1. clamav-devel
  2. Commit fcd9ab4bcf84afe52df253d282f22a4a006e054b
Browse code

alt approach for snames in yC

TODO:
- check consistency in elf parser
- remove hardcoded header size
- fix check for 1st sect rva
- ...
- regression


git-svn-id: file:///var/lib/svn/clamav-devel/branches/temp_branch_pe_cleanup@2943 77e5149b-7576-45b1-b177-96237e5ba77b

aCaB authored on 2007/03/15 04:34:40
Showing 2 changed files
libclamav/execs.h
History View file @ fcd9ab4
... ... 
@@ -33,7 +33,6 @@ struct cli_exe_section {
33 33 
     uint32_t uvsz; /* PE - unaligned VirtualSize */
34 34 
     uint32_t uraw; /* PE - unaligned PointerToRawData */
35 35 
     uint32_t ursz; /* PE - unaligned SizeOfRawData */
36 
-
37 36 
 };
38 37
39 38 
 struct cli_exe_info {
libclamav/yc.c
History View file @ fcd9ab4
... ... 
@@ -169,6 +169,7 @@ int yc_decrypt(char *fbuf, unsigned int filesize, struct cli_exe_section *sectio
169 169 
   uint32_t ycsect = sections[sectcount].raw;
170 170 
   unsigned int i;
171 171 
   struct pe_image_file_hdr *pe = (struct pe_image_file_hdr*) (fbuf + peoffset);
172 
+  char *sname = (char *)pe + EC16(pe->SizeOfOptionalHeader) + 0x18;
172 173
173 174 
   /*
174 175
... ... 
@@ -198,7 +199,7 @@ int yc_decrypt(char *fbuf, unsigned int filesize, struct cli_exe_section *sectio
198 198 
   /* Loop through all sections and decrypt them... */
199 199 
   for(i=0;i<sectcount;i++)
200 200 
     {
201 
-      uint32_t name = (uint32_t) cli_readint32((char *)sections[i].Name);
201 
+      uint32_t name = (uint32_t) cli_readint32(sname+i*0x28);
202 202 
       if ( !sections[i].raw ||
203 203 
 	   !sections[i].rsz ||
204 204 
 	   name == 0x63727372 || /* rsrc */