[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Török Edvin
edwin at clamav.net
Sun Apr 4 01:15:24 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 0fa95ef2310587af52f012b9cfd070cbc0e5643d
Author: Török Edvin <edwin at clamav.net>
Date: Mon Jan 18 19:31:59 2010 +0200
filesize, and pe_rawaddr API.
diff --git a/libclamav/bytecode.c b/libclamav/bytecode.c
index 75ea60f..6bf1f75 100644
--- a/libclamav/bytecode.c
+++ b/libclamav/bytecode.c
@@ -1605,6 +1605,7 @@ int cli_bytecode_context_setfile(struct cli_bc_ctx *ctx, fmap_t *map)
{
ctx->fmap = map;
ctx->file_size = map->len + map->offset;
+ ctx->hooks.filesize = &ctx->file_size;
return 0;
}
diff --git a/libclamav/bytecode_api.c b/libclamav/bytecode_api.c
index 74da6a7..64a398c 100644
--- a/libclamav/bytecode_api.c
+++ b/libclamav/bytecode_api.c
@@ -38,6 +38,7 @@
#include "bytecode_api.h"
#include "bytecode_api_impl.h"
#include "others.h"
+#include "pe.h"
uint32_t cli_bcapi_test0(struct cli_bc_ctx *ctx, struct foo* s, uint32_t u)
{
@@ -239,3 +240,15 @@ uint32_t cli_bcapi_trace_ptr(struct cli_bc_ctx *ctx, const const uint8_t* ptr, u
ctx->trace_ptr(ctx, ptr);
return 0;
}
+
+uint32_t cli_bcapi_pe_rawaddr(struct cli_bc_ctx *ctx, uint32_t rva, uint32_t dummy)
+{
+ uint32_t ret;
+ int err = 0;
+ const struct cli_pe_hook_data *pe = ctx->hooks.pedata;
+ ret = cli_rawaddr(rva, pe->exe_info.section, pe->exe_info.nsections, &err,
+ ctx->file_size, pe->hdr_size);
+ if (err)
+ return PE_INVALID_RVA;
+ return ret;
+}
diff --git a/libclamav/bytecode_api.h b/libclamav/bytecode_api.h
index 6194e6b..a9edc04 100644
--- a/libclamav/bytecode_api.h
+++ b/libclamav/bytecode_api.h
@@ -56,6 +56,8 @@ enum BytecodeKind {
_BC_LAST_HOOK
};
+enum { PE_INVALID_RVA = 0xFFFFFFFF };
+
#ifdef __CLAMBC__
/** @brief Logical signature match counts
@@ -68,6 +70,8 @@ extern const uint32_t __clambc_match_counts[64];
extern const struct cli_exe_info __clambc_exeinfo;
/** PE data, if this is a PE hook */
extern const struct cli_pe_hook_data __clambc_pedata;
+/** File size (max 4G) */
+extern const uint32_t __clambc_filesize;
/** Kind of the bytecode */
const uint16_t __clambc_kind;
@@ -153,7 +157,7 @@ uint32_t debug_print_uint(uint32_t a, uint32_t b);
* This is a low-level API, the result is in ClamAV type-8 signature format
* (64 bytes/instruction).
* \sa DisassembleAt
- * */
+ */
uint32_t disasm_x86(struct DISASM_RESULT* result, uint32_t len);
/* tracing API */
@@ -166,5 +170,13 @@ uint32_t trace_op(const uint8_t* opname, uint32_t column);
uint32_t trace_value(const uint8_t* name, uint32_t v);
uint32_t trace_ptr(const uint8_t* ptr, uint32_t dummy);
+/** Converts a RVA (Relative Virtual Address) to
+ * an absolute PE file offset.
+ * @param rva a rva address from the PE file
+ * @return absolute file offset mapped to the \p rva,
+ * or PE_INVALID_RVA if the \p rva is invalid.
+ */
+uint32_t pe_rawaddr(uint32_t rva, uint32_t dummy);
+
#endif
#endif
diff --git a/libclamav/bytecode_api_decl.c b/libclamav/bytecode_api_decl.c
index ff70b5d..2ab0660 100644
--- a/libclamav/bytecode_api_decl.c
+++ b/libclamav/bytecode_api_decl.c
@@ -48,6 +48,7 @@ uint32_t cli_bcapi_trace_source(struct cli_bc_ctx *ctx, const const uint8_t*, ui
uint32_t cli_bcapi_trace_op(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);
uint32_t cli_bcapi_trace_value(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);
uint32_t cli_bcapi_trace_ptr(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);
+uint32_t cli_bcapi_pe_rawaddr(struct cli_bc_ctx *ctx, uint32_t, uint32_t);
const struct cli_apiglobal cli_globals[] = {
/* Bytecode globals BEGIN */
@@ -55,6 +56,8 @@ const struct cli_apiglobal cli_globals[] = {
((char*)&((struct cli_bc_ctx*)0)->hooks.kind - (char*)NULL)},
{"__clambc_match_counts", GLOBAL_MATCH_COUNTS, 82,
((char*)&((struct cli_bc_ctx*)0)->hooks.match_counts - (char*)NULL)},
+ {"__clambc_filesize", GLOBAL_FILESIZE, 32,
+ ((char*)&((struct cli_bc_ctx*)0)->hooks.filesize - (char*)NULL)},
{"__clambc_exeinfo", GLOBAL_EXEINFO, 79,
((char*)&((struct cli_bc_ctx*)0)->hooks.exeinfo - (char*)NULL)},
{"__clambc_pedata", GLOBAL_PEDATA, 69,
@@ -76,14 +79,14 @@ static uint16_t cli_tmp10[]={80, 32, 32, 16};
static uint16_t cli_tmp11[]={81};
static uint16_t cli_tmp12[]={32, 32, 32, 32, 32, 32, 32, 32, 32};
static uint16_t cli_tmp13[]={32};
-static uint16_t cli_tmp14[]={32, 65, 32};
-static uint16_t cli_tmp15[]={32, 85, 32};
-static uint16_t cli_tmp16[]={86};
-static uint16_t cli_tmp17[]={16, 8, 8, 8, 88, 87};
-static uint16_t cli_tmp18[]={8};
-static uint16_t cli_tmp19[]={89};
-static uint16_t cli_tmp20[]={8};
-static uint16_t cli_tmp21[]={32, 32, 32};
+static uint16_t cli_tmp14[]={32, 32, 32};
+static uint16_t cli_tmp15[]={32, 65, 32};
+static uint16_t cli_tmp16[]={32, 86, 32};
+static uint16_t cli_tmp17[]={87};
+static uint16_t cli_tmp18[]={16, 8, 8, 8, 89, 88};
+static uint16_t cli_tmp19[]={8};
+static uint16_t cli_tmp20[]={90};
+static uint16_t cli_tmp21[]={8};
static uint16_t cli_tmp22[]={32, 92, 32};
static uint16_t cli_tmp23[]={93};
static uint16_t cli_tmp24[]={92};
@@ -105,12 +108,12 @@ const struct cli_bc_type cli_apicall_types[]={
{DArrayType, cli_tmp13, 64, 0, 0},
{DFunctionType, cli_tmp14, 3, 0, 0},
{DFunctionType, cli_tmp15, 3, 0, 0},
- {DPointerType, cli_tmp16, 1, 0, 0},
- {DStructType, cli_tmp17, 6, 0, 0},
- {DArrayType, cli_tmp18, 29, 0, 0},
- {DArrayType, cli_tmp19, 10, 0, 0},
- {DArrayType, cli_tmp20, 3, 0, 0},
- {DFunctionType, cli_tmp21, 3, 0, 0},
+ {DFunctionType, cli_tmp16, 3, 0, 0},
+ {DPointerType, cli_tmp17, 1, 0, 0},
+ {DStructType, cli_tmp18, 6, 0, 0},
+ {DArrayType, cli_tmp19, 29, 0, 0},
+ {DArrayType, cli_tmp20, 10, 0, 0},
+ {DArrayType, cli_tmp21, 3, 0, 0},
{DFunctionType, cli_tmp22, 3, 0, 0},
{DPointerType, cli_tmp23, 1, 0, 0},
{DStructType, cli_tmp24, 1, 0, 0}
@@ -120,26 +123,28 @@ const unsigned cli_apicall_maxtypes=sizeof(cli_apicall_types)/sizeof(cli_apicall
const struct cli_apicall cli_apicalls[]={
/* Bytecode APIcalls BEGIN */
{"test0", 22, 0, 1},
- {"test1", 21, 0, 0},
- {"read", 14, 1, 1},
- {"write", 14, 2, 1},
- {"seek", 21, 1, 0},
- {"setvirusname", 14, 3, 1},
- {"debug_print_str", 14, 4, 1},
- {"debug_print_uint", 21, 2, 0},
- {"disasm_x86", 15, 5, 1},
- {"trace_directory", 14, 6, 1},
- {"trace_scope", 14, 7, 1},
- {"trace_source", 14, 8, 1},
- {"trace_op", 14, 9, 1},
- {"trace_value", 14, 10, 1},
- {"trace_ptr", 14, 11, 1}
+ {"test1", 14, 0, 0},
+ {"read", 15, 1, 1},
+ {"write", 15, 2, 1},
+ {"seek", 14, 1, 0},
+ {"setvirusname", 15, 3, 1},
+ {"debug_print_str", 15, 4, 1},
+ {"debug_print_uint", 14, 2, 0},
+ {"disasm_x86", 16, 5, 1},
+ {"trace_directory", 15, 6, 1},
+ {"trace_scope", 15, 7, 1},
+ {"trace_source", 15, 8, 1},
+ {"trace_op", 15, 9, 1},
+ {"trace_value", 15, 10, 1},
+ {"trace_ptr", 15, 11, 1},
+ {"pe_rawaddr", 14, 3, 0}
/* Bytecode APIcalls END */
};
const cli_apicall_int2 cli_apicalls0[] = {
(cli_apicall_int2)cli_bcapi_test1,
(cli_apicall_int2)cli_bcapi_seek,
- (cli_apicall_int2)cli_bcapi_debug_print_uint
+ (cli_apicall_int2)cli_bcapi_debug_print_uint,
+ (cli_apicall_int2)cli_bcapi_pe_rawaddr
};
const cli_apicall_pointer cli_apicalls1[] = {
(cli_apicall_pointer)cli_bcapi_test0,
diff --git a/libclamav/bytecode_api_impl.h b/libclamav/bytecode_api_impl.h
index cea5fda..109d919 100644
--- a/libclamav/bytecode_api_impl.h
+++ b/libclamav/bytecode_api_impl.h
@@ -45,5 +45,6 @@ uint32_t cli_bcapi_trace_source(struct cli_bc_ctx *ctx, const const uint8_t*, ui
uint32_t cli_bcapi_trace_op(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);
uint32_t cli_bcapi_trace_value(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);
uint32_t cli_bcapi_trace_ptr(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);
+uint32_t cli_bcapi_pe_rawaddr(struct cli_bc_ctx *ctx, uint32_t, uint32_t);
#endif
diff --git a/libclamav/bytecode_hooks.h b/libclamav/bytecode_hooks.h
index 16e1471..953c854 100644
--- a/libclamav/bytecode_hooks.h
+++ b/libclamav/bytecode_hooks.h
@@ -32,6 +32,7 @@
struct cli_bc_hooks {
const uint16_t* kind;
const uint32_t* match_counts;
+ const uint32_t* filesize;
const struct cli_exe_info* exeinfo;
const struct cli_pe_hook_data* pedata;
};
diff --git a/libclamav/bytecode_priv.h b/libclamav/bytecode_priv.h
index a3570a5..75a9dcf 100644
--- a/libclamav/bytecode_priv.h
+++ b/libclamav/bytecode_priv.h
@@ -124,7 +124,7 @@ struct cli_bc_ctx {
operand_t *operands;
uint16_t funcid;
unsigned numParams;
- size_t file_size;
+ uint32_t file_size;
off_t off;
fmap_t *fmap;
const char *virname;
diff --git a/libclamav/clambc.h b/libclamav/clambc.h
index 1632c98..cfafc25 100644
--- a/libclamav/clambc.h
+++ b/libclamav/clambc.h
@@ -119,6 +119,7 @@ enum bc_global {
GLOBAL_VIRUSNAMES,
GLOBAL_EXEINFO,
GLOBAL_PEDATA,
+ GLOBAL_FILESIZE,
_LAST_GLOBAL
};
diff --git a/libclamav/pe.c b/libclamav/pe.c
index bcfe811..256a11f 100644
--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@@ -2236,6 +2236,7 @@ int cli_scanpe(cli_ctx *ctx, icon_groupset *iconset)
pedata.e_lfanew = e_lfanew;
pedata.overlays = overlays;
pedata.overlays_sz = fsize - overlays;
+ pedata.hdr_size = hdr_size;
cli_bytecode_context_setpe(bc_ctx, &pedata);
cli_bytecode_context_setctx(bc_ctx, ctx);
ret = cli_bytecode_runhook(ctx->engine, bc_ctx, BC_PE_UNPACKER, map, ctx->virname);
diff --git a/libclamav/pe.h b/libclamav/pe.h
index 6726615..261cfad 100644
--- a/libclamav/pe.h
+++ b/libclamav/pe.h
@@ -145,6 +145,7 @@ struct cli_pe_hook_data {
uint32_t e_lfanew;/**< address of new exe header */
uint32_t overlays;/**< number of overlays */
int32_t overlays_sz;/**< size of overlays */
+ uint32_t hdr_size;/**< internally needed by rawaddr */
/* FIXME: these should not be necessary (they are for now) */
uint8_t dummyn;
uint8_t *dummy EBOUNDS(dummyn);
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list