[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Török Edvin
edwin at clamav.net
Sun Apr 4 01:09:04 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 250d92c5331d78095d09288d75543becd837d2b6
Author: Török Edvin <edwin at clamav.net>
Date: Fri Nov 6 16:34:46 2009 +0200
Sync with compiler.
diff --git a/libclamav/bytecode.h b/libclamav/bytecode.h
index 2d64653..9a3754d 100644
--- a/libclamav/bytecode.h
+++ b/libclamav/bytecode.h
@@ -21,8 +21,9 @@
*/
#ifndef BYTECODE_H
#define BYTECODE_H
-#include <stdio.h>
+#include <stdint.h>
#include "clambc.h"
+#include <stdio.h>
struct cli_dbio;
struct cli_bc_ctx;
diff --git a/libclamav/bytecode_api.c b/libclamav/bytecode_api.c
index e7bcc15..f3dadfa 100644
--- a/libclamav/bytecode_api.c
+++ b/libclamav/bytecode_api.c
@@ -90,3 +90,16 @@ uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx* ctx, const uint8_t *name, uin
ctx->virname = name;
return 0;
}
+
+uint32_t cli_bcapi_disasm_x86(struct cli_bc_ctx *ctx, struct DISASM_RESULT *res, uint32_t len)
+{
+ //TODO: call disasm_x86_wrap, which outputs a MARIO struct
+}
+
+int32_t cli_bcapi_write(struct cli_bc_ctx *ctx, uint8_t*data, int32_t len)
+{
+ //TODO: write to tempfile (checking maxsize), and later scan it via
+ //magicscandesc
+}
+
+
diff --git a/libclamav/bytecode_api.h b/libclamav/bytecode_api.h
index 8ab8ac7..bd05f38 100644
--- a/libclamav/bytecode_api.h
+++ b/libclamav/bytecode_api.h
@@ -24,12 +24,13 @@
#ifdef __CLAMBC__
#include "bytecode_execs.h"
-//#include "bytecode_pe.h"
+#include "bytecode_pe.h"
+#include "bytecode_disasm.h"
#endif
#ifndef __CLAMBC__
#include "execs.h"
-#include "pe.h"
+struct DISASM_RESULT;
#endif
struct foo {
@@ -64,6 +65,7 @@ enum {
SEEK_END
};
+int32_t write(uint8_t *data, int32_t size);
/* seeks current position to @pos, from @whence, returns current position from
* start of file */
int32_t seek(int32_t pos, uint32_t whence);
@@ -73,7 +75,8 @@ uint32_t setvirusname(const uint8_t *name, uint32_t len);
uint32_t debug_print_str(const uint8_t *str, uint32_t len);
uint32_t debug_print_uint(uint32_t a, uint32_t b);
-//const char *LogicalSignature;
+// disassembles at current file position, use lseek to disasm someplace else
+uint32_t disasm_x86(struct DISASM_RESULT*, uint32_t len);
#endif
#endif
diff --git a/libclamav/bytecode_api_decl.c b/libclamav/bytecode_api_decl.c
index 15c8b50..b6ab686 100644
--- a/libclamav/bytecode_api_decl.c
+++ b/libclamav/bytecode_api_decl.c
@@ -29,16 +29,18 @@
uint32_t cli_bcapi_test0(struct cli_bc_ctx *ctx, struct foo*, uint32_t);
uint32_t cli_bcapi_test1(struct cli_bc_ctx *ctx, uint32_t, uint32_t);
int32_t cli_bcapi_read(struct cli_bc_ctx *ctx, uint8_t*, int32_t);
+int32_t cli_bcapi_write(struct cli_bc_ctx *ctx, uint8_t*, int32_t);
int32_t cli_bcapi_seek(struct cli_bc_ctx *ctx, int32_t, uint32_t);
uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);
uint32_t cli_bcapi_debug_print_str(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);
uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t, uint32_t);
+uint32_t cli_bcapi_disasm_x86(struct cli_bc_ctx *ctx, struct DISASM_RESULT*, uint32_t);
const struct cli_apiglobal cli_globals[] = {
/* Bytecode globals BEGIN */
- {"__clambc_match_counts", GLOBAL_MATCH_COUNTS, 73,
+ {"__clambc_match_counts", GLOBAL_MATCH_COUNTS, 82,
((char*)&((struct cli_bc_ctx*)0)->hooks.match_counts - (char*)NULL)},
- {"__clambc_exeinfo", GLOBAL_EXEINFO, 70,
+ {"__clambc_exeinfo", GLOBAL_EXEINFO, 79,
((char*)&((struct cli_bc_ctx*)0)->hooks.exeinfo - (char*)NULL)},
{"__clambc_kind", GLOBAL_KIND, 16,
((char*)&((struct cli_bc_ctx*)0)->hooks.kind - (char*)NULL)},
@@ -47,40 +49,72 @@ const struct cli_apiglobal cli_globals[] = {
/* Bytecode globals END */
};
const unsigned cli_apicall_maxglobal = _LAST_GLOBAL-1;
-static uint16_t cli_tmp0[]={};
-static uint16_t cli_tmp1[]={71, 32, 32, 16};
-static uint16_t cli_tmp2[]={72};
-static uint16_t cli_tmp3[]={32, 32, 32, 32, 32, 32, 32, 32, 32};
-static uint16_t cli_tmp4[]={32};
-static uint16_t cli_tmp5[]={32, 32, 32};
-static uint16_t cli_tmp6[]={32, 65, 32};
-static uint16_t cli_tmp7[]={32, 77, 32};
+static uint16_t cli_tmp0[]={79, 77, 75, 72, 70, 32, 32};
+static uint16_t cli_tmp1[]={71};
+static uint16_t cli_tmp2[]={32, 32};
+static uint16_t cli_tmp3[]={73};
+static uint16_t cli_tmp4[]={16, 8, 8, 32, 32, 32, 32, 32, 64, 32, 32, 16, 16, 16, 16, 16, 16, 32, 32, 32, 32, 16, 16, 64, 64, 64, 64, 32, 32, 74};
+static uint16_t cli_tmp5[]={71};
+static uint16_t cli_tmp6[]={76};
+static uint16_t cli_tmp7[]={16, 8, 8, 32, 32, 32, 32, 32, 32, 32, 32, 32, 16, 16, 16, 16, 16, 16, 32, 32, 32, 32, 16, 16, 32, 32, 32, 32, 32, 32, 74};
static uint16_t cli_tmp8[]={78};
-static uint16_t cli_tmp9[]={77};
+static uint16_t cli_tmp9[]={32, 16, 16, 32, 32, 32, 16, 16};
+static uint16_t cli_tmp10[]={80, 32, 32, 16};
+static uint16_t cli_tmp11[]={81};
+static uint16_t cli_tmp12[]={32, 32, 32, 32, 32, 32, 32, 32, 32};
+static uint16_t cli_tmp13[]={32};
+static uint16_t cli_tmp14[]={32, 84, 32};
+static uint16_t cli_tmp15[]={85};
+static uint16_t cli_tmp16[]={16, 8, 8, 8, 87, 86};
+static uint16_t cli_tmp17[]={8};
+static uint16_t cli_tmp18[]={88};
+static uint16_t cli_tmp19[]={8};
+static uint16_t cli_tmp20[]={32, 32, 32};
+static uint16_t cli_tmp21[]={32, 65, 32};
+static uint16_t cli_tmp22[]={32, 92, 32};
+static uint16_t cli_tmp23[]={93};
+static uint16_t cli_tmp24[]={92};
const struct cli_bc_type cli_apicall_types[]={
- {, cli_tmp0, , 0, 0},
- {DStructType, cli_tmp1, 4, 0, 0},
- {DPointerType, cli_tmp2, 1, 0, 0},
- {DStructType, cli_tmp3, 9, 0, 0},
- {DArrayType, cli_tmp4, 64, 0, 0},
- {DFunctionType, cli_tmp5, 3, 0, 0},
- {DFunctionType, cli_tmp6, 3, 0, 0},
- {DFunctionType, cli_tmp7, 3, 0, 0},
+ {DStructType, cli_tmp0, 7, 0, 0},
+ {DPointerType, cli_tmp1, 1, 0, 0},
+ {DStructType, cli_tmp2, 2, 0, 0},
+ {DPointerType, cli_tmp3, 1, 0, 0},
+ {DStructType, cli_tmp4, 30, 0, 0},
+ {DArrayType, cli_tmp5, 16, 0, 0},
+ {DPointerType, cli_tmp6, 1, 0, 0},
+ {DStructType, cli_tmp7, 31, 0, 0},
{DPointerType, cli_tmp8, 1, 0, 0},
- {DStructType, cli_tmp9, 1, 0, 0}
+ {DStructType, cli_tmp9, 8, 0, 0},
+ {DStructType, cli_tmp10, 4, 0, 0},
+ {DPointerType, cli_tmp11, 1, 0, 0},
+ {DStructType, cli_tmp12, 9, 0, 0},
+ {DArrayType, cli_tmp13, 64, 0, 0},
+ {DFunctionType, cli_tmp14, 3, 0, 0},
+ {DPointerType, cli_tmp15, 1, 0, 0},
+ {DStructType, cli_tmp16, 6, 0, 0},
+ {DArrayType, cli_tmp17, 29, 0, 0},
+ {DArrayType, cli_tmp18, 10, 0, 0},
+ {DArrayType, cli_tmp19, 3, 0, 0},
+ {DFunctionType, cli_tmp20, 3, 0, 0},
+ {DFunctionType, cli_tmp21, 3, 0, 0},
+ {DFunctionType, cli_tmp22, 3, 0, 0},
+ {DPointerType, cli_tmp23, 1, 0, 0},
+ {DStructType, cli_tmp24, 1, 0, 0}
};
const unsigned cli_apicall_maxtypes=sizeof(cli_apicall_types)/sizeof(cli_apicall_types[0]);
const struct cli_apicall cli_apicalls[]={
/* Bytecode APIcalls BEGIN */
- {"test0", 7, 0, 1},
- {"test1", 5, 0, 0},
- {"read", 6, 1, 1},
- {"seek", 5, 1, 0},
- {"setvirusname", 6, 2, 1},
- {"debug_print_str", 6, 3, 1},
- {"debug_print_uint", 5, 2, 0}
+ {"test0", 22, 0, 1},
+ {"test1", 20, 0, 0},
+ {"read", 21, 1, 1},
+ {"write", 21, 2, 1},
+ {"seek", 20, 1, 0},
+ {"setvirusname", 21, 3, 1},
+ {"debug_print_str", 21, 4, 1},
+ {"debug_print_uint", 20, 2, 0},
+ {"disasm_x86", 14, 5, 1}
/* Bytecode APIcalls END */
};
const cli_apicall_int2 cli_apicalls0[] = {
@@ -91,7 +125,9 @@ const cli_apicall_int2 cli_apicalls0[] = {
const cli_apicall_pointer cli_apicalls1[] = {
(cli_apicall_pointer)cli_bcapi_test0,
(cli_apicall_pointer)cli_bcapi_read,
+ (cli_apicall_pointer)cli_bcapi_write,
(cli_apicall_pointer)cli_bcapi_setvirusname,
- (cli_apicall_pointer)cli_bcapi_debug_print_str
+ (cli_apicall_pointer)cli_bcapi_debug_print_str,
+ (cli_apicall_pointer)cli_bcapi_disasm_x86
};
const unsigned cli_apicall_maxapi = sizeof(cli_apicalls)/sizeof(cli_apicalls[0]);
diff --git a/libclamav/bytecode_api_impl.h b/libclamav/bytecode_api_impl.h
index b6c9a18..f12a388 100644
--- a/libclamav/bytecode_api_impl.h
+++ b/libclamav/bytecode_api_impl.h
@@ -26,9 +26,11 @@ struct cli_bc_bctx;
uint32_t cli_bcapi_test0(struct cli_bc_ctx *ctx, struct foo*, uint32_t);
uint32_t cli_bcapi_test1(struct cli_bc_ctx *ctx, uint32_t, uint32_t);
int32_t cli_bcapi_read(struct cli_bc_ctx *ctx, uint8_t*, int32_t);
+int32_t cli_bcapi_write(struct cli_bc_ctx *ctx, uint8_t*, int32_t);
int32_t cli_bcapi_seek(struct cli_bc_ctx *ctx, int32_t, uint32_t);
uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);
uint32_t cli_bcapi_debug_print_str(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);
uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t, uint32_t);
+uint32_t cli_bcapi_disasm_x86(struct cli_bc_ctx *ctx, struct DISASM_RESULT*, uint32_t);
#endif
diff --git a/libclamav/bytecode_hooks.h b/libclamav/bytecode_hooks.h
index 0fbe8c7..a0edad6 100644
--- a/libclamav/bytecode_hooks.h
+++ b/libclamav/bytecode_hooks.h
@@ -24,8 +24,8 @@
struct cli_bc_hooks {
const uint32_t* match_counts;
- const struct cli_exe_info exeinfo;
- const uint16_t kind;
- const cli_pe_hook_data pedata;
+ const struct cli_exe_info* exeinfo;
+ const uint16_t* kind;
+ const struct cli_pe_hook_data* pedata;
};
#endif
diff --git a/libclamav/clambc.h b/libclamav/clambc.h
index 730c341..32bde15 100644
--- a/libclamav/clambc.h
+++ b/libclamav/clambc.h
@@ -22,7 +22,6 @@
#ifndef CLAMBC_H
#define CLAMBC_H
-
struct bytecode_metadata {
unsigned long maxStack, maxMem;
unsigned long maxTime;
@@ -75,6 +74,12 @@ enum bc_opcode {
OP_BC_GEPN,
OP_BC_STORE,
OP_BC_LOAD,
+ OP_BC_MEMSET,
+ OP_BC_MEMCPY,
+ OP_BC_MEMMOVE,
+ OP_BC_MEMCMP,
+ OP_BC_ISBIGENDIAN,
+ OP_BC_ABORT,
OP_BC_INVALID /* last */
};
@@ -95,7 +100,13 @@ static const unsigned char operand_counts[] = {
/* OP_BC_COPY */
2,
/* OP_BC_GEP1, OP_BC_GEP2, OP_BC_GEPN, OP_BC_STORE, OP_BC_LOAD*/
- 2, 3, 0, 2, 1
+ 2, 3, 0, 2, 1,
+ /* OP_MEM* */
+ 3, 3, 3, 3,
+ /* OP_BC_ISBIGENDIAN */
+ 0,
+ /* OP_BC_ABORT */
+ 0
};
enum bc_global {
@@ -104,6 +115,7 @@ enum bc_global {
GLOBAL_KIND,
GLOBAL_VIRUSNAMES,
GLOBAL_EXEINFO,
+ GLOBAL_PEDATA,
_LAST_GLOBAL
};
diff --git a/libclamav/disasm.c b/libclamav/disasm.c
index 628a480..00b8629 100644
--- a/libclamav/disasm.c
+++ b/libclamav/disasm.c
@@ -18,6 +18,16 @@
* MA 02110-1301, USA.
*/
+#if HAVE_CONFIG_H
+#include "clamav-config.h"
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+#include "others.h"
+
#include "disasmpriv.h"
#include "disasm.h"
@@ -1669,22 +1679,11 @@ static uint8_t *disasm_x86(uint8_t *command, unsigned int len, struct DISASMED *
}
}
-
void disasmbuf(uint8_t *buff, unsigned int len, int fd) {
uint8_t *next = buff;
unsigned int counter=0;
struct DISASMED s;
- struct MARIO {
- uint16_t real_op;
- uint8_t opsize;
- uint8_t adsize;
- uint8_t segment;
-
- uint8_t arg[3][10];
-
- uint8_t extra[29];
- } w;
-
+ struct DISASM_RESULT w;
memset(&w.extra[0], 0, sizeof(w.extra));
while(len && counter++<200) {
diff --git a/libclamav/disasmpriv.h b/libclamav/disasmpriv.h
index 788790b..d6584d1 100644
--- a/libclamav/disasmpriv.h
+++ b/libclamav/disasmpriv.h
@@ -21,308 +21,7 @@
#ifndef __DISASMPRIV_H
#define __DISASMPRIV_H
-#if HAVE_CONFIG_H
-#include "clamav-config.h"
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <assert.h>
-
-#include "others.h"
-
-enum X86OPS {
- OP_INVALID,
- OP_AAA,
- OP_AAD,
- OP_AAM,
- OP_AAS,
- OP_ADD,
- OP_ADC,
- OP_AND,
- OP_ARPL,
- OP_BOUND,
- OP_BSF,
- OP_BSR,
- OP_BSWAP,
- OP_BT,
- OP_BTC,
- OP_BTR,
- OP_BTS,
- OP_CALL,
- OP_CDQ,
- OP_CWD,
- OP_CWDE,
- OP_CBW,
- OP_CLC,
- OP_CLD,
- OP_CLI,
- OP_CLTS,
- OP_CMC,
- OP_CMOVO,
- OP_CMOVNO,
- OP_CMOVC,
- OP_CMOVNC,
- OP_CMOVZ,
- OP_CMOVNZ,
- OP_CMOVBE,
- OP_CMOVA,
- OP_CMOVS,
- OP_CMOVNS,
- OP_CMOVP,
- OP_CMOVNP,
- OP_CMOVL,
- OP_CMOVGE,
- OP_CMOVLE,
- OP_CMOVG,
- OP_CMP,
- OP_CMPSD,
- OP_CMPSW,
- OP_CMPSB,
- OP_CMPXCHG,
- OP_CMPXCHG8B,
- OP_CPUID,
- OP_DAA,
- OP_DAS,
- OP_DEC,
- OP_DIV,
- OP_ENTER,
- OP_FWAIT,
- OP_HLT,
- OP_IDIV,
- OP_IMUL,
- OP_INC,
- OP_IN,
- OP_INSD,
- OP_INSW,
- OP_INSB,
- OP_INT,
- OP_INT3,
- OP_INTO,
- OP_INVD,
- OP_INVLPG,
- OP_IRET,
- OP_JO,
- OP_JNO,
- OP_JC,
- OP_JNC,
- OP_JZ,
- OP_JNZ,
- OP_JBE,
- OP_JA,
- OP_JS,
- OP_JNS,
- OP_JP,
- OP_JNP,
- OP_JL,
- OP_JGE,
- OP_JLE,
- OP_JG,
- OP_JMP,
- OP_LAHF,
- OP_LAR,
- OP_LDS,
- OP_LES,
- OP_LFS,
- OP_LGS,
- OP_LEA,
- OP_LEAVE,
- OP_LGDT,
- OP_LIDT,
- OP_LLDT,
- OP_PREFIX_LOCK,
- OP_LODSD,
- OP_LODSW,
- OP_LODSB,
- OP_LOOP,
- OP_LOOPE,
- OP_LOOPNE,
- OP_JECXZ,
- OP_LSL,
- OP_LSS,
- OP_LTR,
- OP_MOV,
- OP_MOVSD,
- OP_MOVSW,
- OP_MOVSB,
- OP_MOVSX,
- OP_MOVZX,
- OP_MUL,
- OP_NEG,
- OP_NOP,
- OP_NOT,
- OP_OR,
- OP_OUT,
- OP_OUTSD,
- OP_OUTSW,
- OP_OUTSB,
- OP_PUSH,
- OP_PUSHAD,
- OP_PUSHA,
- OP_PUSHFD,
- OP_PUSHF,
- OP_POP,
- OP_POPAD,
- OP_POPFD,
- OP_POPF,
- OP_RCL,
- OP_RCR,
- OP_RDMSR,
- OP_RDPMC,
- OP_RDTSC,
- OP_PREFIX_REPE,
- OP_PREFIX_REPNE,
- OP_RETF,
- OP_RETN,
- OP_ROL,
- OP_ROR,
- OP_RSM,
- OP_SAHF,
- OP_SAR,
- OP_SBB,
- OP_SCASD,
- OP_SCASW,
- OP_SCASB,
- OP_SETO,
- OP_SETNO,
- OP_SETC,
- OP_SETNC,
- OP_SETZ,
- OP_SETNZ,
- OP_SETBE,
- OP_SETA,
- OP_SETS,
- OP_SETNS,
- OP_SETP,
- OP_SETNP,
- OP_SETL,
- OP_SETGE,
- OP_SETLE,
- OP_SETG,
- OP_SGDT,
- OP_SIDT,
- OP_SHL,
- OP_SHLD,
- OP_SHR,
- OP_SHRD,
- OP_SLDT,
- OP_STOSD,
- OP_STOSW,
- OP_STOSB,
- OP_STR,
- OP_STC,
- OP_STD,
- OP_STI,
- OP_SUB,
- OP_SYSCALL,
- OP_SYSENTER,
- OP_SYSEXIT,
- OP_SYSRET,
- OP_TEST,
- OP_UD2,
- OP_VERR,
- OP_VERRW,
- OP_WBINVD,
- OP_WRMSR,
- OP_XADD,
- OP_XCHG,
- OP_XLAT,
- OP_XOR,
- OP_PREFIX_OPSIZE,
- OP_PREFIX_ADDRSIZE,
- OP_PREFIX_SEGMENT,
- OP_2BYTE,
-
- OP_FPU,
-
- OP_F2XM1,
- OP_FABS,
- OP_FADD,
- OP_FADDP,
- OP_FBLD,
- OP_FBSTP,
- OP_FCHS,
- OP_FCLEX,
- OP_FCMOVB,
- OP_FCMOVBE,
- OP_FCMOVE,
- OP_FCMOVNB,
- OP_FCMOVNBE,
- OP_FCMOVNE,
- OP_FCMOVNU,
- OP_FCMOVU,
- OP_FCOM,
- OP_FCOMI,
- OP_FCOMIP,
- OP_FCOMP,
- OP_FCOMPP,
- OP_FCOS,
- OP_FDECSTP,
- OP_FDIV,
- OP_FDIVP,
- OP_FDIVR,
- OP_FDIVRP,
- OP_FFREE,
- OP_FIADD,
- OP_FICOM,
- OP_FICOMP,
- OP_FIDIV,
- OP_FIDIVR,
- OP_FILD,
- OP_FIMUL,
- OP_FINCSTP,
- OP_FINIT,
- OP_FIST,
- OP_FISTP,
- OP_FISTTP,
- OP_FISUB,
- OP_FISUBR,
- OP_FLD,
- OP_FLD1,
- OP_FLDCW,
- OP_FLDENV,
- OP_FLDL2E,
- OP_FLDL2T,
- OP_FLDLG2,
- OP_FLDLN2,
- OP_FLDPI,
- OP_FLDZ,
- OP_FMUL,
- OP_FMULP,
- OP_FNOP,
- OP_FPATAN,
- OP_FPREM,
- OP_FPREM1,
- OP_FPTAN,
- OP_FRNDINT,
- OP_FRSTOR,
- OP_FSCALE,
- OP_FSIN,
- OP_FSINCOS,
- OP_FSQRT,
- OP_FSAVE,
- OP_FST,
- OP_FSTCW,
- OP_FSTENV,
- OP_FSTP,
- OP_FSTSW,
- OP_FSUB,
- OP_FSUBP,
- OP_FSUBR,
- OP_FSUBRP,
- OP_FTST,
- OP_FUCOM,
- OP_FUCOMI,
- OP_FUCOMIP,
- OP_FUCOMP,
- OP_FUCOMPP,
- OP_FXAM,
- OP_FXCH,
- OP_FXTRACT,
- OP_FYL2X,
- OP_FYL2XP1
-};
-
+#include "disasm-common.h"
enum DIS_STATE {
STATE_GETOP,
@@ -334,37 +33,6 @@ enum DIS_STATE {
STATE_ERROR
};
-enum DIS_ACCESS {
- ACCESS_NOARG, /* arg not present */
- ACCESS_IMM, /* immediate */
- ACCESS_REL, /* +/- immediate */
- ACCESS_REG, /* register */
- ACCESS_MEM /* [something] */
-};
-
-enum DIS_SIZE { /* for mem access, immediate and relative */
- SIZEB,
- SIZEW,
- SIZED,
- SIZEF,
- SIZEQ,
- SIZET,
- SIZEPTR
-};
-
-
-enum X86REGS {
- REG_EAX, REG_ECX, REG_EDX, REG_EBX, REG_ESP, REG_EBP, REG_ESI, REG_EDI,
- REG_AX, REG_CX, REG_DX, REG_BX, REG_SP, REG_BP, REG_SI, REG_DI,
- REG_AH, REG_CH, REG_DH, REG_BH, REG_AL, REG_CL, REG_DL, REG_BL,
- REG_ES, REG_CS, REG_SS, REG_DS, REG_FS, REG_GS,
- REG_CR0, REG_CR1, REG_CR2, REG_CR3, REG_CR4, REG_CR5, REG_CR6, REG_CR7,
- REG_DR0, REG_DR1, REG_DR2, REG_DR3, REG_DR4, REG_DR5, REG_DR6, REG_DR7,
- REG_ST0, REG_ST1, REG_ST2, REG_ST3, REG_ST4, REG_ST5, REG_ST6, REG_ST7,
- REG_INVALID
-};
-
-
struct DIS_ARGS {
enum DIS_ACCESS access;
enum DIS_SIZE size;
@@ -388,7 +56,6 @@ struct DIS_ARGS {
} arg;
};
-
/* FIXME: pack this thing and make macroes to access it in different compilers */
struct DISASMED {
uint16_t table_op;
diff --git a/unit_tests/input/apicalls.cbc b/unit_tests/input/apicalls.cbc
index b87ced2..999a094 100644
--- a/unit_tests/input/apicalls.cbc
+++ b/unit_tests/input/apicalls.cbc
@@ -1,7 +1,7 @@
-ClamBCaa`|``````|`afafp`clamcoincidencejb
+ClamBCaa`|``````|`ahafp`clamcoincidencejb
-Tedacb`bb`bb`b
-Eabaaabbed|afdgefcgdgac``
+Tedaa`ab`badacb`bb`bb`b
+Eabaaabbgd|afdgefcgdgac``
G``
A`b`bLacb`baab`bFadaa
Bb`b`abbabHonnkm``odHm``oonnkdaaaaeab`b`Hhgfedcbadb`baboaaaDm``odDmjnmdTcab`babE
diff --git a/unit_tests/input/apicalls2.cbc b/unit_tests/input/apicalls2.cbc
index 7f574d7..740f97a 100644
--- a/unit_tests/input/apicalls2.cbc
+++ b/unit_tests/input/apicalls2.cbc
@@ -1,10 +1,10 @@
-ClamBCaa`|``````|`ajafp`clamcoincidencejb
+ClamBCaa`|``````|`alafp`clamcoincidencejb
-Tedcabidebidacb`bbidb`bacb`bb`bb`bebed
-Eababaabgd|afdgefcgdg`c``abbhd|afdgefcgdgac``
+Tedaa`cabkdebkdab`badacb`bbkdb`bacb`bb`bb`bebfd
+Eababaabid|afdgefcgdg`c``abbjd|afdgefcgdgac``
G``
-A`b`bLahbedbfd`b`baab`baab`bFajac
-Bbfdaadb`@d at d``fb`aab`bacabbabHonnkm``odHm``oonnkdaaadeab`bacHhgfedcbadTaaadaaab
+A`b`bLahbfdbgd`b`baab`baab`bFajac
+Bbgdaadb`@d at d``bb``b`bacabbabHonnkm``odHm``oonnkdaaadeab`bacHhgfedcbadTaaadaaab
Bb`baeabbaa`Honnkmjnmdaaafeab`baeHhgfedcbadb`bagoaafDm``odDmjnmdTcab`bag
BTcab`bDmjnmdE
Aab`bLabahaab`bFacaa
diff --git a/unit_tests/input/arith.cbc b/unit_tests/input/arith.cbc
index 855f638..e2865a3 100644
--- a/unit_tests/input/arith.cbc
+++ b/unit_tests/input/arith.cbc
@@ -1,6 +1,6 @@
-ClamBCaa`|``````|`aebbep`clamcoincidencejb
+ClamBCaa`|``````|`agbbep`clamcoincidencejb
-Ted
+Tedaa`ab`bad
E``
G``
A`b`bLbabb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bb`bFbbbaa
diff --git a/unit_tests/input/div0.cbc b/unit_tests/input/div0.cbc
index b52778a..fdab586 100644
--- a/unit_tests/input/div0.cbc
+++ b/unit_tests/input/div0.cbc
@@ -1,6 +1,6 @@
-ClamBCaa`|``````|`aeabp`clamcoincidencejb
+ClamBCaa`|``````|`agabp`clamcoincidencejb
-Ted
+Tedaa`ab`bad
E``
G``
A`b`bLaab`bFabaa
diff --git a/unit_tests/input/lsig.cbc b/unit_tests/input/lsig.cbc
index e95ef9a..03cefe9 100644
--- a/unit_tests/input/lsig.cbc
+++ b/unit_tests/input/lsig.cbc
@@ -1,9 +1,11 @@
-ClamBCaa`|``c``a```|`alaap`clamcoincidencejb
+ClamBCaa`|``````|`bkaabp`clamcoincidencejb
Trojan.Foo.{A,B};Target:0;((0|1|2)=42,2);aabb;ffffffff;aaccee;f00d
-Tedebkdebjdebadebcdacb`bbadb`bdb`db`bdabah
-Eaeaaaebid|amcgefdgfgifbgegcgnfafmfef``
-Gd```hahbkdBad@`bkdBbd@`bad@@`bad at Aa`bcdAcD```h`bcdAbD```h`bcd at D```h`bcdAaD```h`
+Tedebjeebieebheebgeebfeebeeebceebbeebadebcdaa`ab`badacb`bbadb`bdb`db`bchbadbdebadbdebadbdebadbdecab`bdagahdaiahdaeahdabbaddabahdakah
+Eafaaafbae|amcgefdgfgifbgegcgnfafmfef``
+Gd```hbeabjeBdeBbgBofBjfBafBnfBnbBfdBofBof@`bieBad@`bieBbd@`bhe at Aa@Ab`b`a@`b`aC``a`bgeBafBafBbfBbf@`bfeBffBffBffBffBffBffBffBff@`bgeBffB`cB`cBdf@`beeBafBafBcfBcfBefBef@`bce at Af@@AgAa at AhAc@AiAb`bad at Aa`bad at Ab`bad at Af`bad at Ag`bad at Ah`bad at Ai`bcdAcD```h`bcdAbD```h`bcd at D```h`bcdAaD```h`
A`b`bLaeb`baaaabadb`bFahac
-Bb`b`gbAd`aaaaiab`b`AbdTaaaaabaa
-Baaabeab`b`AbdbadacoaabAb`Ac`b`badabbaeac at dTcab`b at d
+Bb`b`gbBaa`aaaaiab`b`AbdTaaaaabaa
+Baaabeab`b`AbdbadacoaabAk`Al`b`badabbafac at dTcab`b at d
BTcab`b at dE
+A`aaLb`ab`bb`bb`bb`bb`baaaaaaaab`bb`bb`bb`bb`baaaaFbaaaa
+Bb`b`gbBca`b`baagbBda`b`babgbBba`b`baca`aa`b`bada`acabaaaeeab`badBjbdaaaffab`b`@daaagfab`baa at daaahfab`bab at db`bai`aafb`baj`aagb`bak`aahb`bala`ajaib`bama`alakaaaneab`bamAbdaaaok`anaeTcaaaaoE
diff --git a/unit_tests/input/retmagic.cbc b/unit_tests/input/retmagic.cbc
index 5160166..bb956d2 100644
--- a/unit_tests/input/retmagic.cbc
+++ b/unit_tests/input/retmagic.cbc
@@ -1,6 +1,6 @@
-ClamBCaa`|``````|`aeaap`clamcoincidencejb
+ClamBCaa`|``````|`agaap`clamcoincidencejb
-Ted
+Tedaa`ab`bad
E``
G``
A`b`bL`Faaaa
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list