... | ... |
@@ -57,10 +57,11 @@ int32_t cli_bcapi_read(struct cli_bc_ctx* ctx, uint8_t *data, int32_t size) |
57 | 57 |
int n; |
58 | 58 |
if (!ctx->fmap) |
59 | 59 |
return -1; |
60 |
- if (size < 0) { |
|
60 |
+ if (size < 0 || size > CLI_MAX_ALLOCATION) { |
|
61 | 61 |
cli_errmsg("bytecode: negative read size: %d\n", size); |
62 | 62 |
return -1; |
63 | 63 |
} |
64 |
+/* cli_dbgmsg("read data at %d\n", ctx->off);*/ |
|
64 | 65 |
n = fmap_readn(ctx->fmap, data, ctx->off, size); |
65 | 66 |
if (n <= 0) |
66 | 67 |
return n; |
... | ... |
@@ -358,3 +359,27 @@ int32_t cli_bcapi_get_pe_section(struct cli_bc_ctx *ctx, struct cli_exe_section* |
358 | 358 |
} |
359 | 359 |
return -1; |
360 | 360 |
} |
361 |
+ |
|
362 |
+int32_t cli_bcapi_fill_buffer(struct cli_bc_ctx *ctx, uint8_t* buf, |
|
363 |
+ uint32_t buflen, uint32_t filled, |
|
364 |
+ uint32_t pos, uint32_t fill) |
|
365 |
+{ |
|
366 |
+ int32_t res, remaining, tofill; |
|
367 |
+ if (!buf || !buflen || buflen > CLI_MAX_ALLOCATION || filled > buflen) |
|
368 |
+ return -1; |
|
369 |
+ if (ctx->off >= ctx->file_size) |
|
370 |
+ return 0; |
|
371 |
+ remaining = filled - pos; |
|
372 |
+ if (remaining) { |
|
373 |
+ if (!CLI_ISCONTAINED(buf, buflen, buf+pos, remaining)) |
|
374 |
+ return -1; |
|
375 |
+ memmove(buf, buf+pos, remaining); |
|
376 |
+ } |
|
377 |
+ tofill = buflen - remaining; |
|
378 |
+ if (!CLI_ISCONTAINED(buf, buflen, buf+remaining, tofill)) |
|
379 |
+ return -1; |
|
380 |
+ res = cli_bcapi_read(ctx, buf+remaining, tofill); |
|
381 |
+ if (res <= 0) |
|
382 |
+ return res; |
|
383 |
+ return remaining + res; |
|
384 |
+} |
... | ... |
@@ -174,7 +174,7 @@ uint32_t pe_rawaddr(uint32_t rva); |
174 | 174 |
* @param[in] data the sequence of bytes to look for |
175 | 175 |
* @param len length of \p data, cannot be more than 1024 |
176 | 176 |
* @return offset in the current file if match is found, -1 otherwise */ |
177 |
-int32_t file_find(const uint8_t* data, uint32_t len); |
|
177 |
+int32_t file_find(const uint8_t* data, uint32_t len); |
|
178 | 178 |
|
179 | 179 |
/** Read a single byte from current file |
180 | 180 |
* @param offset file offset |
... | ... |
@@ -190,7 +190,23 @@ void* malloc(uint32_t size); |
190 | 190 |
|
191 | 191 |
uint32_t test2(uint32_t a); |
192 | 192 |
|
193 |
+/** Gets information about the specified PE section. |
|
194 |
+ * @param[out] section PE section information will be stored here |
|
195 |
+ * @param[in] num PE section number */ |
|
193 | 196 |
int32_t get_pe_section(struct cli_exe_section *section, uint32_t num); |
194 | 197 |
|
198 |
+/** Fills the specified buffer with at least \p fill bytes. |
|
199 |
+ * @param[out] buffer the buffer to fill |
|
200 |
+ * @param[in] len length of buffer |
|
201 |
+ * @param[in] filled how much of the buffer is currently filled |
|
202 |
+ * @param[in] cursor position of cursor in buffer |
|
203 |
+ * @param[in] fill amount of bytes to fill in (0 is valid) |
|
204 |
+ * @return <0 on error, |
|
205 |
+ * 0 on EOF, |
|
206 |
+ * number bytes available in buffer (starting from 0) |
|
207 |
+ * The character at the cursor will be at position 0 after this call. |
|
208 |
+ */ |
|
209 |
+int32_t fill_buffer(uint8_t* buffer, uint32_t len, uint32_t filled, uint32_t cur, uint32_t fill); |
|
210 |
+ |
|
195 | 211 |
#endif |
196 | 212 |
#endif |
... | ... |
@@ -53,6 +53,7 @@ int32_t cli_bcapi_file_byteat(struct cli_bc_ctx *ctx, uint32_t); |
53 | 53 |
uint8_t* cli_bcapi_malloc(struct cli_bc_ctx *ctx, uint32_t); |
54 | 54 |
uint32_t cli_bcapi_test2(struct cli_bc_ctx *ctx, uint32_t); |
55 | 55 |
int32_t cli_bcapi_get_pe_section(struct cli_bc_ctx *ctx, struct cli_exe_section*, uint32_t); |
56 |
+int32_t cli_bcapi_fill_buffer(struct cli_bc_ctx *ctx, uint8_t*, uint32_t, uint32_t, uint32_t, uint32_t); |
|
56 | 57 |
|
57 | 58 |
const struct cli_apiglobal cli_globals[] = { |
58 | 59 |
/* Bytecode globals BEGIN */ |
... | ... |
@@ -75,19 +76,20 @@ static uint16_t cli_tmp4[]={16, 8, 8, 32, 32, 32, 32, 32, 32, 32, 32, 32, 16, 16 |
75 | 75 |
static uint16_t cli_tmp5[]={32, 16, 16, 32, 32, 32, 16, 16}; |
76 | 76 |
static uint16_t cli_tmp6[]={32}; |
77 | 77 |
static uint16_t cli_tmp7[]={32}; |
78 |
-static uint16_t cli_tmp8[]={32, 78, 32}; |
|
79 |
-static uint16_t cli_tmp9[]={79}; |
|
80 |
-static uint16_t cli_tmp10[]={32, 32, 32, 32, 32, 32, 32, 32, 32}; |
|
81 |
-static uint16_t cli_tmp11[]={32, 32}; |
|
82 |
-static uint16_t cli_tmp12[]={65, 32}; |
|
83 |
-static uint16_t cli_tmp13[]={32, 65, 32}; |
|
84 |
-static uint16_t cli_tmp14[]={32, 84, 32}; |
|
85 |
-static uint16_t cli_tmp15[]={85}; |
|
86 |
-static uint16_t cli_tmp16[]={16, 8, 8, 8, 87, 86}; |
|
87 |
-static uint16_t cli_tmp17[]={8}; |
|
88 |
-static uint16_t cli_tmp18[]={88}; |
|
89 |
-static uint16_t cli_tmp19[]={8}; |
|
90 |
-static uint16_t cli_tmp20[]={32, 32, 32}; |
|
78 |
+static uint16_t cli_tmp8[]={32, 65, 32, 32, 32, 32}; |
|
79 |
+static uint16_t cli_tmp9[]={32, 79, 32}; |
|
80 |
+static uint16_t cli_tmp10[]={80}; |
|
81 |
+static uint16_t cli_tmp11[]={32, 32, 32, 32, 32, 32, 32, 32, 32}; |
|
82 |
+static uint16_t cli_tmp12[]={32, 32}; |
|
83 |
+static uint16_t cli_tmp13[]={65, 32}; |
|
84 |
+static uint16_t cli_tmp14[]={32, 65, 32}; |
|
85 |
+static uint16_t cli_tmp15[]={32, 85, 32}; |
|
86 |
+static uint16_t cli_tmp16[]={86}; |
|
87 |
+static uint16_t cli_tmp17[]={16, 8, 8, 8, 88, 87}; |
|
88 |
+static uint16_t cli_tmp18[]={8}; |
|
89 |
+static uint16_t cli_tmp19[]={89}; |
|
90 |
+static uint16_t cli_tmp20[]={8}; |
|
91 |
+static uint16_t cli_tmp21[]={32, 32, 32}; |
|
91 | 92 |
|
92 | 93 |
const struct cli_bc_type cli_apicall_types[]={ |
93 | 94 |
{DStructType, cli_tmp0, 11, 0, 0}, |
... | ... |
@@ -98,44 +100,46 @@ const struct cli_bc_type cli_apicall_types[]={ |
98 | 98 |
{DStructType, cli_tmp5, 8, 0, 0}, |
99 | 99 |
{DArrayType, cli_tmp6, 1, 0, 0}, |
100 | 100 |
{DArrayType, cli_tmp7, 64, 0, 0}, |
101 |
- {DFunctionType, cli_tmp8, 3, 0, 0}, |
|
102 |
- {DPointerType, cli_tmp9, 1, 0, 0}, |
|
103 |
- {DStructType, cli_tmp10, 9, 0, 0}, |
|
104 |
- {DFunctionType, cli_tmp11, 2, 0, 0}, |
|
101 |
+ {DFunctionType, cli_tmp8, 6, 0, 0}, |
|
102 |
+ {DFunctionType, cli_tmp9, 3, 0, 0}, |
|
103 |
+ {DPointerType, cli_tmp10, 1, 0, 0}, |
|
104 |
+ {DStructType, cli_tmp11, 9, 0, 0}, |
|
105 | 105 |
{DFunctionType, cli_tmp12, 2, 0, 0}, |
106 |
- {DFunctionType, cli_tmp13, 3, 0, 0}, |
|
106 |
+ {DFunctionType, cli_tmp13, 2, 0, 0}, |
|
107 | 107 |
{DFunctionType, cli_tmp14, 3, 0, 0}, |
108 |
- {DPointerType, cli_tmp15, 1, 0, 0}, |
|
109 |
- {DStructType, cli_tmp16, 6, 0, 0}, |
|
110 |
- {DArrayType, cli_tmp17, 29, 0, 0}, |
|
111 |
- {DArrayType, cli_tmp18, 3, 0, 0}, |
|
112 |
- {DArrayType, cli_tmp19, 10, 0, 0}, |
|
113 |
- {DFunctionType, cli_tmp20, 3, 0, 0} |
|
108 |
+ {DFunctionType, cli_tmp15, 3, 0, 0}, |
|
109 |
+ {DPointerType, cli_tmp16, 1, 0, 0}, |
|
110 |
+ {DStructType, cli_tmp17, 6, 0, 0}, |
|
111 |
+ {DArrayType, cli_tmp18, 29, 0, 0}, |
|
112 |
+ {DArrayType, cli_tmp19, 3, 0, 0}, |
|
113 |
+ {DArrayType, cli_tmp20, 10, 0, 0}, |
|
114 |
+ {DFunctionType, cli_tmp21, 3, 0, 0} |
|
114 | 115 |
}; |
115 | 116 |
|
116 | 117 |
const unsigned cli_apicall_maxtypes=sizeof(cli_apicall_types)/sizeof(cli_apicall_types[0]); |
117 | 118 |
const struct cli_apicall cli_apicalls[]={ |
118 | 119 |
/* Bytecode APIcalls BEGIN */ |
119 |
- {"test1", 20, 0, 0}, |
|
120 |
- {"read", 13, 0, 1}, |
|
121 |
- {"write", 13, 1, 1}, |
|
122 |
- {"seek", 20, 1, 0}, |
|
123 |
- {"setvirusname", 13, 2, 1}, |
|
124 |
- {"debug_print_str", 13, 3, 1}, |
|
125 |
- {"debug_print_uint", 11, 0, 2}, |
|
126 |
- {"disasm_x86", 14, 4, 1}, |
|
127 |
- {"trace_directory", 13, 5, 1}, |
|
128 |
- {"trace_scope", 13, 6, 1}, |
|
129 |
- {"trace_source", 13, 7, 1}, |
|
130 |
- {"trace_op", 13, 8, 1}, |
|
131 |
- {"trace_value", 13, 9, 1}, |
|
132 |
- {"trace_ptr", 13, 10, 1}, |
|
133 |
- {"pe_rawaddr", 11, 1, 2}, |
|
134 |
- {"file_find", 13, 11, 1}, |
|
135 |
- {"file_byteat", 11, 2, 2}, |
|
136 |
- {"malloc", 12, 0, 3}, |
|
137 |
- {"test2", 11, 3, 2}, |
|
138 |
- {"get_pe_section", 8, 12, 1} |
|
120 |
+ {"test1", 21, 0, 0}, |
|
121 |
+ {"read", 14, 0, 1}, |
|
122 |
+ {"write", 14, 1, 1}, |
|
123 |
+ {"seek", 21, 1, 0}, |
|
124 |
+ {"setvirusname", 14, 2, 1}, |
|
125 |
+ {"debug_print_str", 14, 3, 1}, |
|
126 |
+ {"debug_print_uint", 12, 0, 2}, |
|
127 |
+ {"disasm_x86", 15, 4, 1}, |
|
128 |
+ {"trace_directory", 14, 5, 1}, |
|
129 |
+ {"trace_scope", 14, 6, 1}, |
|
130 |
+ {"trace_source", 14, 7, 1}, |
|
131 |
+ {"trace_op", 14, 8, 1}, |
|
132 |
+ {"trace_value", 14, 9, 1}, |
|
133 |
+ {"trace_ptr", 14, 10, 1}, |
|
134 |
+ {"pe_rawaddr", 12, 1, 2}, |
|
135 |
+ {"file_find", 14, 11, 1}, |
|
136 |
+ {"file_byteat", 12, 2, 2}, |
|
137 |
+ {"malloc", 13, 0, 3}, |
|
138 |
+ {"test2", 12, 3, 2}, |
|
139 |
+ {"get_pe_section", 9, 12, 1}, |
|
140 |
+ {"fill_buffer", 8, 0, 4} |
|
139 | 141 |
/* Bytecode APIcalls END */ |
140 | 142 |
}; |
141 | 143 |
const cli_apicall_int2 cli_apicalls0[] = { |
... | ... |
@@ -166,4 +170,7 @@ const cli_apicall_int1 cli_apicalls2[] = { |
166 | 166 |
const cli_apicall_malloclike cli_apicalls3[] = { |
167 | 167 |
(cli_apicall_malloclike)cli_bcapi_malloc |
168 | 168 |
}; |
169 |
+const cli_apicall_ptrbuffdata cli_apicalls4[] = { |
|
170 |
+ (cli_apicall_ptrbuffdata)cli_bcapi_fill_buffer |
|
171 |
+}; |
|
169 | 172 |
const unsigned cli_apicall_maxapi = sizeof(cli_apicalls)/sizeof(cli_apicalls[0]); |
... | ... |
@@ -50,5 +50,6 @@ int32_t cli_bcapi_file_byteat(struct cli_bc_ctx *ctx, uint32_t); |
50 | 50 |
uint8_t* cli_bcapi_malloc(struct cli_bc_ctx *ctx, uint32_t); |
51 | 51 |
uint32_t cli_bcapi_test2(struct cli_bc_ctx *ctx, uint32_t); |
52 | 52 |
int32_t cli_bcapi_get_pe_section(struct cli_bc_ctx *ctx, struct cli_exe_section*, uint32_t); |
53 |
+int32_t cli_bcapi_fill_buffer(struct cli_bc_ctx *ctx, uint8_t*, uint32_t, uint32_t, uint32_t, uint32_t); |
|
53 | 54 |
|
54 | 55 |
#endif |
... | ... |
@@ -1399,6 +1399,9 @@ int cli_bytecode_prepare_jit(struct cli_all_bc *bcs) |
1399 | 1399 |
case 3: |
1400 | 1400 |
dest = (void*)(intptr_t)cli_apicalls3[api->idx]; |
1401 | 1401 |
break; |
1402 |
+ case 4: |
|
1403 |
+ dest = (void*)(intptr_t)cli_apicalls4[api->idx]; |
|
1404 |
+ break; |
|
1402 | 1405 |
default: |
1403 | 1406 |
llvm_unreachable("invalid api type"); |
1404 | 1407 |
} |
... | ... |
@@ -45,6 +45,7 @@ typedef uint32_t (*cli_apicall_int2)(struct cli_bc_ctx *, uint32_t, uint32_t); |
45 | 45 |
typedef uint32_t (*cli_apicall_pointer)(struct cli_bc_ctx *, void*, uint32_t); |
46 | 46 |
typedef uint32_t (*cli_apicall_int1)(struct cli_bc_ctx *, uint32_t); |
47 | 47 |
typedef void* (*cli_apicall_malloclike)(struct cli_bc_ctx *, uint32_t); |
48 |
+typedef void* (*cli_apicall_ptrbuffdata)(struct cli_bc_ctx *, void*, uint32_t, uint32_t, uint32_t, uint32_t); |
|
48 | 49 |
|
49 | 50 |
struct cli_apicall { |
50 | 51 |
const char *name; |
... | ... |
@@ -73,6 +74,7 @@ extern const cli_apicall_int2 cli_apicalls0[]; |
73 | 73 |
extern const cli_apicall_pointer cli_apicalls1[]; |
74 | 74 |
extern const cli_apicall_int1 cli_apicalls2[]; |
75 | 75 |
extern const cli_apicall_malloclike cli_apicalls3[]; |
76 |
+extern const cli_apicall_ptrbuffdata cli_apicalls4[]; |
|
76 | 77 |
extern const unsigned cli_apicall_maxapi; |
77 | 78 |
extern const unsigned cli_apicall_maxglobal; |
78 | 79 |
|
... | ... |
@@ -1,4 +1,4 @@ |
1 |
-ClamBCafhdndbigkd|afefdfggifnf```````|bhacflfafmfbfcfmb`cnb`cacmbacdcmbgfafdfccacacbfgc``ahafp`clamcoincidencejb:66 |
|
1 |
+ClamBCafhkfogjikd|afefdfggifnf```````|ahbf`ceccficacbf``ahafp`clamcoincidencejb:66 |
|
2 | 2 |
|
3 | 3 |
Tedaaa`aabb`bb`baacb`bb`bb`b |
4 | 4 |
Ebcaabbcabfd|afdgefcgdgbc``aabgd|afdgefcgdgac`` |