_optional_hdr32 opt32; |
237 | 237 |
} pe_opt; |
238 |
- struct pe_image_optional_hdr64 optional_hdr64 = pe_opt.opt64; |
|
239 |
- struct pe_image_optional_hdr32 optional_hdr32 = pe_opt.opt32; |
|
240 | 238 |
struct pe_image_section_hdr *section_hdr; |
241 | 239 |
struct cli_md5_node *md5_sect; |
242 | 240 |
struct stat sb; |
... | ... |
@@ -253,6 +254,7 @@ int cli_scanpe(int desc, cli_ctx *ctx) |
253 | 253 |
struct cli_exe_section *exe_sections; |
254 | 254 |
|
255 | 255 |
|
256 |
+ cli_dbgmsg("%d\n", &optional_hdr32); |
|
256 | 257 |
if(cli_readn(desc, &e_magic, sizeof(e_magic)) != sizeof(e_magic)) { |
257 | 258 |
cli_dbgmsg("Can't read DOS signature\n"); |
258 | 259 |
return CL_CLEAN; |
... | ... |
@@ -717,7 +719,7 @@ int cli_scanpe(int desc, cli_ctx *ctx) |
717 | 717 |
if (DETECT_BROKEN && EC32(section_hdr[i].VirtualAddress)!=valign) { /* Bad first section RVA */ |
718 | 718 |
cli_dbgmsg("First section is in the wrong place\n"); |
719 | 719 |
if(ctx->virname) |
720 |
- *ctx->virname = md5_sect->virname; |
|
720 |
+ *ctx->virname = "Broken.Executable"; |
|
721 | 721 |
free(section_hdr); |
722 | 722 |
free(exe_sections); |
723 | 723 |
return CL_VIRUS; |
... | ... |
@@ -728,7 +730,7 @@ int cli_scanpe(int desc, cli_ctx *ctx) |
728 | 728 |
if (DETECT_BROKEN && EC32(section_hdr[i].VirtualAddress)-EC32(section_hdr[i-1].VirtualAddress)!= exe_sections[i-1].vsz) { /* No holes, no overlapping, no virtual disorder */ |
729 | 729 |
cli_dbgmsg("Virtually misplaced section (wrong order, overlapping, non contiguous)\n"); |
730 | 730 |
if(ctx->virname) |
731 |
- *ctx->virname = md5_sect->virname; |
|
731 |
+ *ctx->virname = "Broken.Executable"; |
|
732 | 732 |
free(section_hdr); |
733 | 733 |
free(exe_sections); |
734 | 734 |
return CL_VIRUS; |
... | ... |
@@ -2471,8 +2473,6 @@ int cli_peheader(int desc, struct cli_exe_info *peinfo) |
2471 | 2471 |
struct pe_image_optional_hdr64 opt64; |
2472 | 2472 |
struct pe_image_optional_hdr32 opt32; |
2473 | 2473 |
} pe_opt; |
2474 |
- struct pe_image_optional_hdr64 optional_hdr64 = pe_opt.opt64; |
|
2475 |
- struct pe_image_optional_hdr32 optional_hdr32 = pe_opt.opt32; |
|
2476 | 2474 |
struct pe_image_section_hdr *section_hdr; |
2477 | 2475 |
struct stat sb; |
2478 | 2476 |
int i; |