Browse code
fix newpe merge bugs (bb#171, bb#172)
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Mon Dec 4 19:03:23 CET 2006 (acab) |
|
| 2 |
+----------------------------------- |
|
| 3 |
+ * libclamav/pe.c: fix newpe merge bugs (bb#171, bb#172) |
|
| 4 |
+ |
|
| 1 | 5 |
Mon Dec 4 14:17:47 CET 2006 (tk) |
| 2 | 6 |
--------------------------------- |
| 3 | 7 |
* freshclam/manager.c: add "-exp" to UserAgent string if compiled with |
| ... | ... |
@@ -60,6 +60,9 @@ |
| 60 | 60 |
#define PE32_SIGNATURE 0x010b |
| 61 | 61 |
#define PE32P_SIGNATURE 0x020b |
| 62 | 62 |
|
| 63 |
+#define optional_hdr64 pe_opt.opt64 |
|
| 64 |
+#define optional_hdr32 pe_opt.opt32 |
|
| 65 |
+ |
|
| 63 | 66 |
#define UPX_NRV2B "\x11\xdb\x11\xc9\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9\x11\xc9\x75\x20\x41\x01\xdb" |
| 64 | 67 |
#define UPX_NRV2D "\x83\xf0\xff\x74\x78\xd1\xf8\x89\xc5\xeb\x0b\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9" |
| 65 | 68 |
#define UPX_NRV2E "\xeb\x52\x31\xc9\x83\xe8\x03\x72\x11\xc1\xe0\x08\x8a\x06\x46\x83\xf0\xff\x74\x75\xd1\xf8\x89\xc5" |
| ... | ... |
@@ -235,8 +238,6 @@ int cli_scanpe(int desc, cli_ctx *ctx) |
| 235 | 235 |
struct pe_image_optional_hdr64 opt64; |
| 236 | 236 |
struct pe_image_optional_hdr32 opt32; |
| 237 | 237 |
} pe_opt; |
| 238 |
- struct pe_image_optional_hdr64 optional_hdr64 = pe_opt.opt64; |
|
| 239 |
- struct pe_image_optional_hdr32 optional_hdr32 = pe_opt.opt32; |
|
| 240 | 238 |
struct pe_image_section_hdr *section_hdr; |
| 241 | 239 |
struct cli_md5_node *md5_sect; |
| 242 | 240 |
struct stat sb; |
| ... | ... |
@@ -253,6 +254,7 @@ int cli_scanpe(int desc, cli_ctx *ctx) |
| 253 | 253 |
struct cli_exe_section *exe_sections; |
| 254 | 254 |
|
| 255 | 255 |
|
| 256 |
+ cli_dbgmsg("%d\n", &optional_hdr32);
|
|
| 256 | 257 |
if(cli_readn(desc, &e_magic, sizeof(e_magic)) != sizeof(e_magic)) {
|
| 257 | 258 |
cli_dbgmsg("Can't read DOS signature\n");
|
| 258 | 259 |
return CL_CLEAN; |
| ... | ... |
@@ -717,7 +719,7 @@ int cli_scanpe(int desc, cli_ctx *ctx) |
| 717 | 717 |
if (DETECT_BROKEN && EC32(section_hdr[i].VirtualAddress)!=valign) { /* Bad first section RVA */
|
| 718 | 718 |
cli_dbgmsg("First section is in the wrong place\n");
|
| 719 | 719 |
if(ctx->virname) |
| 720 |
- *ctx->virname = md5_sect->virname; |
|
| 720 |
+ *ctx->virname = "Broken.Executable"; |
|
| 721 | 721 |
free(section_hdr); |
| 722 | 722 |
free(exe_sections); |
| 723 | 723 |
return CL_VIRUS; |
| ... | ... |
@@ -728,7 +730,7 @@ int cli_scanpe(int desc, cli_ctx *ctx) |
| 728 | 728 |
if (DETECT_BROKEN && EC32(section_hdr[i].VirtualAddress)-EC32(section_hdr[i-1].VirtualAddress)!= exe_sections[i-1].vsz) { /* No holes, no overlapping, no virtual disorder */
|
| 729 | 729 |
cli_dbgmsg("Virtually misplaced section (wrong order, overlapping, non contiguous)\n");
|
| 730 | 730 |
if(ctx->virname) |
| 731 |
- *ctx->virname = md5_sect->virname; |
|
| 731 |
+ *ctx->virname = "Broken.Executable"; |
|
| 732 | 732 |
free(section_hdr); |
| 733 | 733 |
free(exe_sections); |
| 734 | 734 |
return CL_VIRUS; |
| ... | ... |
@@ -2471,8 +2473,6 @@ int cli_peheader(int desc, struct cli_exe_info *peinfo) |
| 2471 | 2471 |
struct pe_image_optional_hdr64 opt64; |
| 2472 | 2472 |
struct pe_image_optional_hdr32 opt32; |
| 2473 | 2473 |
} pe_opt; |
| 2474 |
- struct pe_image_optional_hdr64 optional_hdr64 = pe_opt.opt64; |
|
| 2475 |
- struct pe_image_optional_hdr32 optional_hdr32 = pe_opt.opt32; |
|
| 2476 | 2474 |
struct pe_image_section_hdr *section_hdr; |
| 2477 | 2475 |
struct stat sb; |
| 2478 | 2476 |
int i; |