[Forensics-changes] [yara] 65/135: Make scan context accesible to module functions

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:27:33 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.1.0
in repository yara.

commit 2f16c3a9ad6002df6f3338d8fd17cd7aeff5f8bb
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Thu Jul 17 15:37:52 2014 +0200

    Make scan context accesible to module functions
---
 libyara/exec.c                 |   2 +-
 libyara/include/yara/modules.h |  22 ++--
 libyara/include/yara/rules.h   |   6 --
 libyara/include/yara/scan.h    |  20 +---
 libyara/include/yara/types.h   | 236 ++++++++++++++++++++++-------------------
 5 files changed, 144 insertions(+), 142 deletions(-)

diff --git a/libyara/exec.c b/libyara/exec.c
index c188072..a2830c5 100644
--- a/libyara/exec.c
+++ b/libyara/exec.c
@@ -474,7 +474,7 @@ int yr_execute_code(
         pop(r2);
 
         function = UINT64_TO_PTR(YR_OBJECT_FUNCTION*, r2);
-        result = function->code((void*) args, function);
+        result = function->code((void*) args, context, function);
 
         if (result == ERROR_SUCCESS)
           push(PTR_TO_UINT64(function->return_obj));
diff --git a/libyara/include/yara/modules.h b/libyara/include/yara/modules.h
index 2e6a128..4f0c77e 100644
--- a/libyara/include/yara/modules.h
+++ b/libyara/include/yara/modules.h
@@ -157,15 +157,19 @@ limitations under the License.
 
 
 #define define_function(func) \
-    int func (void* args, YR_OBJECT_FUNCTION* function_obj)
+    int func ( \
+        void* __args, \
+        YR_SCAN_CONTEXT* __context, \
+        YR_OBJECT_FUNCTION* __function_obj)
 
 
-#define integer_argument(n)  (((int64_t*) args)[n-1])
-#define string_argument(n)   ((char*)((int64_t*) args)[n-1])
-#define regexp_argument(n)   ((RE_CODE)((int64_t*) args)[n-1])
+#define integer_argument(n)  (((int64_t*) __args)[n-1])
+#define string_argument(n)   ((char*)((int64_t*) __args)[n-1])
+#define regexp_argument(n)   ((RE_CODE)((int64_t*) __args)[n-1])
 
 
-#define self()  (function_obj->parent_obj)
+#define self()          (__function_obj->parent_obj)
+#define scan_context()  (__context)
 
 
 #define foreach_memory_block(context, block) \
@@ -200,11 +204,11 @@ limitations under the License.
 
 #define return_integer(integer) { \
       assertf( \
-          function_obj->return_obj->type == OBJECT_TYPE_INTEGER, \
+          __function_obj->return_obj->type == OBJECT_TYPE_INTEGER, \
           "return type differs from function declaration"); \
       yr_object_set_integer( \
           (integer), \
-          function_obj->return_obj, \
+          __function_obj->return_obj, \
           NULL); \
       return ERROR_SUCCESS; \
     }
@@ -212,11 +216,11 @@ limitations under the License.
 
 #define return_string(string) { \
       assertf( \
-          function_obj->return_obj->type == OBJECT_TYPE_STRING, \
+          __function_obj->return_obj->type == OBJECT_TYPE_STRING, \
           "return type differs from function declaration"); \
       yr_object_set_string( \
           ((string) != UNDEFINED) ? (string) : NULL, \
-          function_obj->return_obj, \
+          __function_obj->return_obj, \
           NULL); \
       return ERROR_SUCCESS; \
     }
diff --git a/libyara/include/yara/rules.h b/libyara/include/yara/rules.h
index 5c41fc9..a2edf73 100644
--- a/libyara/include/yara/rules.h
+++ b/libyara/include/yara/rules.h
@@ -31,12 +31,6 @@ limitations under the License.
 #define CALLBACK_ERROR      2
 
 
-typedef int (*YR_CALLBACK_FUNC)(
-    int message,
-    void* message_data,
-    void* user_data);
-
-
 int yr_rules_scan_mem(
     YR_RULES* rules,
     uint8_t* buffer,
diff --git a/libyara/include/yara/scan.h b/libyara/include/yara/scan.h
index 026b94c..b2e47b8 100644
--- a/libyara/include/yara/scan.h
+++ b/libyara/include/yara/scan.h
@@ -18,29 +18,11 @@ limitations under the License.
 #define YR_SCAN_H
 
 #include <yara/types.h>
-#include <yara/hash.h>
-#include <yara/rules.h>
 
-
-#define SCAN_FLAGS_FAST_MODE		 1
+#define SCAN_FLAGS_FAST_MODE         1
 #define SCAN_FLAGS_PROCESS_MEMORY    2
 
 
-typedef struct _YR_SCAN_CONTEXT
-{
-  uint64_t  file_size;
-  uint64_t  entry_point;
-
-  int flags;
-  void* user_data;
-
-  YR_MEMORY_BLOCK*  mem_block;
-  YR_HASH_TABLE*  objects_table;
-  YR_CALLBACK_FUNC  callback;
-
-} YR_SCAN_CONTEXT;
-
-
 int yr_scan_verify_match(
     YR_AC_MATCH* ac_match,
     uint8_t* data,
diff --git a/libyara/include/yara/types.h b/libyara/include/yara/types.h
index 426f5e8..d45f4f9 100644
--- a/libyara/include/yara/types.h
+++ b/libyara/include/yara/types.h
@@ -21,6 +21,7 @@ limitations under the License.
 #include <yara/arena.h>
 #include <yara/re.h>
 #include <yara/limits.h>
+#include <yara/hash.h>
 
 #ifdef WIN32
 #include <windows.h>
@@ -36,97 +37,6 @@ typedef int32_t tidx_mask_t;
 #define DECLARE_REFERENCE(type, name) \
     union { type name; int64_t name##_; }
 
-
-#define OBJECT_COMMON_FIELDS \
-    int8_t type; \
-    const char* identifier; \
-    void* data;
-
-
-typedef struct _YR_OBJECT
-{
-  OBJECT_COMMON_FIELDS
-
-} YR_OBJECT;
-
-
-typedef struct _YR_OBJECT_INTEGER
-{
-  OBJECT_COMMON_FIELDS
-  int64_t value;
-
-} YR_OBJECT_INTEGER;
-
-
-typedef struct _YR_OBJECT_STRING
-{
-  OBJECT_COMMON_FIELDS
-  char* value;
-
-} YR_OBJECT_STRING;
-
-
-typedef struct _YR_OBJECT_REGEXP
-{
-  OBJECT_COMMON_FIELDS
-  RE* value;
-
-} YR_OBJECT_REGEXP;
-
-
-typedef struct _YR_OBJECT_STRUCTURE
-{
-  OBJECT_COMMON_FIELDS
-  struct _YR_STRUCTURE_MEMBER* members;
-
-} YR_OBJECT_STRUCTURE;
-
-
-typedef struct _YR_OBJECT_ARRAY
-{
-  OBJECT_COMMON_FIELDS
-  struct _YR_ARRAY_ITEMS* items;
-
-} YR_OBJECT_ARRAY;
-
-
-struct _YR_OBJECT_FUNCTION;
-
-
-typedef int (*YR_MODULE_FUNC)(
-    void* args, struct _YR_OBJECT_FUNCTION* function_obj);
-
-
-typedef struct _YR_OBJECT_FUNCTION
-{
-  OBJECT_COMMON_FIELDS
-
-  const char* arguments_fmt;
-
-  YR_OBJECT* parent_obj;
-  YR_OBJECT* return_obj;
-
-  YR_MODULE_FUNC code;
-
-} YR_OBJECT_FUNCTION;
-
-
-typedef struct _YR_STRUCTURE_MEMBER
-{
-  YR_OBJECT* object;
-  struct _YR_STRUCTURE_MEMBER* next;
-
-} YR_STRUCTURE_MEMBER;
-
-
-typedef struct _YR_ARRAY_ITEMS
-{
-  int count;
-  YR_OBJECT* objects[1];
-
-} YR_ARRAY_ITEMS;
-
-
 #pragma pack(push)
 #pragma pack(1)
 
@@ -284,8 +194,6 @@ typedef struct _YR_STRING
 } YR_STRING;
 
 
-
-
 #define RULE_TFLAGS_MATCH                0x01
 
 #define RULE_GFLAGS_PRIVATE              0x01
@@ -408,7 +316,21 @@ typedef struct _YR_AC_AUTOMATON
 } YR_AC_AUTOMATON;
 
 
-#include <yara/arena.h>
+typedef struct _YARA_RULES_FILE_HEADER
+{
+  uint32_t version;
+
+  DECLARE_REFERENCE(YR_RULE*, rules_list_head);
+  DECLARE_REFERENCE(YR_EXTERNAL_VARIABLE*, externals_list_head);
+  DECLARE_REFERENCE(uint8_t*, code_start);
+  DECLARE_REFERENCE(YR_AC_AUTOMATON*, automaton);
+
+} YARA_RULES_FILE_HEADER;
+
+
+
+#pragma pack(pop)
+
 
 typedef struct _YR_RULES {
 
@@ -425,18 +347,6 @@ typedef struct _YR_RULES {
 } YR_RULES;
 
 
-typedef struct _YARA_RULES_FILE_HEADER
-{
-  uint32_t version;
-
-  DECLARE_REFERENCE(YR_RULE*, rules_list_head);
-  DECLARE_REFERENCE(YR_EXTERNAL_VARIABLE*, externals_list_head);
-  DECLARE_REFERENCE(uint8_t*, code_start);
-  DECLARE_REFERENCE(YR_AC_AUTOMATON*, automaton);
-
-} YARA_RULES_FILE_HEADER;
-
-
 typedef struct _YR_MEMORY_BLOCK
 {
   uint8_t* data;
@@ -447,7 +357,119 @@ typedef struct _YR_MEMORY_BLOCK
 
 } YR_MEMORY_BLOCK;
 
-#pragma pack(pop)
+
+typedef int (*YR_CALLBACK_FUNC)(
+    int message,
+    void* message_data,
+    void* user_data);
+
+
+typedef struct _YR_SCAN_CONTEXT
+{
+  uint64_t  file_size;
+  uint64_t  entry_point;
+
+  int flags;
+  void* user_data;
+
+  YR_MEMORY_BLOCK*  mem_block;
+  YR_HASH_TABLE*  objects_table;
+  YR_CALLBACK_FUNC  callback;
+
+} YR_SCAN_CONTEXT;
+
+
+
+#define OBJECT_COMMON_FIELDS \
+    int8_t type; \
+    const char* identifier; \
+    void* data;
+
+
+typedef struct _YR_OBJECT
+{
+  OBJECT_COMMON_FIELDS
+
+} YR_OBJECT;
+
+
+typedef struct _YR_OBJECT_INTEGER
+{
+  OBJECT_COMMON_FIELDS
+  int64_t value;
+
+} YR_OBJECT_INTEGER;
+
+
+typedef struct _YR_OBJECT_STRING
+{
+  OBJECT_COMMON_FIELDS
+  char* value;
+
+} YR_OBJECT_STRING;
+
+
+typedef struct _YR_OBJECT_REGEXP
+{
+  OBJECT_COMMON_FIELDS
+  RE* value;
+
+} YR_OBJECT_REGEXP;
+
+
+typedef struct _YR_OBJECT_STRUCTURE
+{
+  OBJECT_COMMON_FIELDS
+  struct _YR_STRUCTURE_MEMBER* members;
+
+} YR_OBJECT_STRUCTURE;
+
+
+typedef struct _YR_OBJECT_ARRAY
+{
+  OBJECT_COMMON_FIELDS
+  struct _YR_ARRAY_ITEMS* items;
+
+} YR_OBJECT_ARRAY;
+
+
+struct _YR_OBJECT_FUNCTION;
+
+
+typedef int (*YR_MODULE_FUNC)(
+    void* args,
+    YR_SCAN_CONTEXT* context,
+    struct _YR_OBJECT_FUNCTION* function_obj);
+
+
+typedef struct _YR_OBJECT_FUNCTION
+{
+  OBJECT_COMMON_FIELDS
+
+  const char* arguments_fmt;
+
+  YR_OBJECT* parent_obj;
+  YR_OBJECT* return_obj;
+
+  YR_MODULE_FUNC code;
+
+} YR_OBJECT_FUNCTION;
+
+
+typedef struct _YR_STRUCTURE_MEMBER
+{
+  YR_OBJECT* object;
+  struct _YR_STRUCTURE_MEMBER* next;
+
+} YR_STRUCTURE_MEMBER;
+
+
+typedef struct _YR_ARRAY_ITEMS
+{
+  int count;
+  YR_OBJECT* objects[1];
+
+} YR_ARRAY_ITEMS;
 
 
 #endif
\ No newline at end of file

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list