[Forensics-changes] [yara] 111/135: Implement module_initialize and module_finalize
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:27:38 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.1.0
in repository yara.
commit d5ed62e8b006ece65c2f7f7a3a3887bc2aa5d656
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Thu Aug 21 12:39:09 2014 +0200
Implement module_initialize and module_finalize
---
libyara/include/yara/modules.h | 41 +++++++++++++-----
libyara/libyara.c | 3 ++
libyara/modules.c | 55 +++++++++++++++++++++---
libyara/modules/cuckoo.c | 26 ++++++++---
libyara/modules/demo.c | 21 +++++++--
libyara/modules/pe.c | 98 +++++++++++++++++++++++++++++-------------
libyara/modules/tests.c | 40 +++++++++++------
7 files changed, 214 insertions(+), 70 deletions(-)
diff --git a/libyara/include/yara/modules.h b/libyara/include/yara/modules.h
index 882485f..e0e4f3e 100644
--- a/libyara/include/yara/modules.h
+++ b/libyara/include/yara/modules.h
@@ -27,6 +27,7 @@ limitations under the License.
#include <yara/exec.h>
#include <yara/types.h>
#include <yara/object.h>
+#include <yara/libyara.h>
// Concatenation that macro-expands its arguments.
@@ -34,10 +35,11 @@ limitations under the License.
#define _CONCAT(arg1, arg2) arg1 ## arg2 // do the actual concatenation.
-#define module_declarations CONCAT(MODULE_NAME, _declarations)
-#define module_load CONCAT(MODULE_NAME, _load)
-#define module_unload CONCAT(MODULE_NAME, _unload)
-
+#define module_declarations CONCAT(MODULE_NAME, __declarations)
+#define module_load CONCAT(MODULE_NAME, __load)
+#define module_unload CONCAT(MODULE_NAME, __unload)
+#define module_initialize CONCAT(MODULE_NAME, __initialize)
+#define module_finalize CONCAT(MODULE_NAME, __finalize)
#define begin_declarations \
int module_declarations(YR_OBJECT* module) { \
@@ -227,20 +229,30 @@ limitations under the License.
}
-typedef int (*YR_EXT_DECLARATIONS_FUNC)( \
- YR_OBJECT* module);
+struct _YR_MODULE;
+
+
+typedef int (*YR_EXT_INITIALIZE_FUNC)(
+ struct _YR_MODULE* module);
+
+
+typedef int (*YR_EXT_FINALIZE_FUNC)(
+ struct _YR_MODULE* module);
+
+typedef int (*YR_EXT_DECLARATIONS_FUNC)(
+ YR_OBJECT* module_object);
-typedef int (*YR_EXT_LOAD_FUNC)( \
+
+typedef int (*YR_EXT_LOAD_FUNC)(
YR_SCAN_CONTEXT* context,
- YR_OBJECT* module,
+ YR_OBJECT* module_object,
void* module_data,
size_t module_data_size);
-
-typedef int (*YR_EXT_UNLOAD_FUNC)( \
- YR_OBJECT* module);
+typedef int (*YR_EXT_UNLOAD_FUNC)(
+ YR_OBJECT* module_object);
typedef struct _YR_MODULE
@@ -252,6 +264,8 @@ typedef struct _YR_MODULE
YR_EXT_DECLARATIONS_FUNC declarations;
YR_EXT_LOAD_FUNC load;
YR_EXT_UNLOAD_FUNC unload;
+ YR_EXT_INITIALIZE_FUNC initialize;
+ YR_EXT_FINALIZE_FUNC finalize;
} YR_MODULE;
@@ -265,6 +279,11 @@ typedef struct _YR_MODULE_IMPORT
} YR_MODULE_IMPORT;
+int yr_modules_initialize();
+
+
+int yr_modules_finalize();
+
int yr_modules_do_declarations(
const char* module_name,
diff --git a/libyara/libyara.c b/libyara/libyara.c
index f3be9e7..cfa5991 100644
--- a/libyara/libyara.c
+++ b/libyara/libyara.c
@@ -20,6 +20,7 @@ limitations under the License.
#include <yara/mem.h>
#include <yara/re.h>
+#include <yara/modules.h>
#ifdef _WIN32
@@ -75,6 +76,7 @@ void yr_initialize(void)
#endif
yr_re_initialize();
+ yr_modules_initialize();
}
@@ -111,6 +113,7 @@ void yr_finalize(void)
#endif
yr_re_finalize();
+ yr_modules_finalize();
yr_heap_free();
}
diff --git a/libyara/modules.c b/libyara/modules.c
index 4ab8c6c..a5ba738 100644
--- a/libyara/modules.c
+++ b/libyara/modules.c
@@ -23,12 +23,14 @@ limitations under the License.
#define MODULE(name) \
- int name ## _declarations(YR_OBJECT* module); \
- int name ## _load(YR_SCAN_CONTEXT* context, \
- YR_OBJECT* module, \
- void* module_data, \
- size_t module_data_size); \
- int name ## _unload(YR_OBJECT* main_structure);
+ int name ## __declarations(YR_OBJECT* module); \
+ int name ## __load(YR_SCAN_CONTEXT* context, \
+ YR_OBJECT* module, \
+ void* module_data, \
+ size_t module_data_size); \
+ int name ## __unload(YR_OBJECT* main_structure); \
+ int name ## __initialize(YR_MODULE* module); \
+ int name ## __finalize(YR_MODULE* module);
#include <modules/module_list>
@@ -37,7 +39,14 @@ limitations under the License.
#define MODULE(name) \
- {0, #name, name##_declarations, name##_load, name##_unload},
+ { 0, \
+ #name, \
+ name##__declarations, \
+ name##__load, \
+ name##__unload, \
+ name##__initialize, \
+ name##__finalize \
+ },
YR_MODULE yr_modules_table[] =
{
@@ -47,6 +56,38 @@ YR_MODULE yr_modules_table[] =
#undef MODULE
+int yr_modules_initialize()
+{
+ int i, result;
+
+ for (i = 0; i < sizeof(yr_modules_table) / sizeof(YR_MODULE); i++)
+ {
+ result = yr_modules_table[i].initialize(&yr_modules_table[i]);
+
+ if (result != ERROR_SUCCESS)
+ return result;
+ }
+
+ return ERROR_SUCCESS;
+}
+
+
+int yr_modules_finalize()
+{
+ int i, result;
+
+ for (i = 0; i < sizeof(yr_modules_table) / sizeof(YR_MODULE); i++)
+ {
+ result = yr_modules_table[i].finalize(&yr_modules_table[i]);
+
+ if (result != ERROR_SUCCESS)
+ return result;
+ }
+
+ return ERROR_SUCCESS;
+}
+
+
int yr_modules_do_declarations(
const char* module_name,
YR_OBJECT* main_structure)
diff --git a/libyara/modules/cuckoo.c b/libyara/modules/cuckoo.c
index cc92ae8..2b68b59 100644
--- a/libyara/modules/cuckoo.c
+++ b/libyara/modules/cuckoo.c
@@ -214,9 +214,23 @@ begin_declarations;
end_declarations;
+int module_initialize(
+ YR_MODULE* module)
+{
+ return ERROR_SUCCESS;
+}
+
+
+int module_finalize(
+ YR_MODULE* module)
+{
+ return ERROR_SUCCESS;
+}
+
+
int module_load(
YR_SCAN_CONTEXT* context,
- YR_OBJECT* module,
+ YR_OBJECT* module_object,
void* module_data,
size_t module_data_size)
{
@@ -242,12 +256,12 @@ int module_load(
if (json == NULL)
return ERROR_INVALID_FILE;
- module->data = (void*) json;
+ module_object->data = (void*) json;
- network_obj = get_object(module, "network");
- registry_obj = get_object(module, "registry");
- filesystem_obj = get_object(module, "filesystem");
- sync_obj = get_object(module, "sync");
+ network_obj = get_object(module_object, "network");
+ registry_obj = get_object(module_object, "registry");
+ filesystem_obj = get_object(module_object, "filesystem");
+ sync_obj = get_object(module_object, "sync");
network_obj->data = (void*) json_object_get(json, "network");
diff --git a/libyara/modules/demo.c b/libyara/modules/demo.c
index b908ab2..1906a2f 100644
--- a/libyara/modules/demo.c
+++ b/libyara/modules/demo.c
@@ -25,21 +25,34 @@ begin_declarations;
end_declarations;
+int module_initialize(
+ YR_MODULE* module)
+{
+ return ERROR_SUCCESS;
+}
+
+
+int module_finalize(
+ YR_MODULE* module)
+{
+ return ERROR_SUCCESS;
+}
+
+
int module_load(
YR_SCAN_CONTEXT* context,
- YR_OBJECT* module,
+ YR_OBJECT* module_object,
void* module_data,
size_t module_data_size)
{
-
- set_string("Hello World!", module, "greeting");
+ set_string("Hello World!", module_object, "greeting");
return ERROR_SUCCESS;
}
int module_unload(
- YR_OBJECT* module)
+ YR_OBJECT* module_object)
{
return ERROR_SUCCESS;
}
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 45dec1d..d1ac58b 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -576,9 +576,23 @@ begin_declarations;
end_declarations;
+int module_initialize(
+ YR_MODULE* module)
+{
+ return ERROR_SUCCESS;
+}
+
+
+int module_finalize(
+ YR_MODULE* module)
+{
+ return ERROR_SUCCESS;
+}
+
+
int module_load(
YR_SCAN_CONTEXT* context,
- YR_OBJECT* module,
+ YR_OBJECT* module_object,
void* module_data,
size_t module_data_size)
{
@@ -590,55 +604,79 @@ int module_load(
size_t pe_size;
set_integer(
- IMAGE_FILE_MACHINE_I386, module, "MACHINE_I386");
+ IMAGE_FILE_MACHINE_I386, module_object,
+ "MACHINE_I386");
set_integer(
- IMAGE_FILE_MACHINE_AMD64, module, "MACHINE_AMD64");
+ IMAGE_FILE_MACHINE_AMD64, module_object,
+ "MACHINE_AMD64");
set_integer(
- IMAGE_SUBSYSTEM_UNKNOWN, module, "SUBSYSTEM_UNKNOWN");
+ IMAGE_SUBSYSTEM_UNKNOWN, module_object,
+ "SUBSYSTEM_UNKNOWN");
set_integer(
- IMAGE_SUBSYSTEM_NATIVE, module, "SUBSYSTEM_NATIVE");
+ IMAGE_SUBSYSTEM_NATIVE, module_object,
+ "SUBSYSTEM_NATIVE");
set_integer(
- IMAGE_SUBSYSTEM_WINDOWS_GUI, module, "SUBSYSTEM_WINDOWS_GUI");
+ IMAGE_SUBSYSTEM_WINDOWS_GUI, module_object,
+ "SUBSYSTEM_WINDOWS_GUI");
set_integer(
- IMAGE_SUBSYSTEM_WINDOWS_CUI, module, "SUBSYSTEM_WINDOWS_CUI");
+ IMAGE_SUBSYSTEM_WINDOWS_CUI, module_object,
+ "SUBSYSTEM_WINDOWS_CUI");
set_integer(
- IMAGE_SUBSYSTEM_OS2_CUI, module, "SUBSYSTEM_OS2_CUI");
+ IMAGE_SUBSYSTEM_OS2_CUI, module_object,
+ "SUBSYSTEM_OS2_CUI");
set_integer(
- IMAGE_SUBSYSTEM_POSIX_CUI, module, "SUBSYSTEM_POSIX_CUI");
+ IMAGE_SUBSYSTEM_POSIX_CUI, module_object,
+ "SUBSYSTEM_POSIX_CUI");
set_integer(
- IMAGE_SUBSYSTEM_NATIVE_WINDOWS, module, "SUBSYSTEM_NATIVE_WINDOWS");
+ IMAGE_SUBSYSTEM_NATIVE_WINDOWS, module_object,
+ "SUBSYSTEM_NATIVE_WINDOWS");
set_integer(
- IMAGE_FILE_RELOCS_STRIPPED, module, "RELOCS_STRIPPED");
+ IMAGE_FILE_RELOCS_STRIPPED, module_object,
+ "RELOCS_STRIPPED");
set_integer(
- IMAGE_FILE_EXECUTABLE_IMAGE, module, "EXECUTABLE_IMAGE");
+ IMAGE_FILE_EXECUTABLE_IMAGE, module_object,
+ "EXECUTABLE_IMAGE");
set_integer(
- IMAGE_FILE_LINE_NUMS_STRIPPED, module, "LINE_NUMS_STRIPPED");
+ IMAGE_FILE_LINE_NUMS_STRIPPED, module_object,
+ "LINE_NUMS_STRIPPED");
set_integer(
- IMAGE_FILE_LOCAL_SYMS_STRIPPED, module, "LOCAL_SYMS_STRIPPED");
+ IMAGE_FILE_LOCAL_SYMS_STRIPPED, module_object,
+ "LOCAL_SYMS_STRIPPED");
set_integer(
- IMAGE_FILE_AGGRESIVE_WS_TRIM, module, "AGGRESIVE_WS_TRIM");
+ IMAGE_FILE_AGGRESIVE_WS_TRIM, module_object,
+ "AGGRESIVE_WS_TRIM");
set_integer(
- IMAGE_FILE_LARGE_ADDRESS_AWARE, module, "LARGE_ADDRESS_AWARE");
+ IMAGE_FILE_LARGE_ADDRESS_AWARE, module_object,
+ "LARGE_ADDRESS_AWARE");
set_integer(
- IMAGE_FILE_BYTES_REVERSED_LO, module, "BYTES_REVERSED_LO");
+ IMAGE_FILE_BYTES_REVERSED_LO, module_object,
+ "BYTES_REVERSED_LO");
set_integer(
- IMAGE_FILE_32BIT_MACHINE, module, "32BIT_MACHINE");
+ IMAGE_FILE_32BIT_MACHINE, module_object,
+ "32BIT_MACHINE");
set_integer(
- IMAGE_FILE_DEBUG_STRIPPED, module, "DEBUG_STRIPPED");
+ IMAGE_FILE_DEBUG_STRIPPED, module_object,
+ "DEBUG_STRIPPED");
set_integer(
- IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP, module, "REMOVABLE_RUN_FROM_SWAP");
+ IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP, module_object,
+ "REMOVABLE_RUN_FROM_SWAP");
set_integer(
- IMAGE_FILE_NET_RUN_FROM_SWAP, module, "NET_RUN_FROM_SWAP");
+ IMAGE_FILE_NET_RUN_FROM_SWAP, module_object,
+ "NET_RUN_FROM_SWAP");
set_integer(
- IMAGE_FILE_SYSTEM, module, "SYSTEM");
+ IMAGE_FILE_SYSTEM, module_object,
+ "SYSTEM");
set_integer(
- IMAGE_FILE_DLL, module, "DLL");
+ IMAGE_FILE_DLL, module_object,
+ "DLL");
set_integer(
- IMAGE_FILE_UP_SYSTEM_ONLY, module, "UP_SYSTEM_ONLY");
+ IMAGE_FILE_UP_SYSTEM_ONLY, module_object,
+ "UP_SYSTEM_ONLY");
set_integer(
- IMAGE_FILE_BYTES_REVERSED_HI, module, "BYTES_REVERSED_HI");
+ IMAGE_FILE_BYTES_REVERSED_HI, module_object,
+ "BYTES_REVERSED_HI");
foreach_memory_block(context, block)
{
@@ -658,7 +696,7 @@ int module_load(
block->base,
pe_size,
context->flags,
- module);
+ module_object);
data = (DATA*) yr_malloc(sizeof(DATA));
@@ -670,7 +708,7 @@ int module_load(
data->pe_header = pe_header;
data->pe_size = pe_size;
- module->data = data;
+ module_object->data = data;
break;
}
}
@@ -680,10 +718,10 @@ int module_load(
}
-int module_unload(YR_OBJECT* module)
+int module_unload(YR_OBJECT* module_object)
{
- if (module->data != NULL)
- yr_free(module->data);
+ if (module_object->data != NULL)
+ yr_free(module_object->data);
return ERROR_SUCCESS;
}
diff --git a/libyara/modules/tests.c b/libyara/modules/tests.c
index b32049b..4f4c9a9 100644
--- a/libyara/modules/tests.c
+++ b/libyara/modules/tests.c
@@ -51,29 +51,45 @@ begin_declarations;
end_declarations;
+int module_initialize(
+ YR_MODULE* module)
+{
+ return ERROR_SUCCESS;
+}
+
+
+int module_finalize(
+ YR_MODULE* module)
+{
+ return ERROR_SUCCESS;
+}
+
int module_load(
YR_SCAN_CONTEXT* context,
- YR_OBJECT* module, void* module_data, size_t module_data_size)
+ YR_OBJECT* module_object,
+ void* module_data,
+ size_t module_data_size)
{
- set_integer(1, module, "constants.one");
- set_integer(2, module, "constants.two");
- set_string("foo", module, "constants.foo");
+ set_integer(1, module_object, "constants.one");
+ set_integer(2, module_object, "constants.two");
+ set_string("foo", module_object, "constants.foo");
- set_integer(1, module, "struct_array[1].i");
+ set_integer(1, module_object, "struct_array[1].i");
- set_integer(0, module, "integer_array[%i]", 0);
- set_integer(1, module, "integer_array[%i]", 1);
- set_integer(2, module, "integer_array[%i]", 2);
+ set_integer(0, module_object, "integer_array[%i]", 0);
+ set_integer(1, module_object, "integer_array[%i]", 1);
+ set_integer(2, module_object, "integer_array[%i]", 2);
- set_string("foo", module, "string_array[%i]", 0);
- set_string("bar", module, "string_array[%i]", 1);
- set_string("baz", module, "string_array[%i]", 2);
+ set_string("foo", module_object, "string_array[%i]", 0);
+ set_string("bar", module_object, "string_array[%i]", 1);
+ set_string("baz", module_object, "string_array[%i]", 2);
return ERROR_SUCCESS;
}
-int module_unload(YR_OBJECT* module)
+int module_unload(
+ YR_OBJECT* module_object)
{
return ERROR_SUCCESS;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list