[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b

Sun Apr 4 01:10:25 UTC 2010

The following commit has been merged in the debian/unstable branch:
commit 235464bb82d4ce3515c93be27fe623e5eda22d68
Author: aCaB <acab at clamav.net>
Date:   Wed Nov 11 03:58:22 2009 +0100

    resource parser and icon collector

diff --git a/libclamav/Makefile.am b/libclamav/Makefile.am
index 7284410..8eb979c 100644
--- a/libclamav/Makefile.am
+++ b/libclamav/Makefile.am
@@ -169,6 +169,8 @@ libclamav_la_SOURCES = \
 	msexpand.h \
 	pe.c \
 	pe.h \
+	pe_icons.c \
+	pe_icons.h \
 	disasm.c \
 	disasm.h \
 	disasmpriv.h \
diff --git a/libclamav/Makefile.in b/libclamav/Makefile.in
index ce952aa..8d28fbb 100644
--- a/libclamav/Makefile.in
+++ b/libclamav/Makefile.in
@@ -116,29 +116,29 @@ am__libclamav_la_SOURCES_DIST = clamav.h matcher-ac.c matcher-ac.h \
 	filetypes.h filetypes_int.h rtf.c rtf.h blob.c blob.h mbox.c \
 	mbox.h message.c message.h table.c table.h text.c text.h \
 	ole2_extract.c ole2_extract.h vba_extract.c vba_extract.h \
-	cltypes.h msexpand.c msexpand.h pe.c pe.h disasm.c disasm.h \
-	disasmpriv.h upx.c upx.h htmlnorm.c htmlnorm.h chmunpack.c \
-	chmunpack.h rebuildpe.c rebuildpe.h petite.c petite.h \
-	wwunpack.c wwunpack.h unsp.c unsp.h aspack.c aspack.h \
-	packlibs.c packlibs.h fsg.c fsg.h mew.c mew.h upack.c upack.h \
-	line.c line.h untar.c untar.h unzip.c unzip.h inflate64.c \
-	inflate64.h inffixed64.h inflate64_priv.h special.c special.h \
-	binhex.c binhex.h is_tar.c is_tar.h tnef.c tnef.h autoit.c \
-	autoit.h unarj.c unarj.h nsis/bzlib.c nsis/bzlib_private.h \
-	nsis/nsis_bzlib.h nsis/nulsft.c nsis/nulsft.h nsis/infblock.c \
-	nsis/nsis_zconf.h nsis/nsis_zlib.h nsis/nsis_zutil.h pdf.c \
-	pdf.h spin.c spin.h yc.c yc.h elf.c elf.h execs.h sis.c sis.h \
-	uuencode.c uuencode.h phishcheck.c phishcheck.h \
-	phish_domaincheck_db.c phish_domaincheck_db.h \
-	phish_whitelist.c phish_whitelist.h iana_cctld.h iana_tld.h \
-	regex_list.c regex_list.h regex_suffix.c regex_suffix.h \
-	mspack.c mspack.h cab.c cab.h entconv.c entconv.h entitylist.h \
-	encoding_aliases.h hashtab.c hashtab.h dconf.c dconf.h \
-	7z/LzmaDec.c 7z/LzmaDec.h 7z/Types.h lzma_iface.c lzma_iface.h \
-	7z.c 7z.h 7z/7zFile.c 7z/7zFile.h 7z/7zStream.c 7z/CpuArch.h \
-	7z/7zCrc.c 7z/7zCrc.h 7z/7zBuf.c 7z/7zBuf.h 7z/Bcj2.c \
-	7z/Bcj2.h 7z/Bra.c 7z/Bra.h 7z/Bra86.c 7z/BraIA64.c \
-	7z/Archive/7z/7zIn.c 7z/Archive/7z/7zIn.h \
+	cltypes.h msexpand.c msexpand.h pe.c pe.h pe_icons.c \
+	pe_icons.h disasm.c disasm.h disasmpriv.h upx.c upx.h \
+	htmlnorm.c htmlnorm.h chmunpack.c chmunpack.h rebuildpe.c \
+	rebuildpe.h petite.c petite.h wwunpack.c wwunpack.h unsp.c \
+	unsp.h aspack.c aspack.h packlibs.c packlibs.h fsg.c fsg.h \
+	mew.c mew.h upack.c upack.h line.c line.h untar.c untar.h \
+	unzip.c unzip.h inflate64.c inflate64.h inffixed64.h \
+	inflate64_priv.h special.c special.h binhex.c binhex.h \
+	is_tar.c is_tar.h tnef.c tnef.h autoit.c autoit.h unarj.c \
+	unarj.h nsis/bzlib.c nsis/bzlib_private.h nsis/nsis_bzlib.h \
+	nsis/nulsft.c nsis/nulsft.h nsis/infblock.c nsis/nsis_zconf.h \
+	nsis/nsis_zlib.h nsis/nsis_zutil.h pdf.c pdf.h spin.c spin.h \
+	yc.c yc.h elf.c elf.h execs.h sis.c sis.h uuencode.c \
+	uuencode.h phishcheck.c phishcheck.h phish_domaincheck_db.c \
+	phish_domaincheck_db.h phish_whitelist.c phish_whitelist.h \
+	iana_cctld.h iana_tld.h regex_list.c regex_list.h \
+	regex_suffix.c regex_suffix.h mspack.c mspack.h cab.c cab.h \
+	entconv.c entconv.h entitylist.h encoding_aliases.h hashtab.c \
+	hashtab.h dconf.c dconf.h 7z/LzmaDec.c 7z/LzmaDec.h 7z/Types.h \
+	lzma_iface.c lzma_iface.h 7z.c 7z.h 7z/7zFile.c 7z/7zFile.h \
+	7z/7zStream.c 7z/CpuArch.h 7z/7zCrc.c 7z/7zCrc.h 7z/7zBuf.c \
+	7z/7zBuf.h 7z/Bcj2.c 7z/Bcj2.h 7z/Bra.c 7z/Bra.h 7z/Bra86.c \
+	7z/BraIA64.c 7z/Archive/7z/7zIn.c 7z/Archive/7z/7zIn.h \
 	7z/Archive/7z/7zDecode.c 7z/Archive/7z/7zDecode.h \
 	7z/Archive/7z/7zItem.c 7z/Archive/7z/7zItem.h \
 	7z/Archive/7z/7zHeader.c 7z/Archive/7z/7zHeader.h \
@@ -161,7 +161,8 @@ am_libclamav_la_OBJECTS = libclamav_la-matcher-ac.lo \
 	libclamav_la-message.lo libclamav_la-table.lo \
 	libclamav_la-text.lo libclamav_la-ole2_extract.lo \
 	libclamav_la-vba_extract.lo libclamav_la-msexpand.lo \
-	libclamav_la-pe.lo libclamav_la-disasm.lo libclamav_la-upx.lo \
+	libclamav_la-pe.lo libclamav_la-pe_icons.lo \
+	libclamav_la-disasm.lo libclamav_la-upx.lo \
 	libclamav_la-htmlnorm.lo libclamav_la-chmunpack.lo \
 	libclamav_la-rebuildpe.lo libclamav_la-petite.lo \
 	libclamav_la-wwunpack.lo libclamav_la-unsp.lo \
@@ -559,28 +560,29 @@ libclamav_la_SOURCES = clamav.h matcher-ac.c matcher-ac.h matcher-bm.c \
 	rtf.c rtf.h blob.c blob.h mbox.c mbox.h message.c message.h \
 	table.c table.h text.c text.h ole2_extract.c ole2_extract.h \
 	vba_extract.c vba_extract.h cltypes.h msexpand.c msexpand.h \
-	pe.c pe.h disasm.c disasm.h disasmpriv.h upx.c upx.h \
-	htmlnorm.c htmlnorm.h chmunpack.c chmunpack.h rebuildpe.c \
-	rebuildpe.h petite.c petite.h wwunpack.c wwunpack.h unsp.c \
-	unsp.h aspack.c aspack.h packlibs.c packlibs.h fsg.c fsg.h \
-	mew.c mew.h upack.c upack.h line.c line.h untar.c untar.h \
-	unzip.c unzip.h inflate64.c inflate64.h inffixed64.h \
-	inflate64_priv.h special.c special.h binhex.c binhex.h \
-	is_tar.c is_tar.h tnef.c tnef.h autoit.c autoit.h unarj.c \
-	unarj.h nsis/bzlib.c nsis/bzlib_private.h nsis/nsis_bzlib.h \
-	nsis/nulsft.c nsis/nulsft.h nsis/infblock.c nsis/nsis_zconf.h \
-	nsis/nsis_zlib.h nsis/nsis_zutil.h pdf.c pdf.h spin.c spin.h \
-	yc.c yc.h elf.c elf.h execs.h sis.c sis.h uuencode.c \
-	uuencode.h phishcheck.c phishcheck.h phish_domaincheck_db.c \
-	phish_domaincheck_db.h phish_whitelist.c phish_whitelist.h \
-	iana_cctld.h iana_tld.h regex_list.c regex_list.h \
-	regex_suffix.c regex_suffix.h mspack.c mspack.h cab.c cab.h \
-	entconv.c entconv.h entitylist.h encoding_aliases.h hashtab.c \
-	hashtab.h dconf.c dconf.h 7z/LzmaDec.c 7z/LzmaDec.h 7z/Types.h \
-	lzma_iface.c lzma_iface.h 7z.c 7z.h 7z/7zFile.c 7z/7zFile.h \
-	7z/7zStream.c 7z/CpuArch.h 7z/7zCrc.c 7z/7zCrc.h 7z/7zBuf.c \
-	7z/7zBuf.h 7z/Bcj2.c 7z/Bcj2.h 7z/Bra.c 7z/Bra.h 7z/Bra86.c \
-	7z/BraIA64.c 7z/Archive/7z/7zIn.c 7z/Archive/7z/7zIn.h \
+	pe.c pe.h pe_icons.c pe_icons.h disasm.c disasm.h disasmpriv.h \
+	upx.c upx.h htmlnorm.c htmlnorm.h chmunpack.c chmunpack.h \
+	rebuildpe.c rebuildpe.h petite.c petite.h wwunpack.c \
+	wwunpack.h unsp.c unsp.h aspack.c aspack.h packlibs.c \
+	packlibs.h fsg.c fsg.h mew.c mew.h upack.c upack.h line.c \
+	line.h untar.c untar.h unzip.c unzip.h inflate64.c inflate64.h \
+	inffixed64.h inflate64_priv.h special.c special.h binhex.c \
+	binhex.h is_tar.c is_tar.h tnef.c tnef.h autoit.c autoit.h \
+	unarj.c unarj.h nsis/bzlib.c nsis/bzlib_private.h \
+	nsis/nsis_bzlib.h nsis/nulsft.c nsis/nulsft.h nsis/infblock.c \
+	nsis/nsis_zconf.h nsis/nsis_zlib.h nsis/nsis_zutil.h pdf.c \
+	pdf.h spin.c spin.h yc.c yc.h elf.c elf.h execs.h sis.c sis.h \
+	uuencode.c uuencode.h phishcheck.c phishcheck.h \
+	phish_domaincheck_db.c phish_domaincheck_db.h \
+	phish_whitelist.c phish_whitelist.h iana_cctld.h iana_tld.h \
+	regex_list.c regex_list.h regex_suffix.c regex_suffix.h \
+	mspack.c mspack.h cab.c cab.h entconv.c entconv.h entitylist.h \
+	encoding_aliases.h hashtab.c hashtab.h dconf.c dconf.h \
+	7z/LzmaDec.c 7z/LzmaDec.h 7z/Types.h lzma_iface.c lzma_iface.h \
+	7z.c 7z.h 7z/7zFile.c 7z/7zFile.h 7z/7zStream.c 7z/CpuArch.h \
+	7z/7zCrc.c 7z/7zCrc.h 7z/7zBuf.c 7z/7zBuf.h 7z/Bcj2.c \
+	7z/Bcj2.h 7z/Bra.c 7z/Bra.h 7z/Bra86.c 7z/BraIA64.c \
+	7z/Archive/7z/7zIn.c 7z/Archive/7z/7zIn.h \
 	7z/Archive/7z/7zDecode.c 7z/Archive/7z/7zDecode.h \
 	7z/Archive/7z/7zItem.c 7z/Archive/7z/7zItem.h \
 	7z/Archive/7z/7zHeader.c 7z/Archive/7z/7zHeader.h \
@@ -772,6 +774,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-packlibs.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-pdf.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-pe.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-pe_icons.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-petite.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-phish_domaincheck_db.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libclamav_la-phish_whitelist.Plo at am__quote@
@@ -997,6 +1000,14 @@ libclamav_la-pe.lo: pe.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-pe.lo `test -f 'pe.c' || echo '$(srcdir)/'`pe.c
 
+libclamav_la-pe_icons.lo: pe_icons.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-pe_icons.lo -MD -MP -MF $(DEPDIR)/libclamav_la-pe_icons.Tpo -c -o libclamav_la-pe_icons.lo `test -f 'pe_icons.c' || echo '$(srcdir)/'`pe_icons.c
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-pe_icons.Tpo $(DEPDIR)/libclamav_la-pe_icons.Plo
+ at am__fastdepCC_FALSE@	$(AM_V_CC) @AM_BACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	source='pe_icons.c' object='libclamav_la-pe_icons.lo' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@	$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-pe_icons.lo `test -f 'pe_icons.c' || echo '$(srcdir)/'`pe_icons.c
+
 libclamav_la-disasm.lo: disasm.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-disasm.lo -MD -MP -MF $(DEPDIR)/libclamav_la-disasm.Tpo -c -o libclamav_la-disasm.lo `test -f 'disasm.c' || echo '$(srcdir)/'`disasm.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-disasm.Tpo $(DEPDIR)/libclamav_la-disasm.Plo
diff --git a/libclamav/pe.c b/libclamav/pe.c
index 57eb9f3..da54c60 100644
--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@@ -58,6 +58,7 @@
 #include "disasm.h"
 #include "special.h"
 #include "ishield.h"
+#include "pe_icons.h"
 
 #define DCONF ctx->dconf->pe
 
@@ -192,7 +193,7 @@ static void cli_multifree(void *f, ...) {
     va_end(ap);
 }
 
-static uint32_t cli_rawaddr(uint32_t rva, struct cli_exe_section *shp, uint16_t nos, unsigned int *err,	size_t fsize, uint32_t hdr_size)
+uint32_t cli_rawaddr(uint32_t rva, struct cli_exe_section *shp, uint16_t nos, unsigned int *err, size_t fsize, uint32_t hdr_size)
 {
     int i, found = 0;
     uint32_t ret;
@@ -277,6 +278,89 @@ static int cli_ddump(int desc, int offset, int size, const char *file) {
 }
 */
 
+
+/* 
+   void findres(uint32_t by_type, uint32_t by_name, uint32_t res_rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size, int (*cb)(void *, uint32_t, uint32_t, uint32_t, uint32_t), void *opaque)
+   callback based res lookup
+
+   by_type: lookup type
+   by_name: lookup name or (unsigned)-1 to look for any name
+   res_rva: base resource rva (i.e. dirs[2].VirtualAddress)
+   ctx, exe_sections, nsections, hdr_size: same as in scanpe
+   cb: the callback function executed on each successful match
+   opaque: an opaque pointer passed to the callback
+
+   the callback proto is
+   int pe_res_cballback (void *opaque, uint32_t type, uint32_t name, uint32_t lang, uint32_t rva);
+   the callback shall return 0 to continue the lookup or 1 to abort
+*/
+void findres(uint32_t by_type, uint32_t by_name, uint32_t res_rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size, int (*cb)(void *, uint32_t, uint32_t, uint32_t, uint32_t), void *opaque) {
+    unsigned int err = 0;
+    uint32_t type, type_offs, name, name_offs, lang, lang_offs;
+    uint8_t *resdir, *type_entry, *name_entry, *lang_entry ;
+    uint16_t type_cnt, name_cnt, lang_cnt;
+    fmap_t *map = *ctx->fmap;
+
+    if (!(resdir = fmap_need_off_once(map, cli_rawaddr(res_rva, exe_sections, nsections, &err, map->len, hdr_size), 16)) || err)
+	return;
+
+    type_cnt = (uint16_t)cli_readint16(resdir+12);
+    type_entry = resdir+16;
+    if(!(by_type>>31)) {
+	type_entry += type_cnt * 8;
+	type_cnt = (uint16_t)cli_readint16(resdir+14);
+    }
+
+    while(type_cnt--) {
+	if(!fmap_need_ptr_once(map, type_entry, 8))
+	    return;
+	type = cli_readint32(type_entry);
+	type_offs = cli_readint32(type_entry+4);
+	if(type == by_type && (type_offs>>31)) {
+	    type_offs &= 0x7fffffff;
+	    if (!(resdir = fmap_need_off_once(map, cli_rawaddr(res_rva + type_offs, exe_sections, nsections, &err, map->len, hdr_size), 16)) || err)
+		return;
+
+	    name_cnt = (uint16_t)cli_readint16(resdir+12);
+	    name_entry = resdir+16;
+	    if(by_name == 0xffffffff)
+		name_cnt += (uint16_t)cli_readint16(resdir+14);
+	    else if(!(by_name>>31)) {
+		name_entry += name_cnt * 8;
+		name_cnt = (uint16_t)cli_readint16(resdir+14);
+	    }
+	    while(name_cnt--) {
+		if(!fmap_need_ptr_once(map, name_entry, 8))
+		    return;
+		name = cli_readint32(name_entry);
+		name_offs = cli_readint32(name_entry+4);
+		if((by_name == 0xffffffff || name == by_name) && (name_offs>>31)) {
+		    name_offs &= 0x7fffffff;
+		    if (!(resdir = fmap_need_off_once(map, cli_rawaddr(res_rva + name_offs, exe_sections, nsections, &err, map->len, hdr_size), 16)) || err)
+			return;
+		    
+		    lang_cnt = (uint16_t)cli_readint16(resdir+12) + (uint16_t)cli_readint16(resdir+14);
+		    lang_entry = resdir+16;
+		    while(lang_cnt--) {
+			if(!fmap_need_ptr_once(map, lang_entry, 8))
+			    return;
+			lang = cli_readint32(lang_entry);
+			lang_offs = cli_readint32(lang_entry+4);
+			if(!(lang_offs >>31)) {
+			    if(cb(opaque, type, name, lang, res_rva + lang_offs))
+				return;
+			}
+			lang_entry += 8;
+		    }
+		}
+		name_entry += 8;
+	    }
+	    return; /* FIXME: unless we want to find ALL types */
+	}
+	type_entry += 8;
+    }
+}
+
 static unsigned int cli_md5sect(fmap_t *map, struct cli_exe_section *s, unsigned char *digest) {
     void *hashme;
     cli_md5_ctx md5;
@@ -958,6 +1042,10 @@ int cli_scanpe(cli_ctx *ctx)
 
     cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", ep, ep);
 
+    if(!dll && dirs[2].Size) { /* RES */
+	scanicon(EC32(dirs[2].VirtualAddress), ctx, exe_sections, nsections, hdr_size);
+    }
+
     if(pe_plus) { /* Do not continue for PE32+ files */
 	free(exe_sections);
 	return CL_CLEAN;
diff --git a/libclamav/pe.h b/libclamav/pe.h
index 88209ac..b451f6d 100644
--- a/libclamav/pe.h
+++ b/libclamav/pe.h
@@ -133,4 +133,7 @@ int cli_scanpe(cli_ctx *ctx);
 
 int cli_peheader(fmap_t *map, struct cli_exe_info *peinfo);
 
+uint32_t cli_rawaddr(uint32_t, struct cli_exe_section *, uint16_t, unsigned int *, size_t, uint32_t);
+void findres(uint32_t, uint32_t, uint32_t, cli_ctx *, struct cli_exe_section *, uint16_t, uint32_t, int (*)(void *, uint32_t, uint32_t, uint32_t, uint32_t), void *);
+
 #endif
diff --git a/libclamav/pe_icons.c b/libclamav/pe_icons.c
new file mode 100644
index 0000000..0d01f51
--- /dev/null
+++ b/libclamav/pe_icons.c
@@ -0,0 +1,115 @@
+/*
+ *  Copyright (C) 2009 Sourcefire, Inc.
+ *
+ *  Authors: aCaB <acab at clamav.net>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 as
+ *  published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ *  MA 02110-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+#include "clamav-config.h"
+#endif
+
+#include "pe_icons.h"
+#include "others.h"
+
+
+#define EC32(x) le32_to_host(x)
+
+struct GICONS {
+    unsigned int cnt;
+    uint32_t lastg;
+    uint32_t rvas[100];
+};
+
+static int groupicon(void *ptr, uint32_t type, uint32_t name, uint32_t lang, uint32_t rva) {
+    struct GICONS *gicons = ptr;
+    type = type; lang = lang;
+    cli_warnmsg("got group %u\n", name);
+    if(!gicons->cnt || gicons->lastg == name) {
+	gicons->rvas[gicons->cnt] = rva;
+	gicons->cnt++;
+	gicons->lastg = name;
+	if(gicons->cnt < 100)
+	    return 0;
+    }
+    return 1;
+}
+
+struct ICONS {
+    unsigned int cnt;
+    uint32_t rvas[100];
+};
+
+static int icon(void *ptr, uint32_t type, uint32_t name, uint32_t lang, uint32_t rva) {
+    struct ICONS *icons = ptr;
+    type = type; lang = lang;
+    cli_warnmsg("got icon %u\n", name);
+    if(icons->cnt > 100) 
+	return 1;
+    icons->rvas[icons->cnt] = rva;
+    icons->cnt++;
+    return 0;
+}
+
+
+int scanicon(uint32_t resdir_rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size) {
+    struct GICONS gicons;
+    struct ICONS icons;
+    unsigned int curicon, err;
+    fmap_t *map = *ctx->fmap;
+
+    gicons.cnt = 0;
+    icons.cnt = 0;
+    findres(14, 0xffffffff, resdir_rva, ctx, exe_sections, nsections, hdr_size, groupicon, &gicons);
+	
+    for(curicon=0; curicon<gicons.cnt; curicon++) {
+	uint8_t *grp = fmap_need_off_once(map, cli_rawaddr(gicons.rvas[curicon], exe_sections, nsections, &err, map->len, hdr_size), 16);
+	if(grp && !err) {
+	    uint32_t gsz = cli_readint32(grp + 4);
+	    if(gsz>6) {
+		uint32_t icnt;
+		struct {
+		    uint8_t w;
+		    uint8_t h;
+		    uint8_t palcnt;
+		    uint8_t rsvd;
+		    uint16_t planes;
+		    uint16_t depth;
+		    uint32_t sz;
+		    uint16_t id;
+		} *dir;
+		
+		grp = fmap_need_off_once(map, cli_rawaddr(cli_readint32(grp), exe_sections, nsections, &err, map->len, hdr_size), gsz);
+		if(grp && !err) {
+		    icnt = cli_readint32(grp+2) >> 16;
+		    grp+=6;
+		    gsz-=6;
+
+		    while(icnt && gsz >= 14) {
+			dir = grp;
+			cli_warnmsg("Icongrp @%x - %ux%ux%u - (id=%x, rsvd=%u, planes=%u, palcnt=%u, sz=%x)\n", gicons.rvas[curicon], dir->w, dir->h, dir->depth, dir->id, dir->planes, dir->palcnt, dir->rsvd, dir->sz);
+			findres(3, dir->id, resdir_rva, ctx, exe_sections, nsections, hdr_size, icon, &icons);
+			grp += 14;
+			gsz -= 14;
+		    }
+		}
+	    }
+	}
+    }
+
+    for(curicon=0; curicon<icons.cnt; curicon++)
+	cli_warnmsg("Icon %x is @%x\n", curicon, icons.rvas[curicon]);
+}
diff --git a/win32/compat/w32_errno.c b/libclamav/pe_icons.h
similarity index 80%
copy from win32/compat/w32_errno.c
copy to libclamav/pe_icons.h
index b51273c..93e8781 100644
--- a/win32/compat/w32_errno.c
+++ b/libclamav/pe_icons.h
@@ -18,11 +18,11 @@
  *  MA 02110-1301, USA.
  */
 
-#if HAVE_CONFIG_H
-#include "clamav-config.h"
-#endif
-
-#include "w32_errno.h"
+#ifndef __PE_ICONS_H
+#define __PE_ICONS_H
+#include "pe.h"
 
+int scanicon(uint32_t resdir_rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size);
 
 
+#endif

-- 
Debian repository for ClamAV

