[Forensics-changes] [yara] 121/160: Add thread index (tidx) to scan context
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:29:25 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.4.0
in repository yara.
commit a759589acad6dac47310819160efa4de1e073160
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Mon May 11 12:16:42 2015 +0200
Add thread index (tidx) to scan context
---
libyara/exec.c | 2 +-
libyara/include/yara/types.h | 5 ++---
libyara/modules/magic.c | 40 +++++++++++++++++-----------------------
libyara/rules.c | 23 ++++++++++++-----------
libyara/scan.c | 14 +++++---------
5 files changed, 37 insertions(+), 47 deletions(-)
diff --git a/libyara/exec.c b/libyara/exec.c
index 731dacd..5b6f89e 100644
--- a/libyara/exec.c
+++ b/libyara/exec.c
@@ -180,7 +180,7 @@ int yr_execute_code(
int result = ERROR_SUCCESS;
int stop = FALSE;
int cycle = 0;
- int tidx = yr_get_tidx();
+ int tidx = context->tidx;
#ifdef PROFILING_ENABLED
clock_t start = clock();
diff --git a/libyara/include/yara/types.h b/libyara/include/yara/types.h
index 2b21d04..62c3fec 100644
--- a/libyara/include/yara/types.h
+++ b/libyara/include/yara/types.h
@@ -43,9 +43,6 @@ typedef int32_t tidx_mask_t;
#define NAMESPACE_TFLAGS_UNSATISFIED_GLOBAL 0x01
-#define NAMESPACE_HAS_UNSATISFIED_GLOBAL(x) \
- ((x)->t_flags[yr_get_tidx()] & NAMESPACE_TFLAGS_UNSATISFIED_GLOBAL)
-
typedef struct _YR_NAMESPACE
{
@@ -380,6 +377,8 @@ typedef struct _YR_SCAN_CONTEXT
uint64_t entry_point;
int flags;
+ int tidx;
+
void* user_data;
YR_MEMORY_BLOCK* mem_block;
diff --git a/libyara/modules/magic.c b/libyara/modules/magic.c
index 086631e..786fda6 100644
--- a/libyara/modules/magic.c
+++ b/libyara/modules/magic.c
@@ -36,24 +36,22 @@ define_function(magic_mime_type)
YR_MEMORY_BLOCK* block;
YR_SCAN_CONTEXT* context = scan_context();
- int tidx = yr_get_tidx();
-
if (context->flags & SCAN_FLAGS_PROCESS_MEMORY)
return_string(UNDEFINED);
- if (cached_mime_types[tidx] == NULL)
+ if (cached_mime_types[context->tidx] == NULL)
{
block = first_memory_block(context);
- magic_setflags(magic_cookie[tidx], MAGIC_MIME_TYPE);
+ magic_setflags(magic_cookie[context->tidx], MAGIC_MIME_TYPE);
- cached_mime_types[tidx] = magic_buffer(
- magic_cookie[tidx],
+ cached_mime_types[context->tidx] = magic_buffer(
+ magic_cookie[context->tidx],
block->data,
block->size);
}
- return_string((char*) cached_mime_types[tidx]);
+ return_string((char*) cached_mime_types[context->tidx]);
}
@@ -62,24 +60,22 @@ define_function(magic_type)
YR_MEMORY_BLOCK* block;
YR_SCAN_CONTEXT* context = scan_context();
- int tidx = yr_get_tidx();
-
if (context->flags & SCAN_FLAGS_PROCESS_MEMORY)
return_string(UNDEFINED);
- if (cached_types[tidx] == NULL)
+ if (cached_types[context->tidx] == NULL)
{
block = first_memory_block(context);
- magic_setflags(magic_cookie[tidx], 0);
+ magic_setflags(magic_cookie[context->tidx], 0);
- cached_types[tidx] = magic_buffer(
- magic_cookie[tidx],
+ cached_types[context->tidx] = magic_buffer(
+ magic_cookie[context->tidx],
block->data,
block->size);
}
- return_string((char*) cached_types[tidx]);
+ return_string((char*) cached_types[context->tidx]);
}
begin_declarations;
@@ -117,20 +113,18 @@ int module_load(
void* module_data,
size_t module_data_size)
{
- int tidx = yr_get_tidx();
-
- cached_types[tidx] = NULL;
- cached_mime_types[tidx] = NULL;
+ cached_types[context->tidx] = NULL;
+ cached_mime_types[context->tidx] = NULL;
- if (magic_cookie[tidx] == NULL)
+ if (magic_cookie[context->tidx] == NULL)
{
- magic_cookie[tidx] = magic_open(0);
+ magic_cookie[context->tidx] = magic_open(0);
- if (magic_cookie[tidx] != NULL)
+ if (magic_cookie[context->tidx] != NULL)
{
- if (magic_load(magic_cookie[tidx], NULL) != 0)
+ if (magic_load(magic_cookie[context->tidx], NULL) != 0)
{
- magic_close(magic_cookie[tidx]);
+ magic_close(magic_cookie[context->tidx]);
return ERROR_INTERNAL_FATAL_ERROR;
}
}
diff --git a/libyara/rules.c b/libyara/rules.c
index 4f86bd7..2681b34 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -173,7 +173,7 @@ void _yr_rules_clean_matches(
{
YR_RULE* rule;
- int tidx = yr_get_tidx();
+ int tidx = context->tidx;
yr_rules_foreach(rules, rule)
{
@@ -322,16 +322,6 @@ YR_API int yr_rules_scan_mem_blocks(
if (block == NULL)
return ERROR_SUCCESS;
- context.flags = flags;
- context.callback = callback;
- context.user_data = user_data;
- context.file_size = block->size;
- context.mem_block = block;
- context.entry_point = UNDEFINED;
- context.objects_table = NULL;
- context.matches_arena = NULL;
- context.matching_strings_arena = NULL;
-
_yr_rules_lock(rules);
int tidx = 0;
@@ -353,6 +343,17 @@ YR_API int yr_rules_scan_mem_blocks(
if (result != ERROR_SUCCESS)
return result;
+ context.tidx = tidx;
+ context.flags = flags;
+ context.callback = callback;
+ context.user_data = user_data;
+ context.file_size = block->size;
+ context.mem_block = block;
+ context.entry_point = UNDEFINED;
+ context.objects_table = NULL;
+ context.matches_arena = NULL;
+ context.matching_strings_arena = NULL;
+
yr_set_tidx(tidx);
result = yr_arena_create(1024, 0, &context.matches_arena);
diff --git a/libyara/scan.c b/libyara/scan.c
index f78e83a..8a6402b 100644
--- a/libyara/scan.c
+++ b/libyara/scan.c
@@ -39,7 +39,6 @@ typedef struct _CALLBACK_ARGS
int forward_matches;
int full_word;
- int tidx;
} CALLBACK_ARGS;
@@ -428,8 +427,7 @@ int _yr_scan_verify_chained_string_match(
uint8_t* match_data,
size_t match_base,
size_t match_offset,
- int32_t match_length,
- int tidx)
+ int32_t match_length)
{
YR_STRING* string;
YR_MATCH* match;
@@ -440,6 +438,7 @@ int _yr_scan_verify_chained_string_match(
size_t ending_offset;
int32_t full_chain_length;
+ int tidx = context->tidx;
int add_match = FALSE;
if (matching_string->chained_to == NULL)
@@ -583,7 +582,7 @@ int _yr_scan_match_callback(
YR_MATCH* new_match;
int result = ERROR_SUCCESS;
- int tidx = callback_args->tidx;
+ int tidx = callback_args->context->tidx;
size_t match_offset = match_data - callback_args->data;
@@ -624,8 +623,7 @@ int _yr_scan_match_callback(
match_data,
callback_args->data_base,
match_offset,
- match_length,
- tidx);
+ match_length);
}
else
{
@@ -739,7 +737,6 @@ int _yr_scan_verify_re_match(
callback_args.data_base = data_base;
callback_args.forward_matches = forward_matches;
callback_args.full_word = STRING_IS_FULL_WORD(ac_match->string);
- callback_args.tidx = yr_get_tidx();
if (ac_match->backward_code != NULL)
{
@@ -846,7 +843,6 @@ int _yr_scan_verify_literal_match(
callback_args.data_base = data_base;
callback_args.forward_matches = forward_matches;
callback_args.full_word = STRING_IS_FULL_WORD(string);
- callback_args.tidx = yr_get_tidx();
FAIL_ON_ERROR(_yr_scan_match_callback(
data + offset, 0, flags, &callback_args));
@@ -874,7 +870,7 @@ int yr_scan_verify_match(
if (context->flags & SCAN_FLAGS_FAST_MODE &&
STRING_IS_SINGLE_MATCH(string) &&
- STRING_FOUND(string))
+ string->matches[context->tidx].head != NULL)
return ERROR_SUCCESS;
if (STRING_IS_FIXED_OFFSET(string) &&
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list