[Forensics-changes] [yara] 61/192: Add scan flag for disabling exceptions
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:31:46 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.6.0
in repository yara.
commit c72536a223a3e039c147273c7cc0d43f40b77660
Author: Hilko Bengen <bengen at hilluzination.de>
Date: Wed Nov 2 22:43:58 2016 +0100
Add scan flag for disabling exceptions
---
libyara/exception.h | 74 +++++++++++++++++++++++++++------------------
libyara/include/yara/scan.h | 1 +
libyara/rules.c | 12 ++++++--
3 files changed, 54 insertions(+), 33 deletions(-)
diff --git a/libyara/exception.h b/libyara/exception.h
index a9698b3..edead24 100644
--- a/libyara/exception.h
+++ b/libyara/exception.h
@@ -57,20 +57,27 @@ static LONG CALLBACK exception_handler(
return EXCEPTION_CONTINUE_SEARCH;
}
-#define YR_TRYCATCH(_try_clause_, _catch_clause_) \
+#define YR_TRYCATCH(_do_,_try_clause_, _catch_clause_) \
do \
{ \
- jmp_buf jb; \
- HANDLE exh = AddVectoredExceptionHandler(1, exception_handler); \
- int tidx = yr_get_tidx(); \
- assert(tidx != -1); \
- exc_jmp_buf[tidx] = &jb; \
- if (setjmp(jb) == 0) \
- { _try_clause_ } \
+ if (_do_) \
+ { \
+ jmp_buf jb; \
+ HANDLE exh = AddVectoredExceptionHandler(1, exception_handler); \
+ int tidx = yr_get_tidx(); \
+ assert(tidx != -1); \
+ exc_jmp_buf[tidx] = &jb; \
+ if (setjmp(jb) == 0) \
+ { _try_clause_ } \
+ else \
+ { _catch_clause_ } \
+ exc_jmp_buf[tidx] = NULL; \
+ RemoveVectoredExceptionHandler(exh); \
+ } \
else \
- { _catch_clause_ } \
- exc_jmp_buf[tidx] = NULL; \
- RemoveVectoredExceptionHandler(exh); \
+ { \
+ _try_clause_ \
+ } \
} while(0)
#else
@@ -94,28 +101,35 @@ static void exception_handler(int sig) {
typedef struct sigaction sa;
-#define YR_TRYCATCH(_try_clause_, _catch_clause_) \
+#define YR_TRYCATCH(_do_,_try_clause_, _catch_clause_) \
do \
{ \
- struct sigaction old_sigbus_act; \
- struct sigaction old_sigsegv_act; \
- struct sigaction act; \
- act.sa_handler = exception_handler; \
- act.sa_flags = 0; /* SA_ONSTACK? */ \
- sigfillset(&act.sa_mask); \
- sigaction(SIGBUS, &act, &old_sigbus_act); \
- sigaction(SIGSEGV, &act, &old_sigsegv_act); \
- int tidx = yr_get_tidx(); \
- assert(tidx != -1); \
- sigjmp_buf jb; \
- exc_jmp_buf[tidx] = &jb; \
- if (sigsetjmp(jb, 1) == 0) \
- { _try_clause_ } \
+ if (_do_) \
+ { \
+ struct sigaction old_sigbus_act; \
+ struct sigaction old_sigsegv_act; \
+ struct sigaction act; \
+ act.sa_handler = exception_handler; \
+ act.sa_flags = 0; /* SA_ONSTACK? */ \
+ sigfillset(&act.sa_mask); \
+ sigaction(SIGBUS, &act, &old_sigbus_act); \
+ sigaction(SIGSEGV, &act, &old_sigsegv_act); \
+ int tidx = yr_get_tidx(); \
+ assert(tidx != -1); \
+ sigjmp_buf jb; \
+ exc_jmp_buf[tidx] = &jb; \
+ if (sigsetjmp(jb, 1) == 0) \
+ { _try_clause_ } \
+ else \
+ { _catch_clause_ } \
+ exc_jmp_buf[tidx] = NULL; \
+ sigaction(SIGBUS, &old_sigbus_act, NULL); \
+ sigaction(SIGSEGV, &old_sigsegv_act, NULL); \
+ } \
else \
- { _catch_clause_ } \
- exc_jmp_buf[tidx] = NULL; \
- sigaction(SIGBUS, &old_sigbus_act, NULL); \
- sigaction(SIGSEGV, &old_sigsegv_act, NULL); \
+ { \
+ _try_clause_ \
+ } \
} while (0)
#endif
diff --git a/libyara/include/yara/scan.h b/libyara/include/yara/scan.h
index 8ea0cb8..8ef6575 100644
--- a/libyara/include/yara/scan.h
+++ b/libyara/include/yara/scan.h
@@ -35,6 +35,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// Bitmasks for flags.
#define SCAN_FLAGS_FAST_MODE 1
#define SCAN_FLAGS_PROCESS_MEMORY 2
+#define SCAN_FLAGS_NO_TRYCATCH 4
int yr_scan_verify_match(
diff --git a/libyara/rules.c b/libyara/rules.c
index d0b23d8..eaa5052 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -434,7 +434,9 @@ YR_API int yr_rules_scan_mem_blocks(
if (context.entry_point == UNDEFINED)
{
- YR_TRYCATCH({
+ YR_TRYCATCH(
+ !(flags & SCAN_FLAGS_NO_TRYCATCH),
+ {
if (flags & SCAN_FLAGS_PROCESS_MEMORY)
context.entry_point = yr_get_entry_point_address(
data,
@@ -447,7 +449,9 @@ YR_API int yr_rules_scan_mem_blocks(
},{});
}
- YR_TRYCATCH({
+ YR_TRYCATCH(
+ !(flags & SCAN_FLAGS_NO_TRYCATCH),
+ {
result = _yr_rules_scan_mem_block(
rules,
data,
@@ -465,7 +469,9 @@ YR_API int yr_rules_scan_mem_blocks(
block = iterator->next(iterator);
}
- YR_TRYCATCH({
+ YR_TRYCATCH(
+ !(flags & SCAN_FLAGS_NO_TRYCATCH),
+ {
result = yr_execute_code(
rules,
&context,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list