1. clamav-devel
  2. Commit fa7ae4ccbc69b7f326ee1024d9013eccfccc2010
Browse code

bytecode api: updated copyright information bytecode api: added json properties reading implementation

Kevin Lin authored on 2014/05/07 04:26:30
Showing 4 changed files
libclamav/bytecode_api.c
History View file @ fa7ae4c
... ... 
@@ -54,6 +54,9 @@
54 54 
 #include "hashtab.h"
55 55 
 #include "str.h"
56 56 
 #include "filetypes.h"
57 
+#if HAVE_JSON
58 
+#include "json/json.h"
59 
+#endif
57 60
58 61 
 #define EV ctx->bc_events
59 62
... ... 
@@ -139,6 +142,8 @@ uint32_t cli_bcapi_debug_print_str(struct cli_bc_ctx *ctx, const uint8_t *str, u
139 139 
 uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t a)
140 140 
 {
141 141 
     cli_event_int(EV, BCEV_DBG_INT, a);
142 
+    //cli_dbgmsg("bytecode debug: %d\n", a);
143 
+    //return 0;
142 144 
     if (!cli_debug_flag)
143 145 
         return 0;
144 146 
     return fprintf(stderr, "%d", a);
... ... 
@@ -447,7 +452,7 @@ uint8_t* cli_bcapi_malloc(struct cli_bc_ctx *ctx, uint32_t size)
447 447 
     return v;
448 448 
 }
449 449
450 
-int32_t cli_bcapi_get_pe_section(struct cli_bc_ctx *ctx, void* section, uint32_t num)
450 
+int32_t cli_bcapi_get_pe_section(struct cli_bc_ctx *ctx, struct cli_exe_section* section, uint32_t num)
451 451 
 {
452 452 
     if (num < ctx->hooks.pedata->nsections) {
453 453 
         memcpy(section, &ctx->sections[num], sizeof(struct cli_exe_section));
... ... 
@@ -1293,7 +1298,7 @@ int32_t cli_bcapi_input_switch(struct cli_bc_ctx *ctx , int32_t extracted_file)
1293 1293 
 uint32_t cli_bcapi_get_environment(struct cli_bc_ctx *ctx , struct cli_environment* env, uint32_t len)
1294 1294 
 {
1295 1295 
     if (len > sizeof(*env)) {
1296 
-        cli_dbgmsg("cli_bcapi_get_environment len %u > %lu\n", len, sizeof(*env));
1296 
+        cli_dbgmsg("cli_bcapi_get_environment len %u > %lu\n", len, (unsigned long)sizeof(*env));
1297 1297 
         return -1;
1298 1298 
     }
1299 1299 
     memcpy(env, ctx->env, len);
... ... 
@@ -1525,3 +1530,288 @@ int32_t cli_bcapi_get_file_reliability(struct cli_bc_ctx *ctx )
1525 1525 
     cli_ctx *cctx = (cli_ctx*)ctx->ctx;
1526 1526 
     return cctx ? cctx->corrupted_input : 3;
1527 1527 
 }
1528 
+
1529 
+int32_t cli_bcapi_json_is_active(struct cli_bc_ctx *ctx )
1530 
+{
1531 
+#if HAVE_JSON
1532 
+    cli_ctx *cctx = (cli_ctx*)ctx->ctx;
1533 
+    if (cctx->properties != NULL) {
1534 
+        return 1;
1535 
+    }
1536 
+#else
1537 
+    cli_dbgmsg("bytecode api: libjson is not enabled!\n");
1538 
+#endif
1539 
+    return 0;
1540 
+}
1541 
+
1542 
+static int32_t cli_bcapi_json_objs_init(struct cli_bc_ctx *ctx) {
1543 
+#if HAVE_JSON
1544 
+    unsigned n = ctx->njsonobjs + 1;
1545 
+    json_object **j;
1546 
+    cli_ctx *cctx = (cli_ctx *)ctx->ctx;
1547 
+
1548 
+    j = cli_realloc(ctx->jsonobjs, sizeof(*ctx->jsonobjs)*n);
1549 
+    if (!j) { /* memory allocation failure */
1550 
+        cli_event_error_oom(EV, 0);
1551 
+        return -1;
1552 
+    }
1553 
+    ctx->jsonobjs = j;
1554 
+    ctx->njsonobjs = n;
1555 
+    j[n-1] = cctx->properties;
1556 
+
1557 
+    return 0;
1558 
+#else
1559 
+    return -1;
1560 
+#endif
1561 
+}
1562 
+
1563 
+#define INIT_JSON_OBJS(ctx)\
1564 
+    if (ctx->njsonobjs == 0) {                                          \
1565 
+        if (cli_bcapi_json_objs_init(ctx)) {                            \
1566 
+            return -1;                                                  \
1567 
+        }                                                               \
1568 
+    }                                                                   \
1569 
+
1570 
+int32_t cli_bcapi_json_get_object(struct cli_bc_ctx *ctx, const int8_t* name, int32_t name_len, int32_t objid)
1571 
+{
1572 
+#if HAVE_JSON
1573 
+    unsigned n;
1574 
+    json_object **j, *jobj;
1575 
+    char *namep;
1576 
+
1577 
+    INIT_JSON_OBJS(ctx);
1578 
+    if (objid < 0 || objid >= ctx->njsonobjs) {
1579 
+        cli_dbgmsg("bytecode api[json_get_object]: invalid json objid requested\n");
1580 
+        return -1;
1581 
+    }
1582 
+
1583 
+    if (!name || name_len < 0) {
1584 
+        cli_dbgmsg("bytecode api[json_get_object]: unnamed object queried\n");
1585 
+        return -1;
1586 
+    }
1587 
+
1588 
+    n = ctx->njsonobjs + 1;
1589 
+    jobj = ctx->jsonobjs[objid];
1590 
+    if (!jobj) /* shouldn't be possible */
1591 
+        return -1;
1592 
+    namep = (char*)cli_malloc(sizeof(char)*(name_len+1));
1593 
+    if (!namep)
1594 
+        return -1;
1595 
+    strncpy(namep, (char*)name, name_len);
1596 
+    namep[name_len] = '\0';
1597 
+
1598 
+    jobj = json_object_object_get(jobj,namep);
1599 
+    if (!jobj) { /* object not found */
1600 
+        free(namep);
1601 
+        return 0;
1602 
+    }
1603 
+
1604 
+    j = cli_realloc(ctx->jsonobjs, sizeof(*ctx->jsonobjs)*n);
1605 
+    if (!j) { /* memory allocation failure */
1606 
+        free(namep);
1607 
+        cli_event_error_oom(EV, 0);
1608 
+        return -1;
1609 
+    }
1610 
+    ctx->jsonobjs = j;
1611 
+    ctx->njsonobjs = n;
1612 
+    j[n-1] = jobj;
1613 
+
1614 
+    cli_dbgmsg("bytecode api[json_get_object]: assigned %s => ID %d\n", namep, n-1);
1615 
+    free(namep);
1616 
+    return n-1;
1617 
+#else
1618 
+    cli_dbgmsg("bytecode api: libjson is not enabled!\n");
1619 
+    return -1;
1620 
+#endif
1621 
+}
1622 
+
1623 
+int32_t cli_bcapi_json_get_type(struct cli_bc_ctx *ctx, int32_t objid)
1624 
+{
1625 
+#if HAVE_JSON
1626 
+    enum json_type type;
1627 
+
1628 
+    INIT_JSON_OBJS(ctx);
1629 
+    if (objid < 0 || objid >= ctx->njsonobjs) {
1630 
+        cli_dbgmsg("bytecode api[json_get_type]: invalid json objid requested\n");
1631 
+        return -1;
1632 
+    }
1633 
+
1634 
+    type = json_object_get_type(ctx->jsonobjs[objid]);
1635 
+    switch (type) {
1636 
+    case json_type_null:
1637 
+        return JSON_TYPE_NULL;
1638 
+    case json_type_boolean:
1639 
+        return JSON_TYPE_BOOLEAN;
1640 
+    case json_type_double:
1641 
+        return JSON_TYPE_DOUBLE;
1642 
+    case json_type_int:
1643 
+        return JSON_TYPE_INT;
1644 
+    case json_type_object:
1645 
+        return JSON_TYPE_OBJECT;
1646 
+    case json_type_array:
1647 
+        return JSON_TYPE_ARRAY;
1648 
+    case json_type_string:
1649 
+        return JSON_TYPE_STRING;
1650 
+    default:
1651 
+        cli_dbgmsg("bytecode api[json_get_type]: unrecognized json type %d\n", type);
1652 
+    }
1653 
+
1654 
+#else
1655 
+    cli_dbgmsg("bytecode api: libjson is not enabled!\n");
1656 
+#endif
1657 
+    return -1;
1658 
+}
1659 
+
1660 
+int32_t cli_bcapi_json_get_array_length(struct cli_bc_ctx *ctx, int32_t objid)
1661 
+{
1662 
+#if HAVE_JSON
1663 
+    enum json_type type;
1664 
+
1665 
+    INIT_JSON_OBJS(ctx);
1666 
+    if (objid < 0 || objid >= ctx->njsonobjs) {
1667 
+        cli_dbgmsg("bytecode api[json_array_get_length]: invalid json objid requested\n");
1668 
+        return -1;
1669 
+    }
1670 
+
1671 
+    type = json_object_get_type(ctx->jsonobjs[objid]);
1672 
+    if (type != json_type_array) {
1673 
+        return -2; /* error code for not an array */
1674 
+    }
1675 
+
1676 
+    return json_object_array_length(ctx->jsonobjs[objid]);
1677 
+#else
1678 
+    cli_dbgmsg("bytecode api: libjson is not enabled!\n");
1679 
+    return -1;
1680 
+#endif
1681 
+}
1682 
+
1683 
+int32_t cli_bcapi_json_get_array_idx(struct cli_bc_ctx *ctx, int32_t idx, int32_t objid)
1684 
+{
1685 
+#if HAVE_JSON
1686 
+    enum json_type type;
1687 
+    unsigned n;
1688 
+    int length;
1689 
+    json_object **j, *jarr = NULL, *jobj = NULL;
1690 
+
1691 
+    INIT_JSON_OBJS(ctx);
1692 
+    if (objid < 0 || objid >= ctx->njsonobjs) {
1693 
+        cli_dbgmsg("bytecode api[json_array_get_idx]: invalid json objid requested\n");
1694 
+        return -1;
1695 
+    }
1696 
+
1697 
+    jarr = ctx->jsonobjs[objid];
1698 
+    if (!jarr) /* shouldn't be possible */
1699 
+        return -1;
1700 
+
1701 
+    type = json_object_get_type(jarr);
1702 
+    if (type != json_type_array) {
1703 
+        return -2; /* error code for not an array */
1704 
+    }
1705 
+
1706 
+    length = json_object_array_length(jarr);
1707 
+    if (idx >= 0 && idx < length) {
1708 
+        n = ctx->njsonobjs + 1;
1709 
+
1710 
+        jobj = json_object_array_get_idx(jarr,idx);
1711 
+        if (!jobj) { /* object not found */
1712 
+            return 0;
1713 
+        }
1714 
+
1715 
+        j = cli_realloc(ctx->jsonobjs, sizeof(*ctx->jsonobjs)*n);
1716 
+        if (!j) { /* memory allocation failure */
1717 
+            cli_event_error_oom(EV, 0);
1718 
+            return -1;
1719 
+        }
1720 
+        ctx->jsonobjs = j;
1721 
+        ctx->njsonobjs = n;
1722 
+        j[n-1] = jobj;
1723 
+
1724 
+        cli_dbgmsg("bytecode api[json_array_get_idx]: assigned array @ %d => ID %d\n", idx, n-1);
1725 
+        return n-1;
1726 
+    }
1727 
+
1728 
+    return 0;
1729 
+#else
1730 
+    cli_dbgmsg("bytecode api: libjson is not enabled!\n");
1731 
+    return -1;
1732 
+#endif
1733 
+}
1734 
+
1735 
+int32_t cli_bcapi_json_get_string_length(struct cli_bc_ctx *ctx, int32_t objid)
1736 
+{
1737 
+#if HAVE_JSON
1738 
+    enum json_type type;
1739 
+    json_object *jobj;
1740 
+    int32_t len;
1741 
+    const char *jstr;
1742 
+
1743 
+    INIT_JSON_OBJS(ctx);
1744 
+    if (objid < 0 || objid >= ctx->njsonobjs) {
1745 
+        cli_dbgmsg("bytecode api[json_array_get_idx]: invalid json objid requested\n");
1746 
+        return -1;
1747 
+    }
1748 
+
1749 
+    jobj = ctx->jsonobjs[objid];
1750 
+    if (!jobj) /* shouldn't be possible */
1751 
+        return -1;
1752 
+
1753 
+    type = json_object_get_type(jobj);
1754 
+    if (type != json_type_string) {
1755 
+        return -2; /* error code for not an array */
1756 
+    }
1757 
+
1758 
+    //len = json_object_get_string_len(jobj); /* not in JSON <0.10 */
1759 
+    jstr = json_object_get_string(jobj);
1760 
+    len = strlen(jstr);
1761 
+
1762 
+    return len;
1763 
+#else
1764 
+    cli_dbgmsg("bytecode api: libjson is not enabled!\n");
1765 
+    return -1;
1766 
+#endif
1767 
+}
1768 
+
1769 
+int32_t cli_bcapi_json_get_string(struct cli_bc_ctx *ctx, int8_t* str, int32_t str_len, int32_t objid)
1770 
+{
1771 
+#if HAVE_JSON
1772 
+    enum json_type type;
1773 
+    json_object *jobj;
1774 
+    int32_t len;
1775 
+    const char *jstr;
1776 
+
1777 
+    INIT_JSON_OBJS(ctx);
1778 
+    if (objid < 0 || objid >= ctx->njsonobjs) {
1779 
+        cli_dbgmsg("bytecode api[json_array_get_idx]: invalid json objid requested\n");
1780 
+        return -1;
1781 
+    }
1782 
+
1783 
+    jobj = ctx->jsonobjs[objid];
1784 
+    if (!jobj) /* shouldn't be possible */
1785 
+        return -1;
1786 
+
1787 
+    type = json_object_get_type(jobj);
1788 
+    if (type != json_type_string) {
1789 
+        return -2; /* error code for not an array */
1790 
+    }
1791 
+
1792 
+    //len = json_object_get_string_len(jobj); /* not in JSON <0.10 */
1793 
+    jstr = json_object_get_string(jobj);
1794 
+    len = strlen(jstr);
1795 
+
1796 
+    if (len+1 > str_len) {
1797 
+        /* limit on str-len */
1798 
+        strncpy(str, jstr, str_len-1);
1799 
+        str[str_len-1] = '\0';
1800 
+        return str_len;
1801 
+    }
1802 
+    else {
1803 
+        /* limit on len+1 */
1804 
+        strncpy(str, jstr, len);
1805 
+        str[len] = '\0';
1806 
+        return len+1;
1807 
+    }
1808 
+#else
1809 
+    cli_dbgmsg("bytecode api: libjson is not enabled!\n");
1810 
+    return -1;
1811 
+#endif
1812 
+}
libclamav/bytecode_api.h
History View file @ fa7ae4c
... ... 
@@ -1,7 +1,8 @@
1 1 
 /*
2 
- *  Copyright (C) 2009-2010 Sourcefire, Inc.
2 
+ *  Copyright (C) 2009-2013 Sourcefire, Inc.
3 
+ *  Copyright (C) 2014 Cisco Systems, Inc. and/or its affiliates.
3 4 
  *  All rights reserved.
4 
- *  Authors: Török Edvin
5 
+ *  Authors: Török Edvin, Kevin Lin
5 6 
  *
6 7 
  * Redistribution and use in source and binary forms, with or without
7 8 
  * modification, are permitted provided that the following conditions
... ... 
@@ -41,149 +42,211 @@ struct cli_exe_section;
41 41 
 struct DISASM_RESULT;
42 42 
 #endif
43 43
44 
-/** Bytecode trigger kind */
44 
+/**
45 
+\group_config
46 
+ * Specifies the bytecode type and how ClamAV executes it
47 
+ */
45 48 
 enum BytecodeKind {
46 49 
     /** generic bytecode, not tied a specific hook */
47 50 
     BC_GENERIC=0,
51 
+    /** triggered at startup, only one is allowed per ClamAV startup */
48 52 
     BC_STARTUP=1,
49 53 
     _BC_START_HOOKS=256,
50 
-    /** triggered by a logical signature */
54 
+    /** executed on a logical trigger */
51 55 
     BC_LOGICAL=256,
52 
-    /** a PE unpacker */
56 
+    /** specifies a PE unpacker, executed on PE files on a logical trigger */
53 57 
     BC_PE_UNPACKER,
54 
-    /* PDF hook */
58 
+    /** specifies a PDF hook, executes at a predetermined point of PDF parsing for PDF files */
55 59 
     BC_PDF,
56 
-    BC_PE_ALL,/* both packed and unpacked files */
60 
+    /** specifies a PE hook, executes at a predetermined point in PE parsing for PE files,
61 
+      * both packed and unpacked files */
62 
+    BC_PE_ALL,
57 63 
     _BC_LAST_HOOK
58 64 
 };
59 65
60 66 
 enum {
61 
-  /** Invalid RVA specified */
67 
+  /**
68 
+\group_pe
69 
+   * Invalid RVA specified
70 
+   */
62 71 
   PE_INVALID_RVA = 0xFFFFFFFF
63 72 
 };
64 73
65 
-/** LibClamAV functionality level constants */
74 
+/**
75 
+\group_config
76 
+ * LibClamAV functionality level constants
77 
+ */
66 78 
 enum FunctionalityLevels {
67 
-    FUNC_LEVEL_096 = 51,
68 
-    FUNC_LEVEL_096_dev,
69 
-    FUNC_LEVEL_096_1,
70 
-    FUNC_LEVEL_096_1_dev=54,
71 
-    FUNC_LEVEL_096_2=54,
72 
-    FUNC_LEVEL_096_2_dev
79 
+    FUNC_LEVEL_096       = 51, /**< LibClamAV release 0.96.0: bytecode engine released */
80 
+    FUNC_LEVEL_096_dev   = 52,
81 
+    FUNC_LEVEL_096_1     = 53, /**< LibClamAV release 0.96.1: logical signature use of VI/macros
82 
+                                * requires this minimum functionality level */
83 
+    FUNC_LEVEL_096_1_dev = 54,
84 
+    FUNC_LEVEL_096_2     = 54, /**< LibClamAV release 0.96.2: PDF Hooks require this minimum level */
85 
+    FUNC_LEVEL_096_2_dev = 55,
86 
+    FUNC_LEVEL_096_3     = 55, /**< LibClamAV release 0.96.3: BC_PE_ALL bytecodes require this minimum level */
87 
+    FUNC_LEVEL_096_4     = 56, /**< LibClamAV release 0.96.4: minimum recommended engine version, older versions
88 
+                                * have quadratic load time */
89 
+    FUNC_LEVEL_096_5     = 58, /**< LibClamAV release 0.96.5 */
90 
+    FUNC_LEVEL_097       = 60, /**< LibClamAV release 0.97.0: older bytecodes may incorrectly use 57 */
91 
+    FUNC_LEVEL_097_1     = 61, /**< LibClamAV release 0.97.1 */
92 
+    FUNC_LEVEL_097_2     = 62, /**< LibClamAV release 0.97.2 */
93 
+    FUNC_LEVEL_097_3     = 63, /**< LibClamAV release 0.97.3 */ /*last bcc changes as former team resigns*/
94 
+    FUNC_LEVEL_097_4     = 64, /**< LibClamAV release 0.97.4 */
95 
+    FUNC_LEVEL_097_5     = 65, /**< LibClamAV release 0.97.5 */
96 
+    FUNC_LEVEL_097_6     = 67, /**< LibClamAV release 0.97.6 */
97 
+    FUNC_LEVEL_097_7     = 68, /**< LibClamAV release 0.97.7 */
98 
+    FUNC_LEVEL_097_8     = 69, /**< LibClamAV release 0.97.8 */
99 
+    FUNC_LEVEL_098_1     = 76, /**< LibClamAV release 0.98.2 */ /*last syncing to clamav*/
100 
+    FUNC_LEVEL_098_2     = 77, /**< LibClamAV release 0.98.2 */
101 
+    FUNC_LEVEL_098_3     = 78, /**< LibClamAV release 0.98.3 */
102 
+    FUNC_LEVEL_100       = 100 /*future release candidate*/
73 103 
 };
74 104
75 
-/** Phase of PDF parsing */
105 
+/**
106 
+\group_pdf
107 
+ * Phase of PDF parsing used for PDF Hooks
108 
+ */
76 109 
 enum pdf_phase {
77 
-    PDF_PHASE_NONE /* not a PDF */,
78 
-    PDF_PHASE_PARSED, /* after parsing a PDF, object flags can be set etc. */
79 
-    PDF_PHASE_POSTDUMP, /* after an obj was dumped and scanned */
80 
-    PDF_PHASE_END, /* after the pdf scan finished */
81 
-    PDF_PHASE_PRE /* before pdf is parsed at all */
110 
+    PDF_PHASE_NONE,     /* not a PDF */
111 
+    PDF_PHASE_PARSED,   /**< after parsing a PDF, object flags can be set etc. */
112 
+    PDF_PHASE_POSTDUMP, /**< after an obj was dumped and scanned */
113 
+    PDF_PHASE_END,      /**< after the pdf scan finished */
114 
+    PDF_PHASE_PRE       /**< before pdf is parsed at all */
82 115 
 };
83 116
84 
-/** PDF flags */
117 
+/**
118 
+\group_pdf
119 
+ * PDF flags
120 
+ */
85 121 
 enum pdf_flag {
86 
-    BAD_PDF_VERSION=0,
87 
-    BAD_PDF_HEADERPOS,
88 
-    BAD_PDF_TRAILER,
89 
-    BAD_PDF_TOOMANYOBJS,
90 
-    BAD_STREAM_FILTERS,
91 
-    BAD_FLATE,
92 
-    BAD_FLATESTART,
93 
-    BAD_STREAMSTART,
94 
-    BAD_ASCIIDECODE,
95 
-    BAD_INDOBJ,
96 
-    UNTERMINATED_OBJ_DICT,
97 
-    ESCAPED_COMMON_PDFNAME,
98 
-    HEX_JAVASCRIPT,
99 
-    UNKNOWN_FILTER,
100 
-    MANY_FILTERS,
101 
-    HAS_OPENACTION,
102 
-    BAD_STREAMLEN,
103 
-    ENCRYPTED_PDF,
104 
-    LINEARIZED_PDF, /* not bad, just as flag */
105 
-    DECRYPTABLE_PDF,
106 
-    HAS_LAUNCHACTION
122 
+    BAD_PDF_VERSION=0,      /**< */
123 
+    BAD_PDF_HEADERPOS,      /**< */
124 
+    BAD_PDF_TRAILER,        /**< */
125 
+    BAD_PDF_TOOMANYOBJS,    /**< */
126 
+    BAD_STREAM_FILTERS,     /**< */
127 
+    BAD_FLATE,              /**< */
128 
+    BAD_FLATESTART,         /**< */
129 
+    BAD_STREAMSTART,        /**< */
130 
+    BAD_ASCIIDECODE,        /**< */
131 
+    BAD_INDOBJ,             /**< */
132 
+    UNTERMINATED_OBJ_DICT,  /**< */
133 
+    ESCAPED_COMMON_PDFNAME, /**< */
134 
+    HEX_JAVASCRIPT,         /**< */
135 
+    UNKNOWN_FILTER,         /**< */
136 
+    MANY_FILTERS,           /**< */
137 
+    HAS_OPENACTION,         /**< */
138 
+    BAD_STREAMLEN,          /**< */
139 
+    ENCRYPTED_PDF,          /**< */
140 
+    LINEARIZED_PDF,         /**< */ /* not bad, just as flag */
141 
+    DECRYPTABLE_PDF,        /**< */
142 
+    HAS_LAUNCHACTION        /**< */
107 143 
 };
108 144
109 
-/** PDF obj flags */
145 
+/**
146 
+\group_pdf
147 
+ * PDF obj flags
148 
+ */
110 149 
 enum pdf_objflags {
111 
-    OBJ_STREAM=0,
112 
-    OBJ_DICT,
113 
-    OBJ_EMBEDDED_FILE,
114 
-    OBJ_FILTER_AH,
115 
-    OBJ_FILTER_A85,
116 
-    OBJ_FILTER_FLATE,
117 
-    OBJ_FILTER_LZW,
118 
-    OBJ_FILTER_RL,
119 
-    OBJ_FILTER_FAX,
120 
-    OBJ_FILTER_JBIG2,
121 
-    OBJ_FILTER_DCT,
122 
-    OBJ_FILTER_JPX,
123 
-    OBJ_FILTER_CRYPT,
124 
-    OBJ_FILTER_UNKNOWN,
125 
-    OBJ_JAVASCRIPT,
126 
-    OBJ_OPENACTION,
127 
-    OBJ_HASFILTERS,
128 
-    OBJ_SIGNED,
129 
-    OBJ_IMAGE,
130 
-    OBJ_TRUNCATED,
131 
-    OBJ_FORCEDUMP,
132 
-    OBJ_FILTER_STANDARD,
133 
-    OBJ_LAUNCHACTION,
134 
-    OBJ_PAGE,
135 
-    OBJ_CONTENTS
150 
+    OBJ_STREAM=0,        /**< */
151 
+    OBJ_DICT,            /**< */
152 
+    OBJ_EMBEDDED_FILE,   /**< */
153 
+    OBJ_FILTER_AH,       /**< */
154 
+    OBJ_FILTER_A85,      /**< */
155 
+    OBJ_FILTER_FLATE,    /**< */
156 
+    OBJ_FILTER_LZW,      /**< */
157 
+    OBJ_FILTER_RL,       /**< */
158 
+    OBJ_FILTER_FAX,      /**< */
159 
+    OBJ_FILTER_JBIG2,    /**< */
160 
+    OBJ_FILTER_DCT,      /**< */
161 
+    OBJ_FILTER_JPX,      /**< */
162 
+    OBJ_FILTER_CRYPT,    /**< */
163 
+    OBJ_FILTER_UNKNOWN,  /**< */
164 
+    OBJ_JAVASCRIPT,      /**< */
165 
+    OBJ_OPENACTION,      /**< */
166 
+    OBJ_HASFILTERS,      /**< */
167 
+    OBJ_SIGNED,          /**< */
168 
+    OBJ_IMAGE,           /**< */
169 
+    OBJ_TRUNCATED,       /**< */
170 
+    OBJ_FORCEDUMP,       /**< */
171 
+    OBJ_FILTER_STANDARD, /**< */
172 
+    OBJ_LAUNCHACTION,    /**< */
173 
+    OBJ_PAGE,            /**< */
174 
+    OBJ_CONTENTS         /**< */
175 
+};
176 
+
177 
+/**
178 
+\group_json
179 
+ * JSON types
180 
+ */
181 
+enum bc_json_type {
182 
+    JSON_TYPE_NULL=0,    /**< */
183 
+    JSON_TYPE_BOOLEAN,   /**< */
184 
+    JSON_TYPE_DOUBLE,    /**< */
185 
+    JSON_TYPE_INT,       /**< */
186 
+    JSON_TYPE_OBJECT,    /**< */
187 
+    JSON_TYPE_ARRAY,     /**< */
188 
+    JSON_TYPE_STRING     /**< */
136 189 
 };
137 190
138 191 
 #ifdef __CLAMBC__
139 192
140 193 
 /* --------------- BEGIN GLOBALS -------------------------------------------- */
141 
-/** @brief Logical signature match counts
142 
- *
143 
- *  This is a low-level variable, use the Macros in bytecode_local.h instead to
144 
- *  access it.
194 
+/**
145 195 
 \group_globals
146 
- * */
196 
+ * Logical signature match counts
197 
+ * @brief This is a low-level variable, use the Macros in bytecode_local.h instead to
198 
+ *        access it.
199 
+ */
147 200 
 extern const uint32_t __clambc_match_counts[64];
148 201
149 
-/** @brief Logical signature match offsets
150 
-  * This is a low-level variable, use the Macros in bytecode_local.h instead to
151 
-  * access it.
202 
+/**
152 203 
 \group_globals
204 
+  * Logical signature match offsets
205 
+  * @brief This is a low-level variable, use the Macros in bytecode_local.h instead to
206 
+  *        access it.
153 207 
   */
154 208 
 extern const uint32_t __clambc_match_offsets[64];
155 209
156 
-/** PE data, if this is a PE hook.
157 
-  \group_globals */
210 
+/**
211 
+\group_globals
212 
+ * PE data, if this is a PE hook.
213 
+ */
158 214 
 extern const struct cli_pe_hook_data __clambc_pedata;
159 
-/** File size (max 4G).
160 
-   \group_globals */
215 
+/**
216 
+\group_globals
217 
+ * File size (max 4G).
218 
+ */
161 219 
 extern const uint32_t __clambc_filesize[1];
162 220
163 
-/** Kind of the bytecode
221 
+/**
164 222 
 \group_globals
165 
-*/
223 
+ * Kind of the bytecode, affects LibClamAV usage
224 
+ */
166 225 
 const uint16_t __clambc_kind;
167 226 
 /* ---------------- END GLOBALS --------------------------------------------- */
168 227 
 /* ---------------- BEGIN 0.96 APIs (don't touch) --------------------------- */
169 
-/** Test api.
170 
-  @param a 0xf00dbeef
171 
-  @param b 0xbeeff00d
172 
-  @return 0x12345678 if parameters match, 0x55 otherwise
228 
+/**
229 
+ * Test api.
230 
+ * @param[in] a 0xf00dbeef
231 
+ * @param[in] b 0xbeeff00d
232 
+ * @return 0x12345678 if parameters match, 0x55 otherwise
173 233 
 */
174 234 
 uint32_t test1(uint32_t a, uint32_t b);
175 235
176 236 
 /**
177 
- * @brief Reads specified amount of bytes from the current file
237 
+\group_file
238 
+ * Reads specified amount of bytes from the current file
178 239 
  * into a buffer. Also moves current position in the file.
179 
- *
180 240 
  * @param[in] size amount of bytes to read
181 241 
  * @param[out] data pointer to buffer where data is read into
182 242 
  * @return amount read.
183 
- * \group_file
184 243 
  */
185 244 
 int32_t read(uint8_t *data, int32_t size);
186 245
246 
+/**
247 
+\group_file
248 
+ */
187 249 
 enum {
188 250 
     /**set file position to specified absolute position */
189 251 
     SEEK_SET=0,
... ... 
@@ -194,58 +257,56 @@ enum {
194 194 
 };
195 195
196 196 
 /**
197 
- * @brief Writes the specified amount of bytes from a buffer to the
197 
+\group_file
198 
+ * Writes the specified amount of bytes from a buffer to the
198 199 
  * current temporary file.
199 200 
  * @param[in] data pointer to buffer of data to write
200 201 
  * @param[in] size amount of bytes to write
201 202 
  * \p size bytes to temporary file, from the buffer pointed to
202 203 
  * byte
203 204 
  * @return amount of bytes successfully written
204 
- * \group_file
205 205 
  */
206 206 
 int32_t write(uint8_t *data, int32_t size);
207 207
208 208 
 /**
209 
- * @brief Changes the current file position to the specified one.
209 
+\group_file
210 
+ * Changes the current file position to the specified one.
210 211 
  * @sa SEEK_SET, SEEK_CUR, SEEK_END
211 212 
  * @param[in] pos offset (absolute or relative depending on \p whence param)
212 213 
  * @param[in] whence one of \p SEEK_SET, \p SEEK_CUR, \p SEEK_END
213 214 
  * @return absolute position in file
214 
- * \group_file
215 215 
  */
216 216 
 int32_t seek(int32_t pos, uint32_t whence);
217 217
218 218 
 /**
219 
+\group_scan
219 220 
  * Sets the name of the virus found.
220 
- *
221 221 
  * @param[in] name the name of the virus
222 222 
  * @param[in] len length of the virusname
223 223 
  * @return 0
224 
- * \group_scan
225 224 
  */
226 225 
 uint32_t setvirusname(const uint8_t *name, uint32_t len);
227 226
228 227 
 /**
229 
- * Prints a debug message.
230 
- *
228 
+\group_debug
229 
+ * Prints a debug message string.
231 230 
  * @param[in] str Message to print
232 231 
  * @param[in] len length of message to print
233 232 
  * @return 0
234 
- * \group_string
235 233 
  */
236 234 
 uint32_t debug_print_str(const uint8_t *str, uint32_t len);
237 235
238 236 
 /**
237 
+\group_debug
239 238 
  * Prints a number as a debug message.
240 
- * This is like \p debug_print_str_nonl!
241 
- *
239 
+ * This is similar to \p debug_print_str_nonl.
242 240 
  * @param[in] a number to print
243 241 
  * @return 0
244 
- * \group_string
245 242 
  */
246 243 
 uint32_t debug_print_uint(uint32_t a);
247 244
248 245 
 /**
246 
+\group_disasm
249 247 
  * Disassembles starting from current file position, the specified amount of
250 248 
  * bytes.
251 249 
  *  @param[out] result pointer to struct holding result
... ... 
@@ -256,11 +317,10 @@ uint32_t debug_print_uint(uint32_t a);
256 256 
  * This is a low-level API, the result is in ClamAV type-8 signature format
257 257 
  * (64 bytes/instruction).
258 258 
  *  \sa DisassembleAt
259 
- \group_disasm
260 259 
  */
261 260 
 uint32_t disasm_x86(struct DISASM_RESULT* result, uint32_t len);
262 261
263 
-/* tracing API */
262 
+/* tracing API, private */
264 263
265 264 
 /* a scope: lexical block, function, or compile unit */
266 265 
 uint32_t trace_directory(const uint8_t* directory, uint32_t dummy);
... ... 
@@ -270,76 +330,88 @@ uint32_t trace_op(const uint8_t* opname, uint32_t column);
270 270 
 uint32_t trace_value(const uint8_t* name, uint32_t v);
271 271 
 uint32_t trace_ptr(const uint8_t* ptr, uint32_t dummy);
272 272
273 
-/** Converts a RVA (Relative Virtual Address) to
274 
-  * an absolute PE file offset.
275 
-  * @param rva a rva address from the PE file
276 
-  * @return absolute file offset mapped to the \p rva,
277 
-  * or PE_INVALID_RVA if the \p rva is invalid.
278 
-  \group_pe
279 
-  */
273 
+/**
274 
+\group_pe
275 
+ * Converts a RVA (Relative Virtual Address) to
276 
+ * an absolute PE file offset.
277 
+ * @param[in] rva a rva address from the PE file
278 
+ * @return absolute file offset mapped to the \p rva,
279 
+ * or PE_INVALID_RVA if the \p rva is invalid.
280 
+ */
280 281 
 uint32_t pe_rawaddr(uint32_t rva);
281 282
282 
-/** Looks for the specified sequence of bytes in the current file.
283 
-  \group_file
284 
-  * @param[in] data the sequence of bytes to look for
285 
-  * @param len length of \p data, cannot be more than 1024
286 
-  * @return offset in the current file if match is found, -1 otherwise */
283 
+/**
284 
+\group_file
285 
+ * Looks for the specified sequence of bytes in the current file.
286 
+ * @param[in] data the sequence of bytes to look for
287 
+ * @param[in] len length of \p data, cannot be more than 1024
288 
+ * @return offset in the current file if match is found, -1 otherwise
289 
+ */
287 290 
 int32_t file_find(const uint8_t* data, uint32_t len);
288 291
289 
-/** Read a single byte from current file
290 
-  \group_file
291 
-  * @param offset file offset
292 
-  * @return byte at offset \p off in the current file, or -1 if offset is
293 
-  * invalid */
292 
+/**
293 
+\group_file
294 
+ * Read a single byte from current file
295 
+ * @param[in] offset file offset
296 
+ * @return byte at offset \p off in the current file, or -1 if offset is
297 
+ * invalid
298 
+ */
294 299 
 int32_t file_byteat(uint32_t offset);
295 300
296 
-/** Allocates memory. Currently this memory is freed automatically on exit
297 
-  from the bytecode, and there is no way to free it sooner.
298 
-  \group_adt
299 
-  @param size amount of memory to allocate in bytes
300 
-  @return pointer to allocated memory */
301 
+/**
302 
+\group_adt
303 
+ * Allocates memory. Currently this memory is freed automatically on exit
304 
+ * from the bytecode, and there is no way to free it sooner.
305 
+ * @param[in] size amount of memory to allocate in bytes
306 
+ * @return pointer to allocated memory
307 
+ */
301 308 
 void* malloc(uint32_t size);
302 309
303 
-/** Test api2.
304 
-  * @param a 0xf00d
305 
-  * @return 0xd00f if parameter matches, 0x5555 otherwise */
310 
+/**
311 
+ * Test api2.
312 
+ * @param[in] a 0xf00d
313 
+ * @return 0xd00f if parameter matches, 0x5555 otherwise
314 
+ */
306 315 
 uint32_t test2(uint32_t a);
307 316
308 
-/** Gets information about the specified PE section.
309 
-  \group_pe
317 
+/**
318 
+\group_pe
319 
+ * Gets information about the specified PE section.
310 320 
  * @param[out] section PE section information will be stored here
311 321 
  * @param[in] num PE section number
312 322 
  * @return  0 - success
313 
-           -1 - failure */
323 
+ * @return -1 - failure
324 
+ */
314 325 
 int32_t get_pe_section(struct cli_exe_section *section, uint32_t num);
315 326
316 
-/** Fills the specified buffer with at least \p fill bytes.
317 
-  \group_file
318 
- * @param[out] buffer the buffer to fill
319 
- * @param[in] len length of buffer
320 
- * @param[in] filled how much of the buffer is currently filled
321 
- * @param[in] cursor position of cursor in buffer
322 
- * @param[in] fill amount of bytes to fill in (0 is valid)
323 
- * @return <0 on error,
324 
- *          0 on EOF,
325 
- *          number bytes available in buffer (starting from 0)
326 
- * The character at the cursor will be at position 0 after this call.
327 
- */
327 
+/**
328 
+\group_file
329 
+  * Fills the specified buffer with at least \p fill bytes.
330 
+  * @param[out] buffer the buffer to fill
331 
+  * @param[in] len length of buffer
332 
+  * @param[in] filled how much of the buffer is currently filled
333 
+  * @param[in] cursor position of cursor in buffer
334 
+  * @param[in] fill amount of bytes to fill in (0 is valid)
335 
+  * @return <0 on error
336 
+  * @return  0 on EOF
337 
+  * @return  number bytes available in buffer (starting from 0)\n
338 
+  * The character at the cursor will be at position 0 after this call.
339 
+  */
328 340 
 int32_t fill_buffer(uint8_t* buffer, uint32_t len, uint32_t filled,
329 341 
                     uint32_t cursor, uint32_t fill);
330 342
331 343 
 /**
344 
+\group_scan
332 345 
  * Prepares for extracting a new file, if we've already extracted one it scans
333 346 
  * it.
334 
- \group_scan
335 347 
  * @param[in] id an id for the new file (for example position in container)
336 348 
  * @return 1 if previous extracted file was infected
337 
-*/
349 
+ */
338 350 
 int32_t extract_new(int32_t id);
339 351
340 
-/**
341 
- * Reads a number in the specified radix starting from the current position.
342 
- * \group_file
352 
+/**
353 
+\group_file
354 
+  * Reads a number in the specified radix starting from the current position.
343 355 
   * Non-numeric characters are ignored.
344 356 
   * @param[in] radix 10 or 16
345 357 
   * @return the number read
... ... 
@@ -347,142 +419,161 @@ int32_t extract_new(int32_t id);
347 347 
 int32_t read_number(uint32_t radix);
348 348
349 349 
 /**
350 
-  * Creates a new hashset and returns its id.
351 
-  \group_adt
352 
-  * @return ID for new hashset */
350 
+\group_adt
351 
+ * Creates a new hashset and returns its id.
352 
+ * @return ID for new hashset
353 
+ */
353 354 
 int32_t hashset_new(void);
354 355
355 356 
 /**
356 
-  * Add a new 32-bit key to the hashset.
357 
-  \group_adt
358 
-  * @param hs ID of hashset (from hashset_new)
359 
-  * @param key the key to add
360 
-  * @return 0 on success */
357 
+\group_adt
358 
+ * Add a new 32-bit key to the hashset.
359 
+ * @param[in] hs ID of hashset (from hashset_new)
360 
+ * @param[in] key the key to add
361 
+ * @return 0 on success
362 
+ */
361 363 
 int32_t hashset_add(int32_t hs, uint32_t key);
362 364
363 365 
 /**
364 
-  * Remove a 32-bit key from the hashset.
365 
-  \group_adt
366 
-  * @param hs ID of hashset (from hashset_new)
367 
-  * @param key the key to add
368 
-  * @return 0 on success */
366 
+\group_adt
367 
+ * Remove a 32-bit key from the hashset.
368 
+ * @param[in] hs ID of hashset (from hashset_new)
369 
+ * @param[in] key the key to add
370 
+ * @return 0 on success
371 
+ */
369 372 
 int32_t hashset_remove(int32_t hs, uint32_t key);
370 373
371 374 
 /**
372 
-  * Returns whether the hashset contains the specified key.
373 
-  \group_adt
374 
-  * @param hs ID of hashset (from hashset_new)
375 
-  * @param key the key to lookup
376 
-  * @return 1 if found, 0 if not found, <0 on invalid hashset ID */
375 
+\group_adt
376 
+ * Returns whether the hashset contains the specified key.
377 
+ * @param[in] hs ID of hashset (from hashset_new)
378 
+ * @param[in] key the key to lookup
379 
+ * @return 1 if found
380 
+ * @return 0 if not found
381 
+ * @return <0 on invalid hashset ID
382 
+ */
377 383 
 int32_t hashset_contains(int32_t hs, uint32_t key);
378 384
379 385 
 /**
380 
-  * Deallocates the memory used by the specified hashset.
381 
-  \group_adt
382 
-  * Trying to use the hashset after this will result in an error.
383 
-  * The hashset may not be used after this.
384 
-  * All hashsets are automatically deallocated when bytecode
385 
-  * finishes execution.
386 
-  * @param id ID of hashset (from hashset_new)
387 
-  * @return 0 on success */
386 
+\group_adt
387 
+ * Deallocates the memory used by the specified hashset.
388 
+ * Trying to use the hashset after this will result in an error.
389 
+ * The hashset may not be used after this.
390 
+ * All hashsets are automatically deallocated when bytecode
391 
+ * finishes execution.
392 
+ * @param[in] id ID of hashset (from hashset_new)
393 
+ * @return 0 on success
394 
+ */
388 395 
 int32_t hashset_done(int32_t id);
389 396
390 397 
 /**
391 
-  * Returns whether the hashset is empty.
392 
-  \group_adt
393 
-  * @param id of hashset (from hashset_new)
394 
-  * @return 0 on success */
398 
+\group_adt
399 
+ * Returns whether the hashset is empty.
400 
+ * @param[in] id of hashset (from hashset_new)
401 
+ * @return 0 on success
402 
+ */
395 403 
 int32_t hashset_empty(int32_t id);
396 404
397 405 
 /**
398 
-  * Creates a new pipe with the specified buffer size
399 
-  \group_adt
400 
-  * @param size size of buffer
401 
-  * @return ID of newly created buffer_pipe */
406 
+\group_adt
407 
+ * Creates a new pipe with the specified buffer size
408 
+ * @param[in] size size of buffer
409 
+ * @return ID of newly created buffer_pipe
410 
+ */
402 411 
 int32_t  buffer_pipe_new(uint32_t size);
403 412
404 413 
 /**
405 
-  * Same as buffer_pipe_new, except the pipe's input is tied
406 414 
   \group_adt
407 
-  \group_file
415 
+  * Creates a new pipe with the specified buffer size w/ tied input
408 416 
   * to the current file, at the specified position.
409 
-  * @param pos starting position of pipe input in current file
410 
-  * @return ID of newly created buffer_pipe */
417 
+  * @param[in] pos starting position of pipe input in current file
418 
+  * @return ID of newly created buffer_pipe
419 
+  */
411 420 
 int32_t  buffer_pipe_new_fromfile(uint32_t pos);
412 421
413 422 
 /**
423 
+\group_adt
414 424 
   * Returns the amount of bytes available to read.
415 
-  \group_adt
416 
-  * @param id ID of buffer_pipe
417 
-  * @return amount of bytes available to read */
425 
+  * @param[in] id ID of buffer_pipe
426 
+  * @return amount of bytes available to read
427 
+  */
418 428 
 uint32_t buffer_pipe_read_avail(int32_t id);
419 429
420 430 
 /**
431 
+\group_adt
421 432 
   * Returns a pointer to the buffer for reading.
422 
-  \group_adt
423 433 
   * The 'amount' parameter should be obtained by a call to
424 434 
   * buffer_pipe_read_avail().
425 
-  * @param id ID of buffer_pipe
426 
-  * @param amount to read
435 
+  * @param[in] id ID of buffer_pipe
436 
+  * @param[in] amount to read
427 437 
   * @return pointer to buffer, or NULL if buffer has less than
428 
-  specified amount */
429 
-uint8_t *buffer_pipe_read_get(int32_t id, uint32_t amount);
438 
+  * specified amount
439 
+  */
440 
+//uint8_t *buffer_pipe_read_get(int32_t id, uint32_t amount);
441 
+const uint8_t *buffer_pipe_read_get(int32_t id, uint32_t amount);
430 442
431 443 
 /**
432 
-  \group_adt
444 
+\group_adt
433 445 
   * Updates read cursor in buffer_pipe.
434 
-  * @param id ID of buffer_pipe
435 
-  * @param amount amount of bytes to move read cursor
436 
-  * @return 0 on success */
446 
+  * @param[in] id ID of buffer_pipe
447 
+  * @param[in] amount amount of bytes to move read cursor
448 
+  * @return 0 on success
449 
+  */
437 450 
 int32_t  buffer_pipe_read_stopped(int32_t id, uint32_t amount);
438 451
439 452 
 /**
453 
+\group_adt
440 454 
   * Returns the amount of bytes available for writing.
441 
-  \group_adt
442 
-  * @param id ID of buffer_pipe
443 
-  * @return amount of bytes available for writing */
455 
+  * @param[in] id ID of buffer_pipe
456 
+  * @return amount of bytes available for writing
457 
+  */
444 458 
 uint32_t buffer_pipe_write_avail(int32_t id);
445 459
446 460 
 /**
447 
-  \group_adt
461 
+\group_adt
448 462 
   * Returns pointer to writable buffer.
449 
-  * The 'amount' parameter should be obtained by a call to
463 
+  * The 'size' parameter should be obtained by a call to
450 464 
   * buffer_pipe_write_avail().
451 
-  * @param id ID of buffer_pipe
452 
-  * @param size amount of bytes to write
465 
+  * @param[in] id ID of buffer_pipe
466 
+  * @param[in] size amount of bytes to write
453 467 
   * @return pointer to write buffer, or NULL if requested amount
454 
-  is more than what is available in the buffer */
468 
+  * is more than what is available in the buffer
469 
+  */
455 470 
 uint8_t *buffer_pipe_write_get(int32_t id, uint32_t size);
456 471
457 472 
 /**
473 
+\group_adt
458 474 
   * Updates the write cursor in buffer_pipe.
459 
-  \group_adt
460 
-  * @param id ID of buffer_pipe
461 
-  * @param amount amount of bytes to move write cursor
462 
-  * @return 0 on success */
475 
+  * @param[in] id ID of buffer_pipe
476 
+  * @param[in] amount amount of bytes to move write cursor
477 
+  * @return 0 on success
478 
+  */
463 479 
 int32_t  buffer_pipe_write_stopped(int32_t id, uint32_t amount);
464 480
465 481 
 /**
482 
+\group_adt
466 483 
   * Deallocate memory used by buffer.
467 
-  \group_adt
468 484 
   * After this all attempts to use this buffer will result in error.
469 485 
   * All buffer_pipes are automatically deallocated when bytecode
470 486 
   * finishes execution.
471 
-  * @param id ID of buffer_pipe
472 
-  * @return 0 on success */
487 
+  * @param[in] id ID of buffer_pipe
488 
+  * @return 0 on success
489 
+  */
473 490 
 int32_t  buffer_pipe_done(int32_t id);
474 491
475 492 
 /**
493 
+\group_adt
476 494 
   * Initializes inflate data structures for decompressing data
477 
-  \group_adt
478 495 
   * 'from_buffer' and writing uncompressed uncompressed data 'to_buffer'.
479 
-  * @param from_buffer ID of buffer_pipe to read compressed data from
480 
-  * @param to_buffer ID of buffer_pipe to write decompressed data to
481 
-  * @param windowBits (see zlib documentation)
482 
-  * @return ID of newly created inflate data structure, <0 on failure */
496 
+  * @param[in] from_buffer ID of buffer_pipe to read compressed data from
497 
+  * @param[in] to_buffer ID of buffer_pipe to write decompressed data to
498 
+  * @param[in] windowBits (see zlib documentation)
499 
+  * @return ID of newly created inflate data structure, <0 on failure
500 
+  */
483 501 
 int32_t inflate_init(int32_t from_buffer, int32_t to_buffer, int32_t windowBits);
484 502
485 503 
 /**
504 
+\group_adt
486 505 
   * Inflate all available data in the input buffer, and write to output buffer.
487 506 
   * Stops when the input buffer becomes empty, or write buffer becomes full.
488 507 
   * Also attempts to recover from corrupted inflate stream (via inflateSync).
... ... 
@@ -490,53 +581,57 @@ int32_t inflate_init(int32_t from_buffer, int32_t to_buffer, int32_t windowBits)
490 490 
   * buffer, and flushing the output buffer.
491 491 
   * The inflate stream is done processing when 0 bytes are available from output
492 492 
   * buffer, and input buffer is not empty.
493 
-  \group_adt
494 
-  * @param id ID of inflate data structure
495 
-  * @return 0 on success, zlib error code otherwise */
493 
+  * @param[in] id ID of inflate data structure
494 
+  * @return 0 on success, zlib error code otherwise
495 
+  */
496 496 
 int32_t inflate_process(int32_t id);
497 497
498 498 
 /**
499 
+\group_adt
499 500 
   * Deallocates inflate data structure.
500 501 
   * Using the inflate data structure after this will result in an error.
501 502 
   * All inflate data structures are automatically deallocated when bytecode
502 503 
   * finishes execution.
503 
-  \group_adt
504 
-  * @param id ID of inflate data structure
505 
-  * @return 0 on success.*/
504 
+  * @param[in] id ID of inflate data structure
505 
+  * @return 0 on success.
506 
+  */
506 507 
 int32_t inflate_done(int32_t id);
507 508
508 
-/**
509 
+/**
510 
+\group_scan
509 511 
   * Report a runtime error at the specified locationID.
510 
-  \group_scan
511 
-  * @param locationid (line << 8) | (column&0xff)
512 
-  * @return 0 */
512 
+  * @param[in] locationid (line << 8) | (column&0xff)
513 
+  * @return 0
514 
+  */
513 515 
 int32_t bytecode_rt_error(int32_t locationid);
514 516
515 517 
 /**
518 
+\group_js
516 519 
   * Initializes JS normalizer for reading 'from_buffer'.
517 520 
   * Normalized JS will be written to a single tempfile,
518 521 
   * one normalized JS per line, and automatically scanned
519 522 
   * when the bytecode finishes execution.
520 
-  \group_js
521 
-  * @param from_buffer ID of buffer_pipe to read javascript from
522 
-  * @return ID of JS normalizer, <0 on failure */
523 
+  * @param[in] from_buffer ID of buffer_pipe to read javascript from
524 
+  * @return ID of JS normalizer, <0 on failure
525 
+  */
523 526 
 int32_t jsnorm_init(int32_t from_buffer);
524 527
525 528 
 /**
529 
+\group_js
526 530 
   * Normalize all javascript from the input buffer, and write to tempfile.
527 531 
   * You can call this function repeatedly on success, if you (re)fill the input
528 532 
   * buffer.
529 
-  \group_js
530 
-  * @param id ID of JS normalizer
531 
-  * @return 0 on success, <0 on failure */
533 
+  * @param[in] id ID of JS normalizer
534 
+  * @return 0 on success, <0 on failure
535 
+  */
532 536 
 int32_t jsnorm_process(int32_t id);
533 537
534 538 
 /**
539 
+\group_js
535 540 
   * Flushes JS normalizer.
536 
-  \group_js
537 
-  * @param id ID of js normalizer to flush
538 
-  * @return 0 - success
539 
-           -1 - failure */
541 
+  * @param[in] id ID of js normalizer to flush
542 
+  * @return 0 on success, <0 on failure
543 
+  */
540 544 
 int32_t jsnorm_done(int32_t id);
541 545
542 546 
 /* ---------------- END 0.96 APIs (don't touch) --------------------------- */
... ... 
@@ -545,457 +640,558 @@ int32_t jsnorm_done(int32_t id);
545 545 
 /* ---------------- Math -------------------------------------------------- */
546 546
547 547 
 /**
548 
-  *  Returns 2^26*log2(a/b)
549 
-  * @param a input
550 
-  * @param b input
548 
+\group_math
549 
+  * Returns 2^26*log2(a/b)
550 
+  * @param[in] a input
551 
+  * @param[in] b input
551 552 
   * @return 2^26*log2(a/b)
552 
-  \group_math
553 553 
   */
554 554 
 int32_t ilog2(uint32_t a, uint32_t b);
555 555
556 556 
 /**
557 
+\group_math
557 558 
   * Returns c*a^b.
558 
-  * @param a integer
559 
-  * @param b integer
560 
-  * @param c integer
559 
+  * @param[in] a integer
560 
+  * @param[in] b integer
561 
+  * @param[in] c integer
561 562 
   * @return c*pow(a,b)
562 
-  \group_math
563 563 
   */
564 564 
 int32_t ipow(int32_t a, int32_t b, int32_t c);
565 565
566 566 
 /**
567 
+\group_math
567 568 
   * Returns exp(a/b)*c
568 
-  * @param a integer
569 
-  * @param b integer
570 
-  * @param c integer
569 
+  * @param[in] a integer
570 
+  * @param[in] b integer
571 
+  * @param[in] c integer
571 572 
   * @return c*exp(a/b)
572 
-  \group_math
573 573 
   */
574 574 
 uint32_t iexp(int32_t a, int32_t b, int32_t c);
575 575
576 576 
 /**
577 
+\group_math
577 578 
   * Returns c*sin(a/b).
578 
-  * @param a integer
579 
-  * @param b integer
580 
-  * @param c integer
579 
+  * @param[in] a integer
580 
+  * @param[in] b integer
581 
+  * @param[in] c integer
581 582 
   * @return c*sin(a/b)
582 
-  \group_math
583 583 
   */
584 584 
 int32_t isin(int32_t a, int32_t b, int32_t c);
585 585
586 586 
 /**
587 
+\group_math
587 588 
   * Returns c*cos(a/b).
588 
-  * @param a integer
589 
-  * @param b integer
590 
-  * @param c integer
589 
+  * @param[in] a integer
590 
+  * @param[in] b integer
591 
+  * @param[in] c integer
591 592 
   * @return c*sin(a/b)
592 
-  \group_math
593 593 
   */
594 594 
 int32_t icos(int32_t a, int32_t b, int32_t c);
595 595
596 596 
 /* ---------------- String operations --------------------------------------- */
597 597 
 /**
598 
+\group_string
598 599 
   * Return position of match, -1 otherwise.
599 
-  * @param haystack buffer to search
600 
-  * @param haysize size of \p haystack
601 
-  * @param needle substring to search
602 
-  * @param needlesize size of needle
600 
+  * @param[in] haystack buffer to search
601 
+  * @param[in] haysize size of \p haystack
602 
+  * @param[in] needle substring to search
603 
+  * @param[in] needlesize size of needle
603 604 
   * @return location of match, -1 otherwise
604 
-  \group_string
605 605 
   */
606 606 
 int32_t memstr(const uint8_t* haystack, int32_t haysize,
607 607 
                const uint8_t* needle, int32_t needlesize);
608 608
609 609 
 /**
610 
+\group_string
610 611 
   * Returns hexadecimal characters \p hex1 and \p hex2 converted to 8-bit
611 612 
   * number.
612 
-  * @param hex1 hexadecimal character
613 
-  * @param hex2 hexadecimal character
613 
+  * @param[in] hex1 hexadecimal character
614 
+  * @param[in] hex2 hexadecimal character
614 615 
   * @return hex1 hex2 converted to 8-bit integer, -1 on error
615 
-  \group_string
616 616 
   */
617 617 
 int32_t hex2ui(uint32_t hex1, uint32_t hex2);
618 618
619 619 
 /**
620 
+\group_string
620 621 
   * Converts string to positive number.
621 
-  * @param str buffer
622 
-  * @param size size of \p str
622 
+  * @param[in] str buffer
623 
+  * @param[in] size size of \p str
623 624 
   * @return >0 string converted to number if possible, -1 on error
624 
-  \group_string
625 625 
   */
626 626 
 int32_t atoi(const uint8_t* str, int32_t size);
627 627
628 628 
 /**
629 
+\group_debug
629 630 
   * Prints a debug message with a trailing newline,
630 631 
   * but preceded by 'LibClamAV debug'.
631 
-  * @param str the string
632 
-  * @param len length of \p str
632 
+  * @param[in] str the string
633 
+  * @param[in] len length of \p str
633 634 
   * @return 0
634 
-  \group_string
635 635 
   */
636 636 
 uint32_t debug_print_str_start(const uint8_t *str, uint32_t len);
637 637
638 638 
 /**
639 
+\group_debug
639 640 
   * Prints a debug message with a trailing newline,
640 641 
   * and not preceded by 'LibClamAV debug'.
641 
-  * @param str the string
642 
-  * @param len length of \p str
642 
+  * @param[in] str the string
643 
+  * @param[in] len length of \p str
643 644 
   * @return 0
644 
-  \group_string
645 645 
   */
646 646 
 uint32_t debug_print_str_nonl(const uint8_t *str, uint32_t len);
647 647
648 648 
 /**
649 
+\group_string
649 650 
   * Returns an approximation for the entropy of \p buffer.
650 
-  * @param buffer input buffer
651 
-  * @param size size of buffer
651 
+  * @param[in] buffer input buffer
652 
+  * @param[in] size size of buffer
652 653 
   * @return entropy estimation * 2^26
653 
-  \group_string
654 654 
   */
655 655 
 uint32_t entropy_buffer(uint8_t* buffer, int32_t size);
656 656
657 657 
 /* ------------------ Data Structures --------------------------------------- */
658 658 
 /**
659 
+\group_adt
659 660 
   * Creates a new map and returns its id.
660 
-  * @param keysize size of key
661 
-  * @param valuesize size of value, if 0 then value is allocated separately
661 
+  * @param[in] keysize size of key
662 
+  * @param[in] valuesize size of value, if 0 then value is allocated separately
662 663 
   * @return ID of new map
663 
-\group_adt
664 664 
   */
665 665 
 int32_t map_new(int32_t keysize, int32_t valuesize);
666 666
667 667 
 /**
668 
+\group_adt
668 669 
   * Inserts the specified key/value pair into the map.
669 
-  * @param id id of table
670 
-  * @param key key
671 
-  * @param ksize size of \p key
670 
+  * @param[in] id id of table
671 
+  * @param[in] key key
672 
+  * @param[in] ksize size of \p key
672 673 
   * @return 0 - if key existed before
673 
-            1 - if key didn't exist before
674 
-           <0 - if ksize doesn't match keysize specified at table creation
675 
-\group_adt
674 
+  * @return 1 - if key didn't exist before
675 
+  * @return <0 - if ksize doesn't match keysize specified at table creation
676 676 
   */
677 677 
 int32_t map_addkey(const uint8_t *key, int32_t ksize, int32_t id);
678 678
679 679 
 /**
680 
+\group_adt
680 681 
   * Sets the value for the last inserted key with map_addkey.
681 
-  * @param id id of table
682 
-  * @param value value
683 
-  * @param vsize size of \p value
682 
+  * @param[in] id id of table
683 
+  * @param[in] value value
684 
+  * @param[in] vsize size of \p value
684 685 
   * @return 0 - if update was successful
685 
-           <0 - if there is no last key
686 
-\group_adt
686 
+  * @return <0 - if there is no last key
687 687 
   */
688 688 
 int32_t map_setvalue(const uint8_t *value, int32_t vsize, int32_t id);
689 689
690 690 
 /**
691 
+\group_adt
691 692 
   * Remove an element from the map.
692 
-  * @param id id of map
693 
-  * @param key key
694 
-  * @param ksize size of key
693 
+  * @param[in] id id of map
694 
+  * @param[in] key key
695 
+  * @param[in] ksize size of key
695 696 
   * @return 0 on success, key was present
696 
-            1 if key was not present
697 
-           <0 if ksize doesn't match keysize specified at table creation
698 
-\group_adt
697 
+  * @return 1 if key was not present
698 
+  * @return <0 if ksize doesn't match keysize specified at table creation
699 699 
   */
700 700 
 int32_t map_remove(const uint8_t* key, int32_t ksize, int32_t id);
701 701
702 702 
 /**
703 
+\group_adt
703 704 
   * Looks up key in map.
704 705 
   * The map remember the last looked up key (so you can retrieve the
705 706 
   * value).
706 
-  *
707 
-  * @param id id of map
708 
-  * @param key key
709 
-  * @param ksize size of key
707 
+  * @param[in] id id of map
708 
+  * @param[in] key key
709 
+  * @param[in] ksize size of key
710 710 
   * @return 0 - if not found
711 
-            1 - if found
712 
-           <0 - if ksize doesn't match the size specified at table creation
713 
-\group_adt
711 
+  * @return 1 - if found
712 
+  * @return <0 - if ksize doesn't match the size specified at table creation
714 713 
   */
715 714 
 int32_t map_find(const uint8_t* key, int32_t ksize, int32_t id);
716 715
717 716 
 /**
717 
+\group_adt
718 718 
   * Returns the size of value obtained during last map_find.
719 
-  * @param id id of map.
719 
+  * @param[in] id id of map.
720 720 
   * @return size of value
721 
-\group_adt
722 721 
   */
723 722 
 int32_t map_getvaluesize(int32_t id);
724 723
725 724 
 /**
725 
+\group_adt
726 726 
   * Returns the value obtained during last map_find.
727 
-  * @param id id of map.
728 
-  * @param size size of value (obtained from map_getvaluesize)
727 
+  * @param[in] id id of map.
728 
+  * @param[in] size size of value (obtained from map_getvaluesize)
729 729 
   * @return value
730 
-\group_adt
731 730 
   */
732 731 
 uint8_t* map_getvalue(int32_t id, int32_t size);
733 732
734 733 
 /**
734 
+\group_adt
735 735 
   * Deallocates the memory used by the specified map.
736 736 
   * Trying to use the map after this will result in an error.
737 737 
   * All maps are automatically deallocated when the bytecode finishes
738 738 
   * execution.
739 
-  * @param id id of map
739 
+  * @param[in] id id of map
740 740 
   * @return 0 - success
741 
-           -1 - invalid map
742 
-\group_adt
741 
+  * @return -1 - invalid map
743 742 
   */
744 743 
 int32_t map_done(int32_t id);
745 744
746 745 
 /* -------------- File Operations ------------------------------------------- */
747 
-/** Looks for the specified sequence of bytes in the current file, up to the
748 
- * specified position.
749 
- * @param[in] data the sequence of bytes to look for
750 
- * @param len length of \p data, cannot be more than 1024
751 
- * @param maxpos maximum position to look for a match,
752 
- * note that this is 1 byte after the end of last possible match:
753 
- * match_pos + \p len < \p maxpos
754 
- * @return offset in the current file if match is found, -1 otherwise
755 
- * \group_file
756 
- */
746 
+/**
747 
+\group_file
748 
+  * Looks for the specified sequence of bytes in the current file, up to the
749 
+  * specified position.
750 
+  * @param[in] data the sequence of bytes to look for
751 
+  * @param[in] len length of \p data, cannot be more than 1024
752 
+  * @param[in] maxpos maximum position to look for a match,
753 
+  * note that this is 1 byte after the end of last possible match:
754 
+  * match_pos + \p len < \p maxpos
755 
+  * @return offset in the current file if match is found, -1 otherwise
756 
+  */
757 757 
 int32_t file_find_limit(const uint8_t *data, uint32_t len, int32_t maxpos);
758 758
759 759 
 /* ------------- Engine Query ----------------------------------------------- */
760 760 
 /**
761 
+\group_engine
761 762 
   * Returns the current engine (feature) functionality level.
762 763 
   * To map these to ClamAV releases, compare it with #FunctionalityLevels.
763 764 
   * @return an integer representing current engine functionality level.
764 
-  * \group_engine
765 765 
   */
766 766 
 uint32_t engine_functionality_level(void);
767 767
768 768 
 /**
769 
+\group_engine
769 770 
   * Returns the current engine (dconf) functionality level.
770 771 
   * Usually identical to engine_functionality_level(), unless distro backported
771 772 
   * patches. Compare with #FunctionalityLevels.
772 773 
   * @return an integer representing the DCONF (security fixes) level.
773 
-  * \group_engine
774 774 
   */
775 775 
 uint32_t engine_dconf_level(void);
776 776
777 777 
 /**
778 
+\group_engine
778 779 
   * Returns the current engine's scan options.
779 780 
   * @return CL_SCAN* flags
780 
-  * \group_engine
781 781 
   */
782 782 
 uint32_t engine_scan_options(void);
783 783
784 784 
 /**
785 
+\group_engine
785 786 
   * Returns the current engine's db options.
786 787 
   * @return CL_DB_* flags
787 
-  * \group_engine
788 788 
   */
789 789 
 uint32_t engine_db_options(void);
790 790
791 791 
 /* ---------------- Scan Control -------------------------------------------- */
792 792 
 /**
793 
+\group_scan
793 794 
   * Sets the container type for the currently extracted file.
794 
-  * @param container container type (CL_TYPE_*)
795 
+  * @param[in] container container type (CL_TYPE_*)
795 796 
   * @return current setting for container (CL_TYPE_ANY default)
796 
-  * \group_scan
797 797 
   */
798 798 
 int32_t extract_set_container(uint32_t container);
799 799
800 800 
 /**
801 
+\group_scan
801 802 
   * Toggles the read/seek API to read from the currently extracted file, and
802 803 
   * back.
803 804 
   * You must call seek after switching inputs to position the cursor to a valid
804 805 
   * position.
805 
-  * @param extracted_file 1 - switch to reading from extracted file,
806 
-                          0 - switch back to original input
806 
+  * @param[in] extracted_file 1 - switch to reading from extracted file\n
807 
+                              0 - switch back to original input
807 808 
   * @return -1 on error (if no extracted file exists)
808 
-             0 on success
809 
-  * \group_scan
809 
+  * @return  0 on success
810 810 
   */
811 811 
 int32_t input_switch(int32_t extracted_file);
812 812
813 813 
 /* ---------------- END 0.96.1 APIs ------------------------------------- */
814 814 
 /* ---------------- BEGIN 0.96.2 APIs ----------------------------------- */
815 815
816 
-/** Queries the environment this bytecode runs in.
816 
+/**
817 
+\group_env
818 
+  * Queries the environment this bytecode runs in.
817 819 
   * Used by BC_STARTUP to disable bytecode when bugs are known for the current
818 820 
   * platform.
819 821 
   * @param[out] env - the full environment
820 
-  * @param len - size of \p env
822 
+  * @param[in] len - size of \p env
821 823 
   * @return 0
822 
-  \group_env
823 824 
   */
824 825 
 uint32_t get_environment(struct cli_environment *env, uint32_t len);
825 826
826 
-/** Disables the bytecode completely if condition is true.
827 
-  Can only be called from the BC_STARTUP bytecode.
828 
-  @param reason - why the bytecode had to be disabled
829 
-  @param len - length of reason
830 
-  @param cond - condition
831 
-  @return 0 - auto mode
832 
-          1 - JIT disabled
833 
-          2 - fully disabled
834 
-  \group_env
827 
+/**
828 
+\group_env
829 
+  * Disables the bytecode completely if condition is true.
830 
+  * Can only be called from the BC_STARTUP bytecode.
831 
+  * @param[in] reason - why the bytecode had to be disabled
832 
+  * @param[in] len - length of reason
833 
+  * @param[in] cond - condition
834 
+  * @return 0 - auto mode
835 
+  * @return 1 - JIT disabled
836 
+  * @return 2 - fully disabled
835 837 
   */
836 838 
 uint32_t disable_bytecode_if(const int8_t *reason, uint32_t len, uint32_t cond);
837 839
838 
-/** Disables the JIT completely if condition is true.
839 
-  Can only be called from the BC_STARTUP bytecode.
840 
-  @param reason - why the JIT had to be disabled
841 
-  @param len - length of reason
842 
-  @param cond - condition
843 
-  @return 0 - auto mode
844 
-          1 - JIT disabled
845 
-          2 - fully disabled
846 
-  \group_env
840 
+/**
841 
+\group_env
842 
+  * Disables the JIT completely if condition is true.
843 
+  * Can only be called from the BC_STARTUP bytecode.
844 
+  * @param[in] reason - why the JIT had to be disabled
845 
+  * @param[in] len - length of reason
846 
+  * @param[in] cond - condition
847 
+  * @return 0 - auto mode
848 
+  * @return 1 - JIT disabled
849 
+  * @return 2 - fully disabled
847 850 
   */
848 851 
 uint32_t disable_jit_if(const int8_t* reason, uint32_t len, uint32_t cond);
849 852
850 
-/** Compares two version numbers.
853 
+/**
854 
+ \group_env
855 
+  * Compares two version numbers.
851 856 
   * @param[in] lhs - left hand side of comparison
852 
-    @param lhs_len - length of \p lhs
853 
-    @param[in] rhs - right hand side of comparison
854 
-    @param rhs_len - length of \p rhs
855 
-    @return -1 - lhs < rhs
856 
-            0 - lhs == rhs
857 
-            1 - lhs > rhs
858 
-  \group_env
857 
+  * @param[in] lhs_len - length of \p lhs
858 
+  * @param[in] rhs - right hand side of comparison
859 
+  * @param[in] rhs_len - length of \p rhs
860 
+  * @return -1 - lhs < rhs
861 
+  * @return 0 - lhs == rhs
862 
+  * @return 1 - lhs > rhs
859 863 
   */
860 864 
 int32_t version_compare(const uint8_t* lhs, uint32_t lhs_len,
861 865 
                     const uint8_t* rhs, uint32_t rhs_len);
862 866
863 
-/** Disables the JIT if the platform id matches.
867 
+/**
868 
+\group_env
869 
+  * Disables the JIT if the platform id matches.
864 870 
   * 0xff can be used instead of a field to mark ANY.
865 
-  * @param a -  os_category << 24 | arch << 20 | compiler << 16 | flevel << 8 | dconf
866 
-    @param b -  big_endian << 28 | sizeof_ptr << 24 | cpp_version
867 
-    @param c -  os_features << 24 | c_version
868 
-    @return 0 - no match
869 
-            1 - match
870 
-  \group_env
871 
+  * @param[in] a -  os_category << 24 | arch << 20 | compiler << 16 | flevel << 8 | dconf
872 
+  * @param[in] b -  big_endian << 28 | sizeof_ptr << 24 | cpp_version
873 
+  * @param[in] c -  os_features << 24 | c_version
874 
+  * @return 0 - no match
875 
+  * @return 1 - match
871 876 
   */
872 877 
 uint32_t check_platform(uint32_t a, uint32_t b, uint32_t c);
873 878
874 879 
 /* --------------------- PDF APIs ----------------------------------- */
875 
-/** Return number of pdf objects
880 
+/**
881 
+\group_pdf
882 
+ * Return number of pdf objects
876 883 
  * @return -1 - if not called from PDF hook
877 
-          >=0 - number of PDF objects
878 
-  \group_pdf
884 
+ * @return >=0 - number of PDF objects
879 885 
 */
880 886 
 int32_t pdf_get_obj_num(void);
881 887
882 
-/** Return the flags for the entire PDF (as set so far).
888 
+/**
889 
+\group_pdf
890 
+  * Return the flags for the entire PDF (as set so far).
883 891 
   * @return -1 - if not called from PDF hook
884 
-           >=0 - pdf flags
885 
-  \group_pdf
892 
+  * @return >=0 - pdf flags
886 893 
   */
887 894 
 int32_t pdf_get_flags(void);
888 895
889 
-/** Sets the flags for the entire PDF.
896 
+/**
897 
+\group_pdf
898 
+  * Sets the flags for the entire PDF.
890 899 
   * It is recommended that you retrieve old flags, and just add new ones.
891 
-  \group_pdf
892 
-  * @param flags - flags to set.
900 
+  * @param[in] flags - flags to set.
893 901 
   * @return 0 - success
894 902 
            -1 - invalid phase */
895 903 
 int32_t pdf_set_flags(int32_t flags);
896 904
897 
-/** Lookup pdf object with specified id.
898 
-  \group_pdf
899 
-  * @param id - pdf id (objnumber << 8 | generationid)
900 
-    @return -1 - if object id doesn't exist
901 
-           >=0 - object index
905 
+/**
906 
+\group_pdf
907 
+  * Lookup pdf object with specified id.
908 
+  * @param[in] id - pdf id (objnumber << 8 | generationid)
909 
+  * @return -1 - if object id doesn't exist
910 
+  * @return >=0 - object index
902 911 
   */
903 912 
 int32_t pdf_lookupobj(uint32_t id);
904 913
905 
-/** Return the size of the specified PDF obj.
906 
-  \group_pdf
907 
-  * @param objidx - object index (from 0), not object id!
914 
+/**
915 
+\group_pdf
916 
+  * Return the size of the specified PDF obj.
917 
+  * @param[in] objidx - object index (from 0), not object id!
908 918 
   * @return 0 - if not called from PDF hook, or invalid objnum
909 
-          >=0 - size of object */
919 
+  * @return >=0 - size of object */
910 920 
 uint32_t pdf_getobjsize(int32_t objidx);
911 921
912 
-/** Return the undecoded object.
913 
-  \group_pdf
914 
-  Meant only for reading, write modifies the fmap buffer, so avoid!
915 
-  @param objidx - object index (from 0), not object id!
916 
-  @param amount - size returned by pdf_getobjsize (or smaller)
917 
-  @return NULL - invalid objidx/amount
918 
-          pointer - pointer to original object */
919 
-uint8_t *pdf_getobj(int32_t objidx, uint32_t amount);
920 
-
921 
-/* Return the object id for the specified object index.
922 
-  \group_pdf
923 
-   @param objidx - object index (from 0)
924 
-   @return -1 - object index invalid
925 
-          >=0 - object id (obj id << 8 | generation id)
926 
-*/
922 
+/**
923 
+\group_pdf
924 
+ * Return the undecoded object.
925 
+ * Meant only for reading, write modifies the fmap buffer, so avoid!
926 
+ * @param[in] objidx - object index (from 0), not object id!
927 
+ * @param[in] amount - size returned by pdf_getobjsize (or smaller)
928 
+ * @return NULL - invalid objidx/amount
929 
+ * @return pointer - pointer to original object */
930 
+//uint8_t *pdf_getobj(int32_t objidx, uint32_t amount);
931 
+const uint8_t *pdf_getobj(int32_t objidx, uint32_t amount);
932 
+
933 
+/**
934 
+\group_pdf
935 
+ * Return the object id for the specified object index.
936 
+ * @param[in] objidx - object index (from 0)
937 
+ * @return -1 - object index invalid
938 
+ * @return >=0 - object id (obj id << 8 | generation id)
939 
+ */
927 940 
 int32_t pdf_getobjid(int32_t objidx);
928 941
929 
-/* Return the object flags for the specified object index.
930 
-  \group_pdf
931 
-   @param objidx - object index (from 0)
932 
-   @return -1 - object index invalid
933 
-          >=0 - object flags
934 
-*/
942 
+/**
943 
+\group_pdf
944 
+ * Return the object flags for the specified object index.
945 
+ * @param[in] objidx - object index (from 0)
946 
+ * @return -1 - object index invalid
947 
+ * @return >=0 - object flags
948 
+ */
935 949 
 int32_t pdf_getobjflags(int32_t objidx);
936 950
937 
-/* Sets the object flags for the specified object index.
938 
-  \group_pdf
939 
-   This can be used to force dumping of a certain obj, by setting the
940 
-   OBJ_FORCEDUMP flag for example.
941 
-   @param objidx - object index (from 0)
942 
-   @return -1 - object index invalid
943 
-          >=0 - flags set
944 
-*/
951 
+/**
952 
+\group_pdf
953 
+ * Sets the object flags for the specified object index.
954 
+ * This can be used to force dumping of a certain obj, by setting the
955 
+ * OBJ_FORCEDUMP flag for example.
956 
+ * @param[in] objidx - object index (from 0)
957 
+ * @param[in] flags - value to set flags
958 
+ * @return -1 - object index invalid
959 
+ * @return >=0 - flags set
960 
+ */
945 961 
 int32_t pdf_setobjflags(int32_t objidx, int32_t flags);
946 962
947 
-/* Return the object's offset in the PDF.
948 
-  \group_pdf
949 
-   @param objidx - object index (from 0)
950 
-   @return -1 - object index invalid
951 
-          >=0 - offset
952 
-*/
963 
+/**
964 
+\group_pdf
965 
+ * Return the object's offset in the PDF.
966 
+ * @param[in] objidx - object index (from 0)
967 
+ * @return -1 - object index invalid
968 
+ * @return >=0 - offset
969 
+ */
953 970 
 int32_t pdf_get_offset(int32_t objidx);
954 971
955 
-/** Return an 'enum pdf_phase'.
956 
-  \group_pdf
972 
+/**
973 
+\group_pdf
974 
+  * Return an 'enum pdf_phase'.
957 975 
   * Identifies at which phase this bytecode was called.
958 976 
   * @return the current #pdf_phase
959 977 
   */
960 978 
 int32_t pdf_get_phase(void);
961 979
962 
-/** Return the currently dumped obj index.
963 
-  \group_pdf
980 
+/**
981 
+\group_pdf
982 
+ * Return the currently dumped obj index.
964 983 
  * Valid only in PDF_PHASE_POSTDUMP.
965 984 
  * @return >=0 - object index
966 
-            -1 - invalid phase
985 
+ * @return  -1 - invalid phase
967 986 
  */
968 987 
 int32_t pdf_get_dumpedobjid(void);
969 988
970 989 
 /* ----------------------------- Icon APIs -------------------------- */
971 
-/** Attempts to match current executable's icon against the specified icon
990 
+/**
991 
+\group_icon
992 
+ * Attempts to match current executable's icon against the specified icon
972 993 
  * groups.
973 
- \group_icon
974 994 
  * @param[in] group1 - same as GROUP1 in LDB signatures
975 
- * @param group1_len - length of \p group1
995 
+ * @param[in] group1_len - length of \p group1
976 996 
  * @param[in] group2 - same as GROUP2 in LDB signatures
977 
- * @param group2_len - length of \p group2
997 
+ * @param[in] group2_len - length of \p group2
978 998 
  * @return -1 - invalid call, or sizes (only valid for PE hooks)
979 
-            0 - not a match
980 
-            1 - match
999 
+ * @return  0 - not a match
1000 
+ * @return  1 - match
981 1001 
  */
982 
-
983 1002 
 int32_t matchicon(const uint8_t* group1, int32_t group1_len,
984 1003 
                   const uint8_t* group2, int32_t group2_len);
985 1004 
 /* ---------------- END 0.96.2 APIs   ----------------------------------- */
986 1005 
 /* ----------------- BEGIN 0.96.4 APIs ---------------------------------- */
987 
-/* Returns whether running on JIT. As side-effect it disables
988 
- * interp / JIT comparisons in test mode (errors are still checked) */
1006 
+/**
1007 
+\group_engine
1008 
+ * Returns whether running on JIT. As side-effect it disables
1009 
+ * interp / JIT comparisons in test mode (errors are still checked)
1010 
+ * @return 1 - running on JIT
1011 
+ * @return 0 - running on ClamAV interpreter
1012 
+ */
989 1013 
 int32_t running_on_jit(void);
990 1014
991 
-/* Get file reliability flag, higher value means less reliable
992 
- * 0 - normal
993 
- * 1 - embedded PE
994 
- * 2 - unpacker created file (not impl. yet)
995 
- *
996 
- * when >0 import tables and such are not reliable */
1015 
+/**
1016 
+\group_file
1017 
+ * Get file reliability flag, higher value means less reliable.
1018 
+ * When >0 import tables and such are not reliable
1019 
+ * @return 0 - normal
1020 
+ * @return 1 - embedded PE
1021 
+ * @return 2 - unpacker created file (not impl. yet)
1022 
+ */
997 1023 
 int32_t get_file_reliability(void);
998 1024
999 1025 
 /* ----------------- END 0.96.4 APIs ---------------------------------- */
1026 
+/* ----------------- BEGIN 0.98.3 APIs -------------------------------- */
1027 
+/* ----------------- JSON Parsing APIs -------------------------------- */
1028 
+/*
1029 
+\group_json
1030 
+ * @return 0 - json is disabled or option not specified
1031 
+ * @return 1 - json is active and properties are available
1032 
+ */
1033 
+int32_t json_is_active(void);
1034 
+
1035 
+/*
1036 
+\group_json
1037 
+ * @return objid of json object with specified name
1038 
+ * @return 0 if json object of specified name cannot be found
1039 
+ * @return -1 if an error has occurred
1040 
+ * @param[in] name - name of object in ASCII
1041 
+ * @param[in] name_len - length of specified name (not including terminating NULL),
1042 
+ *                       must be >= 0
1043 
+ * @param[in] objid - id value of json object to query
1044 
+ */
1045 
+int32_t json_get_object(const int8_t* name, int32_t name_len, int32_t objid);
1046 
+
1047 
+/*
1048 
+\group_json
1049 
+ * @return type (json_type) of json object specified
1050 
+ * @return -1 if type unknown or invalid id
1051 
+ * @param[in] objid - id value of json object to query
1052 
+ */
1053 
+int32_t json_get_type(int32_t objid);
1054 
+
1055 
+
1056 
+//int32_t json_get_boolean(int32_t objid);
1057 
+//double json_get_double(int32_t objid);
1058 
+//int32_t json_get_int(int32_t objid);
1059 
+
1060 
+/*
1061 
+\group_json
1062 
+ * @return number of elements in the json array of objid
1063 
+ * @return -1 if an error has occurred
1064 
+ * @return -2 if object is not JSON_TYPE_ARRAY
1065 
+ * @param[in] objid - id value of json object (should be JSON_TYPE_ARRAY) to query
1066 
+ */
1067 
+int32_t json_get_array_length(int32_t objid);
1068 
+
1069 
+/*
1070 
+\group_json
1071 
+ * @return objid of json object at idx of json array of objid
1072 
+ * @return 0 if invalid idx
1073 
+ * @return -1 if an error has occurred
1074 
+ * @return -2 if object is not JSON_TYPE_ARRAY
1075 
+ * @param[in] idx - index of array to query, must be >= 0 and less than array length
1076 
+ * @param[in] objid - id value of json object (should be JSON_TYPE_ARRAY) to query
1077 
+ */
1078 
+int32_t json_get_array_idx(int32_t idx, int32_t objid);
1079 
+
1080 
+/*
1081 
+\group_json
1082 
+ * @return length of json string of objid
1083 
+ * @return -1 if an error has occurred
1084 
+ * @return -2 if object is not JSON_TYPE_STRING
1085 
+ * @param[in] objid - id value of json object (should be JSON_TYPE_STRING) to query
1086 
+ */
1087 
+int32_t json_get_string_length(int32_t objid);
1088 
+
1089 
+/*
1090 
+\group_json
1091 
+ * @return number of characters transferred (capped by str_len)
1092 
+ * @return -1 if an error has occurred
1093 
+ * @return -2 if object is not JSON_TYPE_STRING
1094 
+ * @param[out] str - user location to store string data
1095 
+ * @param[in] str_len - length of str or limit of string data to read
1096 
+ * @param[in] objid - id value of json object (should be JSON_TYPE_STRING) to query
1097 
+ */
1098 
+int32_t json_get_string(int8_t* str, int32_t str_len, int32_t objid);
1099 
+
1100 
+/* ----------------- END 0.98.3 APIs ---------------------------------- */
1000 1101 
 #endif
1001 1102 
 #endif
libclamav/bytecode_api_decl.c
History View file @ fa7ae4c
... ... 
@@ -2,8 +2,8 @@
2 2 
  *  ClamAV bytecode internal API
3 3 
  *  This is an automatically generated file!
4 4 
  *
5 
- *  Copyright (C) 2009-2010 Sourcefire, Inc.
6 
- *  All rights reserved.
5 
+ *  Copyright (C) 2009-2013 Sourcefire, Inc.
6 
+ *  Copyright (C) 2014 Cisco Systems, Inc. and/or its affiliates. *  All rights reserved.
7 7 
  *
8 8 
  * Redistribution and use in source and binary forms, with or without
9 9 
  * modification, are permitted provided that the following conditions
... ... 
@@ -52,7 +52,7 @@ int32_t cli_bcapi_file_find(struct cli_bc_ctx *ctx , const uint8_t*, uint32_t);
52 52 
 int32_t cli_bcapi_file_byteat(struct cli_bc_ctx *ctx , uint32_t);
53 53 
 uint8_t* cli_bcapi_malloc(struct cli_bc_ctx *ctx , uint32_t);
54 54 
 uint32_t cli_bcapi_test2(struct cli_bc_ctx *ctx , uint32_t);
55 
-int32_t cli_bcapi_get_pe_section(struct cli_bc_ctx *ctx , void*, uint32_t);
55 
+int32_t cli_bcapi_get_pe_section(struct cli_bc_ctx *ctx , struct cli_exe_section*, uint32_t);
56 56 
 int32_t cli_bcapi_fill_buffer(struct cli_bc_ctx *ctx , uint8_t*, uint32_t, uint32_t, uint32_t, uint32_t);
57 57 
 int32_t cli_bcapi_extract_new(struct cli_bc_ctx *ctx , int32_t);
58 58 
 int32_t cli_bcapi_read_number(struct cli_bc_ctx *ctx , uint32_t);
... ... 
@@ -124,6 +124,13 @@ int32_t cli_bcapi_pdf_get_dumpedobjid(struct cli_bc_ctx *ctx );
124 124 
 int32_t cli_bcapi_matchicon(struct cli_bc_ctx *ctx , const uint8_t*, int32_t, const uint8_t*, int32_t);
125 125 
 int32_t cli_bcapi_running_on_jit(struct cli_bc_ctx *ctx );
126 126 
 int32_t cli_bcapi_get_file_reliability(struct cli_bc_ctx *ctx );
127 
+int32_t cli_bcapi_json_is_active(struct cli_bc_ctx *ctx );
128 
+int32_t cli_bcapi_json_get_object(struct cli_bc_ctx *ctx , const int8_t*, int32_t, int32_t);
129 
+int32_t cli_bcapi_json_get_type(struct cli_bc_ctx *ctx , int32_t);
130 
+int32_t cli_bcapi_json_get_array_length(struct cli_bc_ctx *ctx , int32_t);
131 
+int32_t cli_bcapi_json_get_array_idx(struct cli_bc_ctx *ctx , int32_t, int32_t);
132 
+int32_t cli_bcapi_json_get_string_length(struct cli_bc_ctx *ctx , int32_t);
133 
+int32_t cli_bcapi_json_get_string(struct cli_bc_ctx *ctx , int8_t*, int32_t, int32_t);
127 134
128 135 
 const struct cli_apiglobal cli_globals[] = {
129 136 
 /* Bytecode globals BEGIN */
... ... 
@@ -148,13 +155,13 @@ static uint16_t cli_tmp4[]={16, 8, 8, 32, 32, 32, 32, 32, 32, 32, 32, 32, 16, 16
148 148 
 static uint16_t cli_tmp5[]={32, 16, 16, 32, 32, 32, 16, 16};
149 149 
 static uint16_t cli_tmp6[]={32};
150 150 
 static uint16_t cli_tmp7[]={32};
151 
-static uint16_t cli_tmp8[]={32};
152 
-static uint16_t cli_tmp9[]={32, 65, 32, 65, 32};
153 
-static uint16_t cli_tmp10[]={32, 32};
154 
-static uint16_t cli_tmp11[]={32, 32, 32};
155 
-static uint16_t cli_tmp12[]={65, 32, 32};
156 
-static uint16_t cli_tmp13[]={32, 32, 32, 32};
157 
-static uint16_t cli_tmp14[]={32, 65, 32, 32};
151 
+static uint16_t cli_tmp8[]={32, 65, 32, 32};
152 
+static uint16_t cli_tmp9[]={32, 32};
153 
+static uint16_t cli_tmp10[]={32, 32, 32};
154 
+static uint16_t cli_tmp11[]={32};
155 
+static uint16_t cli_tmp12[]={32, 65, 32, 65, 32};
156 
+static uint16_t cli_tmp13[]={65, 32, 32};
157 
+static uint16_t cli_tmp14[]={32, 32, 32, 32};
158 158 
 static uint16_t cli_tmp15[]={32, 85, 32};
159 159 
 static uint16_t cli_tmp16[]={86};
160 160 
 static uint16_t cli_tmp17[]={32, 32, 32, 32, 32, 32, 32, 87, 87, 87, 87, 87, 87, 87, 8, 8, 8, 8, 8, 8, 8, 8, 8};
... ... 
@@ -181,12 +188,12 @@ const struct cli_bc_type cli_apicall_types[]={
181 181 
 	{DStructType, cli_tmp5, 8, 0, 0},
182 182 
 	{DArrayType, cli_tmp6, 1, 0, 0},
183 183 
 	{DArrayType, cli_tmp7, 64, 0, 0},
184 
-	{DFunctionType, cli_tmp8, 1, 0, 0},
185 
-	{DFunctionType, cli_tmp9, 5, 0, 0},
186 
-	{DFunctionType, cli_tmp10, 2, 0, 0},
187 
-	{DFunctionType, cli_tmp11, 3, 0, 0},
188 
-	{DFunctionType, cli_tmp12, 3, 0, 0},
189 
-	{DFunctionType, cli_tmp13, 4, 0, 0},
184 
+	{DFunctionType, cli_tmp8, 4, 0, 0},
185 
+	{DFunctionType, cli_tmp9, 2, 0, 0},
186 
+	{DFunctionType, cli_tmp10, 3, 0, 0},
187 
+	{DFunctionType, cli_tmp11, 1, 0, 0},
188 
+	{DFunctionType, cli_tmp12, 5, 0, 0},
189 
+	{DFunctionType, cli_tmp13, 3, 0, 0},
190 190 
 	{DFunctionType, cli_tmp14, 4, 0, 0},
191 191 
 	{DFunctionType, cli_tmp15, 3, 0, 0},
192 192 
 	{DPointerType, cli_tmp16, 1, 0, 0},
... ... 
@@ -209,13 +216,13 @@ const struct cli_bc_type cli_apicall_types[]={
209 209 
 const unsigned cli_apicall_maxtypes=sizeof(cli_apicall_types)/sizeof(cli_apicall_types[0]);
210 210 
 const struct cli_apicall cli_apicalls[]={
211 211 
 /* Bytecode APIcalls BEGIN */
212 
-	{"test1", 11, 0, 0},
212 
+	{"test1", 10, 0, 0},
213 213 
 	{"read", 19, 0, 1},
214 214 
 	{"write", 19, 1, 1},
215 
-	{"seek", 11, 1, 0},
215 
+	{"seek", 10, 1, 0},
216 216 
 	{"setvirusname", 19, 2, 1},
217 217 
 	{"debug_print_str", 19, 3, 1},
218 
-	{"debug_print_uint", 10, 0, 2},
218 
+	{"debug_print_uint", 9, 0, 2},
219 219 
 	{"disasm_x86", 25, 4, 1},
220 220 
 	{"trace_directory", 19, 5, 1},
221 221 
 	{"trace_scope", 19, 6, 1},
... ... 
@@ -223,83 +230,90 @@ const struct cli_apicall cli_apicalls[]={
223 223 
 	{"trace_op", 19, 8, 1},
224 224 
 	{"trace_value", 19, 9, 1},
225 225 
 	{"trace_ptr", 19, 10, 1},
226 
-	{"pe_rawaddr", 10, 1, 2},
226 
+	{"pe_rawaddr", 9, 1, 2},
227 227 
 	{"file_find", 19, 11, 1},
228 
-	{"file_byteat", 10, 2, 2},
228 
+	{"file_byteat", 9, 2, 2},
229 229 
 	{"malloc", 24, 0, 3},
230 
-	{"test2", 10, 3, 2},
230 
+	{"test2", 9, 3, 2},
231 231 
 	{"get_pe_section", 21, 12, 1},
232 232 
 	{"fill_buffer", 20, 0, 4},
233 
-	{"extract_new", 10, 4, 2},
234 
-	{"read_number", 10, 5, 2},
235 
-	{"hashset_new", 8, 0, 5},
236 
-	{"hashset_add", 11, 2, 0},
237 
-	{"hashset_remove", 11, 3, 0},
238 
-	{"hashset_contains", 11, 4, 0},
239 
-	{"hashset_done", 10, 6, 2},
240 
-	{"hashset_empty", 10, 7, 2},
241 
-	{"buffer_pipe_new", 10, 8, 2},
242 
-	{"buffer_pipe_new_fromfile", 10, 9, 2},
243 
-	{"buffer_pipe_read_avail", 10, 10, 2},
244 
-	{"buffer_pipe_read_get", 12, 0, 6},
245 
-	{"buffer_pipe_read_stopped", 11, 5, 0},
246 
-	{"buffer_pipe_write_avail", 10, 11, 2},
247 
-	{"buffer_pipe_write_get", 12, 1, 6},
248 
-	{"buffer_pipe_write_stopped", 11, 6, 0},
249 
-	{"buffer_pipe_done", 10, 12, 2},
250 
-	{"inflate_init", 13, 0, 7},
251 
-	{"inflate_process", 10, 13, 2},
252 
-	{"inflate_done", 10, 14, 2},
253 
-	{"bytecode_rt_error", 10, 15, 2},
254 
-	{"jsnorm_init", 10, 16, 2},
255 
-	{"jsnorm_process", 10, 17, 2},
256 
-	{"jsnorm_done", 10, 18, 2},
257 
-	{"ilog2", 11, 7, 0},
258 
-	{"ipow", 13, 1, 7},
259 
-	{"iexp", 13, 2, 7},
260 
-	{"isin", 13, 3, 7},
261 
-	{"icos", 13, 4, 7},
262 
-	{"memstr", 9, 0, 8},
263 
-	{"hex2ui", 11, 8, 0},
233 
+	{"extract_new", 9, 4, 2},
234 
+	{"read_number", 9, 5, 2},
235 
+	{"hashset_new", 11, 0, 5},
236 
+	{"hashset_add", 10, 2, 0},
237 
+	{"hashset_remove", 10, 3, 0},
238 
+	{"hashset_contains", 10, 4, 0},
239 
+	{"hashset_done", 9, 6, 2},
240 
+	{"hashset_empty", 9, 7, 2},
241 
+	{"buffer_pipe_new", 9, 8, 2},
242 
+	{"buffer_pipe_new_fromfile", 9, 9, 2},
243 
+	{"buffer_pipe_read_avail", 9, 10, 2},
244 
+	{"buffer_pipe_read_get", 13, 0, 6},
245 
+	{"buffer_pipe_read_stopped", 10, 5, 0},
246 
+	{"buffer_pipe_write_avail", 9, 11, 2},
247 
+	{"buffer_pipe_write_get", 13, 1, 6},
248 
+	{"buffer_pipe_write_stopped", 10, 6, 0},
249 
+	{"buffer_pipe_done", 9, 12, 2},
250 
+	{"inflate_init", 14, 0, 7},
251 
+	{"inflate_process", 9, 13, 2},
252 
+	{"inflate_done", 9, 14, 2},
253 
+	{"bytecode_rt_error", 9, 15, 2},
254 
+	{"jsnorm_init", 9, 16, 2},
255 
+	{"jsnorm_process", 9, 17, 2},
256 
+	{"jsnorm_done", 9, 18, 2},
257 
+	{"ilog2", 10, 7, 0},
258 
+	{"ipow", 14, 1, 7},
259 
+	{"iexp", 14, 2, 7},
260 
+	{"isin", 14, 3, 7},
261 
+	{"icos", 14, 4, 7},
262 
+	{"memstr", 12, 0, 8},
263 
+	{"hex2ui", 10, 8, 0},
264 264 
 	{"atoi", 19, 13, 1},
265 265 
 	{"debug_print_str_start", 19, 14, 1},
266 266 
 	{"debug_print_str_nonl", 19, 15, 1},
267 267 
 	{"entropy_buffer", 19, 16, 1},
268 
-	{"map_new", 11, 9, 0},
269 
-	{"map_addkey", 14, 0, 9},
270 
-	{"map_setvalue", 14, 1, 9},
271 
-	{"map_remove", 14, 2, 9},
272 
-	{"map_find", 14, 3, 9},
273 
-	{"map_getvaluesize", 10, 19, 2},
274 
-	{"map_getvalue", 12, 2, 6},
275 
-	{"map_done", 10, 20, 2},
276 
-	{"file_find_limit", 14, 4, 9},
277 
-	{"engine_functionality_level", 8, 1, 5},
278 
-	{"engine_dconf_level", 8, 2, 5},
279 
-	{"engine_scan_options", 8, 3, 5},
280 
-	{"engine_db_options", 8, 4, 5},
281 
-	{"extract_set_container", 10, 21, 2},
282 
-	{"input_switch", 10, 22, 2},
268 
+	{"map_new", 10, 9, 0},
269 
+	{"map_addkey", 8, 0, 9},
270 
+	{"map_setvalue", 8, 1, 9},
271 
+	{"map_remove", 8, 2, 9},
272 
+	{"map_find", 8, 3, 9},
273 
+	{"map_getvaluesize", 9, 19, 2},
274 
+	{"map_getvalue", 13, 2, 6},
275 
+	{"map_done", 9, 20, 2},
276 
+	{"file_find_limit", 8, 4, 9},
277 
+	{"engine_functionality_level", 11, 1, 5},
278 
+	{"engine_dconf_level", 11, 2, 5},
279 
+	{"engine_scan_options", 11, 3, 5},
280 
+	{"engine_db_options", 11, 4, 5},
281 
+	{"extract_set_container", 9, 21, 2},
282 
+	{"input_switch", 9, 22, 2},
283 283 
 	{"get_environment", 15, 17, 1},
284 
-	{"disable_bytecode_if", 14, 5, 9},
285 
-	{"disable_jit_if", 14, 6, 9},
286 
-	{"version_compare", 9, 1, 8},
287 
-	{"check_platform", 13, 5, 7},
288 
-	{"pdf_get_obj_num", 8, 5, 5},
289 
-	{"pdf_get_flags", 8, 6, 5},
290 
-	{"pdf_set_flags", 10, 23, 2},
291 
-	{"pdf_lookupobj", 10, 24, 2},
292 
-	{"pdf_getobjsize", 10, 25, 2},
293 
-	{"pdf_getobj", 12, 3, 6},
294 
-	{"pdf_getobjid", 10, 26, 2},
295 
-	{"pdf_getobjflags", 10, 27, 2},
296 
-	{"pdf_setobjflags", 11, 10, 0},
297 
-	{"pdf_get_offset", 10, 28, 2},
298 
-	{"pdf_get_phase", 8, 7, 5},
299 
-	{"pdf_get_dumpedobjid", 8, 8, 5},
300 
-	{"matchicon", 9, 2, 8},
301 
-	{"running_on_jit", 8, 9, 5},
302 
-	{"get_file_reliability", 8, 10, 5}
284 
+	{"disable_bytecode_if", 8, 5, 9},
285 
+	{"disable_jit_if", 8, 6, 9},
286 
+	{"version_compare", 12, 1, 8},
287 
+	{"check_platform", 14, 5, 7},
288 
+	{"pdf_get_obj_num", 11, 5, 5},
289 
+	{"pdf_get_flags", 11, 6, 5},
290 
+	{"pdf_set_flags", 9, 23, 2},
291 
+	{"pdf_lookupobj", 9, 24, 2},
292 
+	{"pdf_getobjsize", 9, 25, 2},
293 
+	{"pdf_getobj", 13, 3, 6},
294 
+	{"pdf_getobjid", 9, 26, 2},
295 
+	{"pdf_getobjflags", 9, 27, 2},
296 
+	{"pdf_setobjflags", 10, 10, 0},
297 
+	{"pdf_get_offset", 9, 28, 2},
298 
+	{"pdf_get_phase", 11, 7, 5},
299 
+	{"pdf_get_dumpedobjid", 11, 8, 5},
300 
+	{"matchicon", 12, 2, 8},
301 
+	{"running_on_jit", 11, 9, 5},
302 
+	{"get_file_reliability", 11, 10, 5},
303 
+	{"json_is_active", 11, 11, 5},
304 
+	{"json_get_object", 8, 7, 9},
305 
+	{"json_get_type", 9, 29, 2},
306 
+	{"json_get_array_length", 9, 30, 2},
307 
+	{"json_get_array_idx", 10, 11, 0},
308 
+	{"json_get_string_length", 9, 31, 2},
309 
+	{"json_get_string", 8, 8, 9}
303 310 
 /* Bytecode APIcalls END */
304 311 
 };
305 312 
 const cli_apicall_int2 cli_apicalls0[] = {
... ... 
@@ -313,7 +327,8 @@ const cli_apicall_int2 cli_apicalls0[] = {
313 313 
 	(cli_apicall_int2)cli_bcapi_ilog2,
314 314 
 	(cli_apicall_int2)cli_bcapi_hex2ui,
315 315 
 	(cli_apicall_int2)cli_bcapi_map_new,
316 
-	(cli_apicall_int2)cli_bcapi_pdf_setobjflags
316 
+	(cli_apicall_int2)cli_bcapi_pdf_setobjflags,
317 
+	(cli_apicall_int2)cli_bcapi_json_get_array_idx
317 318 
 };
318 319 
 const cli_apicall_pointer cli_apicalls1[] = {
319 320 
 	(cli_apicall_pointer)cli_bcapi_read,
... ... 
@@ -364,7 +379,10 @@ const cli_apicall_int1 cli_apicalls2[] = {
364 364 
 	(cli_apicall_int1)cli_bcapi_pdf_getobjsize,
365 365 
 	(cli_apicall_int1)cli_bcapi_pdf_getobjid,
366 366 
 	(cli_apicall_int1)cli_bcapi_pdf_getobjflags,
367 
-	(cli_apicall_int1)cli_bcapi_pdf_get_offset
367 
+	(cli_apicall_int1)cli_bcapi_pdf_get_offset,
368 
+	(cli_apicall_int1)cli_bcapi_json_get_type,
369 
+	(cli_apicall_int1)cli_bcapi_json_get_array_length,
370 
+	(cli_apicall_int1)cli_bcapi_json_get_string_length
368 371 
 };
369 372 
 const cli_apicall_malloclike cli_apicalls3[] = {
370 373 
 	(cli_apicall_malloclike)cli_bcapi_malloc
... ... 
@@ -383,7 +401,8 @@ const cli_apicall_allocobj cli_apicalls5[] = {
383 383 
 	(cli_apicall_allocobj)cli_bcapi_pdf_get_phase,
384 384 
 	(cli_apicall_allocobj)cli_bcapi_pdf_get_dumpedobjid,
385 385 
 	(cli_apicall_allocobj)cli_bcapi_running_on_jit,
386 
-	(cli_apicall_allocobj)cli_bcapi_get_file_reliability
386 
+	(cli_apicall_allocobj)cli_bcapi_get_file_reliability,
387 
+	(cli_apicall_allocobj)cli_bcapi_json_is_active
387 388 
 };
388 389 
 const cli_apicall_bufget cli_apicalls6[] = {
389 390 
 	(cli_apicall_bufget)cli_bcapi_buffer_pipe_read_get,
... ... 
@@ -411,6 +430,8 @@ const cli_apicall_ptrbufid cli_apicalls9[] = {
411 411 
 	(cli_apicall_ptrbufid)cli_bcapi_map_find,
412 412 
 	(cli_apicall_ptrbufid)cli_bcapi_file_find_limit,
413 413 
 	(cli_apicall_ptrbufid)cli_bcapi_disable_bytecode_if,
414 
-	(cli_apicall_ptrbufid)cli_bcapi_disable_jit_if
414 
+	(cli_apicall_ptrbufid)cli_bcapi_disable_jit_if,
415 
+	(cli_apicall_ptrbufid)cli_bcapi_json_get_object,
416 
+	(cli_apicall_ptrbufid)cli_bcapi_json_get_string
415 417 
 };
416 418 
 const unsigned cli_apicall_maxapi = sizeof(cli_apicalls)/sizeof(cli_apicalls[0]);
libclamav/bytecode_api_impl.h
History View file @ fa7ae4c
... ... 
@@ -2,8 +2,8 @@
2 2 
  *  ClamAV bytecode internal API
3 3 
  *  This is an automatically generated file!
4 4 
  *
5 
- *  Copyright (C) 2009-2010 Sourcefire, Inc.
6 
- *  All rights reserved.
5 
+ *  Copyright (C) 2009-2013 Sourcefire, Inc.
6 
+ *  Copyright (C) 2014 Cisco Systems, Inc. and/or its affiliates. *  All rights reserved.
7 7 
  *
8 8 
  * Redistribution and use in source and binary forms, with or without
9 9 
  * modification, are permitted provided that the following conditions
... ... 
@@ -50,7 +50,7 @@ int32_t cli_bcapi_file_find(struct cli_bc_ctx *ctx , const uint8_t*, uint32_t);
50 50 
 int32_t cli_bcapi_file_byteat(struct cli_bc_ctx *ctx , uint32_t);
51 51 
 uint8_t* cli_bcapi_malloc(struct cli_bc_ctx *ctx , uint32_t);
52 52 
 uint32_t cli_bcapi_test2(struct cli_bc_ctx *ctx , uint32_t);
53 
-int32_t cli_bcapi_get_pe_section(struct cli_bc_ctx *ctx , void*, uint32_t);
53 
+int32_t cli_bcapi_get_pe_section(struct cli_bc_ctx *ctx , struct cli_exe_section*, uint32_t);
54 54 
 int32_t cli_bcapi_fill_buffer(struct cli_bc_ctx *ctx , uint8_t*, uint32_t, uint32_t, uint32_t, uint32_t);
55 55 
 int32_t cli_bcapi_extract_new(struct cli_bc_ctx *ctx , int32_t);
56 56 
 int32_t cli_bcapi_read_number(struct cli_bc_ctx *ctx , uint32_t);
... ... 
@@ -122,5 +122,12 @@ int32_t cli_bcapi_pdf_get_dumpedobjid(struct cli_bc_ctx *ctx );
122 122 
 int32_t cli_bcapi_matchicon(struct cli_bc_ctx *ctx , const uint8_t*, int32_t, const uint8_t*, int32_t);
123 123 
 int32_t cli_bcapi_running_on_jit(struct cli_bc_ctx *ctx );
124 124 
 int32_t cli_bcapi_get_file_reliability(struct cli_bc_ctx *ctx );
125 
+int32_t cli_bcapi_json_is_active(struct cli_bc_ctx *ctx );
126 
+int32_t cli_bcapi_json_get_object(struct cli_bc_ctx *ctx , const int8_t*, int32_t, int32_t);
127 
+int32_t cli_bcapi_json_get_type(struct cli_bc_ctx *ctx , int32_t);
128 
+int32_t cli_bcapi_json_get_array_length(struct cli_bc_ctx *ctx , int32_t);
129 
+int32_t cli_bcapi_json_get_array_idx(struct cli_bc_ctx *ctx , int32_t, int32_t);
130 
+int32_t cli_bcapi_json_get_string_length(struct cli_bc_ctx *ctx , int32_t);
131 
+int32_t cli_bcapi_json_get_string(struct cli_bc_ctx *ctx , int8_t*, int32_t, int32_t);
125 132
126 133 
 #endif