[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Török Edvin
edwin at clamav.net
Sun Apr 4 01:15:53 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit e5d112d86bcf47156903b52536d6fbb717e162cb
Author: Török Edvin <edwin at clamav.net>
Date: Wed Jan 20 17:16:27 2010 +0200
disasm_x86 api.
diff --git a/libclamav/bytecode_api.c b/libclamav/bytecode_api.c
index 066cad9..429cd98 100644
--- a/libclamav/bytecode_api.c
+++ b/libclamav/bytecode_api.c
@@ -40,6 +40,7 @@
#include "bytecode_api_impl.h"
#include "others.h"
#include "pe.h"
+#include "disasm.h"
uint32_t cli_bcapi_test0(struct cli_bc_ctx *ctx, struct foo* s, uint32_t u)
{
@@ -103,8 +104,18 @@ uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx* ctx, const uint8_t *name, uin
uint32_t cli_bcapi_disasm_x86(struct cli_bc_ctx *ctx, struct DISASM_RESULT *res, uint32_t len)
{
- //TODO: call disasm_x86_wrap, which outputs a MARIO struct
- return -1;
+ int n;
+ const char *buf;
+ const char* next;
+ if (!res || !ctx->fmap || ctx->off >= ctx->fmap->len)
+ return -1;
+ /* FIXME: 4096 is an overestimate, how long is the longest instruction? */
+ n = MIN(4096, ctx->fmap->len - ctx->off);
+ buf = fmap_need_off_once(ctx->fmap, ctx->off, n);
+ next = cli_disasm_one(buf, n, res, 0);
+ if (!next)
+ return -1;
+ return ctx->off + next - buf;
}
/* TODO: field in ctx, id of last bytecode that called magicscandesc, reset
diff --git a/libclamav/disasm.c b/libclamav/disasm.c
index 0c58464..57ed698 100644
--- a/libclamav/disasm.c
+++ b/libclamav/disasm.c
@@ -1254,7 +1254,7 @@ static void spam_x86(struct DISASMED *s, char *hr) {
#define GETSIZE(X) (x86ops[table][s->table_op].X!=SIZE_WD?x86ops[table][s->table_op].X:((s->opsize)?SIZE_WORD:SIZE_DWORD))
-static uint8_t *disasm_x86(uint8_t *command, unsigned int len, struct DISASMED *s) {
+static const uint8_t *disasm_x86(const uint8_t *command, unsigned int len, struct DISASMED *s) {
unsigned int reversed=0, i;
uint8_t b;
unsigned int table = 0;
@@ -1679,52 +1679,63 @@ static uint8_t *disasm_x86(uint8_t *command, unsigned int len, struct DISASMED *
}
}
-int disasmbuf(uint8_t *buff, unsigned int len, int fd) {
- uint8_t *next = buff;
- unsigned int counter=0;
- int gotsome=0;
+const uint8_t* cli_disasm_one(const uint8_t* buff, unsigned int len,
+ struct DISASM_RESULT *w, int spam)
+{
struct DISASMED s;
- struct DISASM_RESULT w;
- memset(&w.extra[0], 0, sizeof(w.extra));
+ int i;
- while(len && counter++<200) {
- int i;
- if(!(next = disasm_x86(next, len, &s))) {
- /* TODO: invd opcode or buff over */
- return gotsome;
- }
- if(cli_debug_flag) {
+ memset(&w->extra[0], 0, sizeof(w->extra));
+ buff = disasm_x86(buff, len, &s);
+ if (!buff)
+ return NULL;
+ if (spam) {
char hr[128];
spam_x86(&s, hr);
cli_dbgmsg("%s\n", hr);
- }
-
- len -= next-buff;
- buff=next;
-
- w.real_op = le16_to_host(s.real_op);
- w.opsize = s.opsize;
- w.adsize = s.adsize;
- w.segment = s.segment;
+ }
+ w->real_op = le16_to_host(s.real_op);
+ w->opsize = s.opsize;
+ w->adsize = s.adsize;
+ w->segment = s.segment;
- for (i=0; i<3; i++) {
- w.arg[i][0] = s.args[i].access;
- w.arg[i][1] = s.args[i].size;
+ for (i=0; i<3; i++) {
+ w->arg[i][0] = s.args[i].access;
+ w->arg[i][1] = s.args[i].size;
switch(s.args[i].access) {
case ACCESS_MEM:
- w.arg[i][2]=s.args[i].arg.marg.r1;
- w.arg[i][3]=s.args[i].arg.marg.r2;
- w.arg[i][4]=s.args[i].arg.marg.scale;
- w.arg[i][5]=0;
- cli_writeint32(&w.arg[i][6], s.args[i].arg.marg.disp);
+ w->arg[i][2]=s.args[i].arg.marg.r1;
+ w->arg[i][3]=s.args[i].arg.marg.r2;
+ w->arg[i][4]=s.args[i].arg.marg.scale;
+ w->arg[i][5]=0;
+ cli_writeint32(&w->arg[i][6], s.args[i].arg.marg.disp);
break;
case ACCESS_REG:
- w.arg[i][1] = s.args[i].reg;
+ w->arg[i][1] = s.args[i].reg;
default:
- cli_writeint32(&w.arg[i][2], s.args[i].arg.q);
- cli_writeint32(&w.arg[i][6], s.args[i].arg.q>>32);
+ cli_writeint32(&w->arg[i][2], s.args[i].arg.q);
+ cli_writeint32(&w->arg[i][6], s.args[i].arg.q>>32);
}
+ }
+ return buff;
+}
+
+int disasmbuf(const uint8_t *buff, unsigned int len, int fd) {
+ const uint8_t *next = buff;
+ unsigned int counter=0;
+ int gotsome=0;
+ struct DISASM_RESULT w;
+ memset(&w.extra[0], 0, sizeof(w.extra));
+
+ while(len && counter++<200) {
+ if(!(next = cli_disasm_one(next, len, &w, cli_debug_flag))) {
+ /* TODO: invd opcode or buff over */
+ return gotsome;
}
+
+ len -= next-buff;
+ buff=next;
+
cli_writen(fd, &w, sizeof(w));
gotsome = 1;
}
diff --git a/libclamav/disasm.h b/libclamav/disasm.h
index 5a4bc15..8e2e4fe 100644
--- a/libclamav/disasm.h
+++ b/libclamav/disasm.h
@@ -27,6 +27,7 @@
#include "others.h"
-int disasmbuf(uint8_t *, unsigned int, int);
+const uint8_t* cli_disasm_one(const uint8_t*, unsigned, struct DISASM_RESULT*, int);
+int disasmbuf(const uint8_t *, unsigned int, int);
#endif
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list