[Forensics-changes] [yara] 380/407: Implement yr_filemap_map_ex
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:28:47 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.3.0
in repository yara.
commit fbb48a48e6139befb5da0d6f9b38b83ce1d4f3da
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Thu Feb 5 12:41:56 2015 +0100
Implement yr_filemap_map_ex
---
libyara/filemap.c | 178 +++++++++++++++++++++++++++++++++--------
libyara/include/yara/filemap.h | 10 ++-
libyara/libyara.sym | 1 +
3 files changed, 155 insertions(+), 34 deletions(-)
diff --git a/libyara/filemap.c b/libyara/filemap.c
index 4b6f516..f02656e 100755
--- a/libyara/filemap.c
+++ b/libyara/filemap.c
@@ -1,5 +1,5 @@
/*
-Copyright (c) 2007. The YARA Authors. All Rights Reserved.
+Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -28,21 +28,74 @@ limitations under the License.
#include <yara/error.h>
-#ifdef _WIN32
-
//
-// Win32 implementation
+// yr_filemap_map
+//
+// Maps a whole file into memory.
+//
+// Args:
+// const char* file_path - Path of the file to map.
+// YR_MAPPED_FILE* pmapped_file - Pointer to a YR_MAPPED_FILE that will be
+// filled with information about the mapping.
+// Returns:
+// One of the following error codes:
+// ERROR_SUCCESS
+// ERROR_INVALID_ARGUMENT
+// ERROR_COULD_NOT_OPEN_FILE
+// ERROR_COULD_NOT_MAP_FILE
//
YR_API int yr_filemap_map(
const char* file_path,
YR_MAPPED_FILE* pmapped_file)
{
- LARGE_INTEGER size;
+ return yr_filemap_map_ex(file_path, 0, 0, pmapped_file);
+}
+
+//
+// yr_filemap_map_ex
+//
+// Maps a portion of a file into memory.
+//
+// Args:
+// const char* file_path - Path of the file to map.
+// off_t offset - File offset where the mapping will begin.
+// This offset must be multiple of 1MB and not
+// greater than the actual file size.
+// size_t size - Number of bytes that will be mapped. If
+// zero or greater than the actual file size
+// all content until the end of the file will
+// be mapped.
+// YR_MAPPED_FILE* pmapped_file - Pointer to a YR_MAPPED_FILE struct that
+// will be filled with the new mapping.
+// Returns:
+// One of the following error codes:
+// ERROR_SUCCESS
+// ERROR_INVALID_ARGUMENT
+// ERROR_COULD_NOT_OPEN_FILE
+// ERROR_COULD_NOT_MAP_FILE
+//
+
+#ifdef _WIN32
+
+YR_API int yr_filemap_map_ex(
+ const char* file_path,
+ off_t offset,
+ size_t size,
+ YR_MAPPED_FILE* pmapped_file)
+{
+ pmapped_file->file = INVALID_HANDLE_VALUE;
+ pmapped_file->mapping = NULL;
+ pmapped_file->data = NULL;
+ pmapped_file->size = 0;
if (file_path == NULL)
return ERROR_INVALID_ARGUMENT;
+ // Ensure that offset is aligned to 1MB
+ if (offset >> 20 << 20 != offset)
+ return ERROR_INVALID_ARGUMENT;
+
pmapped_file->file = CreateFile(
file_path,
GENERIC_READ,
@@ -55,20 +108,32 @@ YR_API int yr_filemap_map(
if (pmapped_file->file == INVALID_HANDLE_VALUE)
return ERROR_COULD_NOT_OPEN_FILE;
+ LARGE_INTEGER size;
+ size_t file_size;
+
if (GetFileSizeEx(pmapped_file->file, &size))
{
#ifdef _WIN64
- pmapped_file->size = size.QuadPart;
+ file_size = size.QuadPart;
#else
- pmapped_file->size = size.LowPart;
+ file_size = size.LowPart;
#endif
}
else
{
CloseHandle(pmapped_file->file);
+ pmapped_file->file = INVALID_HANDLE_VALUE;
return ERROR_COULD_NOT_OPEN_FILE;
}
+ if (offset > file_size)
+ return ERROR_COULD_NOT_MAP_FILE;
+
+ if (size == 0)
+ size = file_size - offset;
+
+ pmapped_file->size = min(size, file_size - offset);
+
if (pmapped_file->size != 0)
{
pmapped_file->mapping = CreateFileMapping(
@@ -82,20 +147,23 @@ YR_API int yr_filemap_map(
if (pmapped_file->mapping == NULL)
{
CloseHandle(pmapped_file->file);
+ pmapped_file->file = INVALID_HANDLE_VALUE;
return ERROR_COULD_NOT_MAP_FILE;
}
pmapped_file->data = (uint8_t*) MapViewOfFile(
pmapped_file->mapping,
FILE_MAP_READ,
- 0,
- 0,
- 0);
+ offset >> 32,
+ offset & 0xFFFFFFFF,
+ pmapped_file->size);
if (pmapped_file->data == NULL)
{
CloseHandle(pmapped_file->mapping);
CloseHandle(pmapped_file->file);
+ pmapped_file->file = INVALID_HANDLE_VALUE;
+ pmapped_file->mapping = NULL;
return ERROR_COULD_NOT_MAP_FILE;
}
}
@@ -108,42 +176,42 @@ YR_API int yr_filemap_map(
return ERROR_SUCCESS;
}
-YR_API void yr_filemap_unmap(
- YR_MAPPED_FILE* pmapped_file)
-{
- if (pmapped_file->data != NULL)
- UnmapViewOfFile(pmapped_file->data);
-
- if (pmapped_file->mapping != NULL)
- CloseHandle(pmapped_file->mapping);
-
- CloseHandle(pmapped_file->file);
-}
-
-#else
+#else // POSIX
-//
-// POSIX implementation
-//
-
-YR_API int yr_filemap_map(
+YR_API int yr_filemap_map_ex(
const char* file_path,
+ off_t offset,
+ size_t size,
YR_MAPPED_FILE* pmapped_file)
{
struct stat fstat;
+ pmapped_file->data = NULL;
+ pmapped_file->size = 0;
+ pmapped_file->file = -1;
+
if (file_path == NULL)
return ERROR_INVALID_ARGUMENT;
- if (stat(file_path,&fstat) != 0 || S_ISDIR(fstat.st_mode))
- return ERROR_COULD_NOT_OPEN_FILE;
+ // Ensure that offset is aligned to 1MB
+ if (offset >> 20 << 20 != offset)
+ return ERROR_INVALID_ARGUMENT;
+
+ if (stat(file_path, &fstat) != 0 || S_ISDIR(fstat.st_mode))
+ return ERROR_COULD_NOT_OPEN_FILE;
+
+ if (offset > fstat.st_size)
+ return ERROR_COULD_NOT_MAP_FILE;
+
+ if (size == 0)
+ size = fstat.st_size - offset;
pmapped_file->file = open(file_path, O_RDONLY);
if (pmapped_file->file == -1)
return ERROR_COULD_NOT_OPEN_FILE;
- pmapped_file->size = fstat.st_size;
+ pmapped_file->size = min(size, fstat.st_size - offset);
if (pmapped_file->size != 0)
{
@@ -153,11 +221,16 @@ YR_API int yr_filemap_map(
PROT_READ,
MAP_PRIVATE,
pmapped_file->file,
- 0);
+ offset);
if (pmapped_file->data == MAP_FAILED)
{
close(pmapped_file->file);
+
+ pmapped_file->data = NULL;
+ pmapped_file->size = 0;
+ pmapped_file->file = -1;
+
return ERROR_COULD_NOT_MAP_FILE;
}
}
@@ -169,13 +242,52 @@ YR_API int yr_filemap_map(
return ERROR_SUCCESS;
}
+#endif
+
+
+//
+// yr_filemap_unmap
+//
+// Unmaps a file mapping.
+//
+// Args:
+// YR_MAPPED_FILE* pmapped_file - Pointer to a YR_MAPPED_FILE that struct.
+//
+
+#ifdef WIN32
+
+YR_API void yr_filemap_unmap(
+ YR_MAPPED_FILE* pmapped_file)
+{
+ if (pmapped_file->data != NULL)
+ UnmapViewOfFile(pmapped_file->data);
+
+ if (pmapped_file->mapping != NULL)
+ CloseHandle(pmapped_file->mapping);
+
+ if (pmapped_file->file != INVALID_HANDLE_VALUE)
+ CloseHandle(pmapped_file->file);
+
+ pmapped_file->file = INVALID_HANDLE_VALUE;
+ pmapped_file->mapping = NULL;
+ pmapped_file->data = NULL;
+ pmapped_file->size = 0;
+}
+
+#else // POSIX
+
YR_API void yr_filemap_unmap(
YR_MAPPED_FILE* pmapped_file)
{
if (pmapped_file->data != NULL)
munmap(pmapped_file->data, pmapped_file->size);
- close(pmapped_file->file);
+ if (pmapped_file->file != -1)
+ close(pmapped_file->file);
+
+ pmapped_file->file = -1;
+ pmapped_file->data = NULL;
+ pmapped_file->size = 0;
}
#endif
diff --git a/libyara/include/yara/filemap.h b/libyara/include/yara/filemap.h
index 9b2dc34..11397f8 100755
--- a/libyara/include/yara/filemap.h
+++ b/libyara/include/yara/filemap.h
@@ -1,5 +1,5 @@
/*
-Copyright (c) 2007. The YARA Authors. All Rights Reserved.
+Copyright (c) 2007-2015. The YARA Authors. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@ limitations under the License.
#include <windows.h>
#define FILE_DESCRIPTOR HANDLE
#else
+#include <sys/types.h>
#define FILE_DESCRIPTOR int
#endif
@@ -47,6 +48,13 @@ YR_API int yr_filemap_map(
YR_MAPPED_FILE* pmapped_file);
+YR_API int yr_filemap_map_ex(
+ const char* file_path,
+ off_t offset,
+ size_t size,
+ YR_MAPPED_FILE* pmapped_file);
+
+
YR_API void yr_filemap_unmap(
YR_MAPPED_FILE* pmapped_file);
diff --git a/libyara/libyara.sym b/libyara/libyara.sym
index 18b8268..0d624b0 100644
--- a/libyara/libyara.sym
+++ b/libyara/libyara.sym
@@ -2,6 +2,7 @@ yr_initialize
yr_finalize
yr_finalize_thread
yr_filemap_map
+yr_filemap_map_ex
yr_filemap_unmap
yr_get_tidx
yr_set_tidx
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list