[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Török Edvin
edwin at clamav.net
Sun Apr 4 01:16:18 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit a35cfe513779365d3b1eabff0616bc4f852052d5
Author: Török Edvin <edwin at clamav.net>
Date: Fri Jan 22 16:50:16 2010 +0200
print bytecode metadata.
diff --git a/clambc/bcrun.c b/clambc/bcrun.c
index 1f27eee..320a355 100644
--- a/clambc/bcrun.c
+++ b/clambc/bcrun.c
@@ -208,71 +208,76 @@ int main(int argc, char *argv[])
fclose(f);
printf("Bytecode loaded\n");
- ctx = cli_bytecode_context_alloc();
- if (!ctx) {
- fprintf(stderr,"Out of memory\n");
- exit(3);
- }
- memset(&dbg_state, 0, sizeof(dbg_state));
- dbg_state.file = "<libclamav>";
- dbg_state.line = 0;
- dbg_state.col = 0;
- dbg_state.showline = !optget(opts, "no-trace-showsource")->enabled;
- tracelevel = optget(opts, "trace")->numarg;
- cli_bytecode_context_set_trace(ctx, tracelevel,
- tracehook,
- tracehook_op,
- tracehook_val,
- tracehook_ptr);
+ if (optget(opts, "describe")->enabled) {
+ cli_bytecode_describe(bc);
+ } else {
- if (opts->filename[1]) {
- funcid = atoi(opts->filename[1]);
- }
- cli_bytecode_context_setfuncid(ctx, bc, funcid);
- printf("Running bytecode function :%u\n", funcid);
+ ctx = cli_bytecode_context_alloc();
+ if (!ctx) {
+ fprintf(stderr,"Out of memory\n");
+ exit(3);
+ }
+ memset(&dbg_state, 0, sizeof(dbg_state));
+ dbg_state.file = "<libclamav>";
+ dbg_state.line = 0;
+ dbg_state.col = 0;
+ dbg_state.showline = !optget(opts, "no-trace-showsource")->enabled;
+ tracelevel = optget(opts, "trace")->numarg;
+ cli_bytecode_context_set_trace(ctx, tracelevel,
+ tracehook,
+ tracehook_op,
+ tracehook_val,
+ tracehook_ptr);
- if (opts->filename[1]) {
- i=2;
- while (opts->filename[i]) {
- rc = cli_bytecode_context_setparam_int(ctx, i-2, atoi(opts->filename[i]));
- if (rc != CL_SUCCESS) {
- fprintf(stderr,"Unable to set param %u: %s\n", i-2, cl_strerror(rc));
- }
- i++;
+ if (opts->filename[1]) {
+ funcid = atoi(opts->filename[1]);
}
- }
+ cli_bytecode_context_setfuncid(ctx, bc, funcid);
+ printf("Running bytecode function :%u\n", funcid);
- if ((opt = optget(opts,"input"))->enabled) {
- fmap_t *map;
- fd = open(opt->strarg, O_RDONLY);
- if (fd == -1) {
- fprintf(stderr, "Unable to open input file %s: %s\n", opt->strarg, strerror(errno));
- optfree(opts);
- exit(5);
+ if (opts->filename[1]) {
+ i=2;
+ while (opts->filename[i]) {
+ rc = cli_bytecode_context_setparam_int(ctx, i-2, atoi(opts->filename[i]));
+ if (rc != CL_SUCCESS) {
+ fprintf(stderr,"Unable to set param %u: %s\n", i-2, cl_strerror(rc));
+ }
+ i++;
+ }
}
- map = fmap(fd, 0, 0);
- if (!map) {
- fprintf(stderr, "Unable to map input file %s\n", opt->strarg);
+
+ if ((opt = optget(opts,"input"))->enabled) {
+ fmap_t *map;
+ fd = open(opt->strarg, O_RDONLY);
+ if (fd == -1) {
+ fprintf(stderr, "Unable to open input file %s: %s\n", opt->strarg, strerror(errno));
+ optfree(opts);
+ exit(5);
+ }
+ map = fmap(fd, 0, 0);
+ if (!map) {
+ fprintf(stderr, "Unable to map input file %s\n", opt->strarg);
+ }
+ rc = cli_bytecode_context_setfile(ctx, map);
+ if (rc != CL_SUCCESS) {
+ fprintf(stderr, "Unable to set file %s: %s\n", opt->strarg, cl_strerror(rc));
+ optfree(opts);
+ exit(5);
+ }
+ funmap(map);
}
- rc = cli_bytecode_context_setfile(ctx, map);
+
+ rc = cli_bytecode_run(&bcs, bc, ctx);
if (rc != CL_SUCCESS) {
- fprintf(stderr, "Unable to set file %s: %s\n", opt->strarg, cl_strerror(rc));
- optfree(opts);
- exit(5);
+ fprintf(stderr,"Unable to run bytecode: %s\n", cl_strerror(rc));
+ } else {
+ uint64_t v;
+ printf("Bytecode run finished\n");
+ v = cli_bytecode_context_getresult_int(ctx);
+ printf("Bytecode returned: 0x%llx\n", (long long)v);
}
- funmap(map);
- }
-
- rc = cli_bytecode_run(&bcs, bc, ctx);
- if (rc != CL_SUCCESS) {
- fprintf(stderr,"Unable to run bytecode: %s\n", cl_strerror(rc));
- } else {
- uint64_t v;
- printf("Bytecode run finished\n");
- v = cli_bytecode_context_getresult_int(ctx);
- printf("Bytecode returned: 0x%llx\n", (long long)v);
+ cli_bytecode_context_destroy(ctx);
}
- cli_bytecode_context_destroy(ctx);
cli_bytecode_destroy(bc);
cli_bytecode_done(&bcs);
free(bc);
diff --git a/libclamav/bytecode.c b/libclamav/bytecode.c
index f747a44..f499726 100644
--- a/libclamav/bytecode.c
+++ b/libclamav/bytecode.c
@@ -438,14 +438,14 @@ static int parseHeader(struct cli_bc *bc, unsigned char *buffer, unsigned *linel
return CL_BREAK;
}
// Optimistic parsing, check for error only at the end.
- bc->verifier = readNumber(buffer, &offset, len, &ok);
- bc->sigmaker = readString(buffer, &offset, len, &ok);
- bc->id = readNumber(buffer, &offset, len, &ok);
+ bc->metadata.timestamp = readNumber(buffer, &offset, len, &ok);
+ bc->metadata.sigmaker = readString(buffer, &offset, len, &ok);
+ bc->metadata.targetExclude = readNumber(buffer, &offset, len, &ok);
bc->kind = readNumber(buffer, &offset, len, &ok);
bc->metadata.maxStack = readNumber(buffer, &offset, len, &ok);
bc->metadata.maxMem = readNumber(buffer, &offset, len, &ok);
bc->metadata.maxTime = readNumber(buffer, &offset, len, &ok);
- bc->metadata.targetExclude = readString(buffer, &offset, len, &ok);
+ bc->metadata.compiler = readString(buffer, &offset, len, &ok);
bc->num_types = readNumber(buffer, &offset, len, &ok);
bc->num_func = readNumber(buffer, &offset, len, &ok);
bc->state = bc_loaded;
@@ -1405,8 +1405,8 @@ uint64_t cli_bytecode_context_getresult_int(struct cli_bc_ctx *ctx)
void cli_bytecode_destroy(struct cli_bc *bc)
{
unsigned i, j, k;
- free(bc->sigmaker);
- free(bc->metadata.targetExclude);
+ free(bc->metadata.compiler);
+ free(bc->metadata.sigmaker);
for (i=0;i<bc->num_func;i++) {
struct cli_bc_func *f = &bc->funcs[i];
@@ -1742,3 +1742,88 @@ void cli_bytecode_context_setctx(struct cli_bc_ctx *ctx, void *cctx)
{
ctx->ctx = cctx;
}
+
+void cli_bytecode_describe(const struct cli_bc *bc)
+{
+ char buf[128];
+ int cols;
+ unsigned i;
+ time_t stamp;
+ int had;
+
+ if (!bc) {
+ printf("(null bytecode)\n");
+ return;
+ }
+
+ stamp = bc->metadata.timestamp;
+ printf("Bytecode format functionality level: %u\n", BC_FUNC_LEVEL);
+ printf("Bytecode metadata:\n\tcompiler version: %s\n",
+ bc->metadata.compiler ? bc->metadata.compiler : "N/A");
+ printf("\tcompiled on: %s\n",
+ cli_ctime(&stamp, buf, sizeof(buf)));
+ printf("\tcompiled by: %s\n", bc->metadata.sigmaker ? bc->metadata.sigmaker : "N/A");
+ //TODO: parse and display arch name, also take it into account when
+ //JITing!
+ printf("\ttarget exclude: %d\n", bc->metadata.targetExclude);
+ printf("\tbytecode type: ");
+ switch (bc->kind) {
+ case BC_GENERIC:
+ puts("generic, not loadable by clamscan/clamd");
+ break;
+ case BC_LOGICAL:
+ puts("logical only");
+ break;
+ case BC_PE_UNPACKER:
+ puts("PE hook");
+ break;
+ default:
+ printf("Unknown (type %u)", bc->kind);
+ break;
+ }
+ printf("\tbytecode logical signature: %s\n",
+ bc->lsig ? bc->lsig : "<none>");
+ printf("\tvirusname prefix: %s\n",
+ bc->vnameprefix);
+ printf("\tvirusnames: %u\n", bc->vnames_cnt);
+ printf("\tbytecode triggered on: ");
+ switch (bc->kind) {
+ case BC_GENERIC:
+ puts("N/A (loaded in clambc only)");
+ break;
+ case BC_LOGICAL:
+ puts("files matching logical signature");
+ break;
+ case BC_PE_UNPACKER:
+ if (bc->lsig)
+ puts("PE files matching logical signature");
+ else
+ puts("all PE files!");
+ break;
+ default:
+ puts("N/A (unknown type)\n");
+ break;
+ }
+ printf("\tnumber of functions: %u\n\tnumber of types: %u\n",
+ bc->num_func, bc->num_types);
+ printf("\tnumber of global constants: %u\n", bc->num_globals);
+ printf("\tnumber of debug nodes: %u\n", bc->dbgnode_cnt);
+ printf("\tbytecode APIs used:");
+ cols = 0; /* remaining */
+ had = 0;
+ for (i=0;i<cli_apicall_maxapi;i++) {
+ if (cli_bitset_test(bc->uses_apis, i)) {
+ unsigned len = strlen(cli_apicalls[i].name);
+ if (had)
+ printf(",");
+ if (len > cols) {
+ printf("\n\t");
+ cols = 72;
+ }
+ printf(" %s", cli_apicalls[i].name);
+ had = 1;
+ cols -= len;
+ }
+ }
+ printf("\n");
+}
diff --git a/libclamav/bytecode.h b/libclamav/bytecode.h
index 1917791..b268644 100644
--- a/libclamav/bytecode.h
+++ b/libclamav/bytecode.h
@@ -45,11 +45,9 @@ enum bc_state {
};
struct cli_bc {
- unsigned verifier;
- char *sigmaker;
+ struct bytecode_metadata metadata;
unsigned id;
unsigned kind;
- struct bytecode_metadata metadata;
unsigned num_types;
unsigned num_func;
struct cli_bc_func *funcs;
@@ -105,6 +103,7 @@ int cli_bytecode_prepare(struct cli_all_bc *allbc);
int cli_bytecode_run(const struct cli_all_bc *bcs, const struct cli_bc *bc, struct cli_bc_ctx *ctx);
void cli_bytecode_destroy(struct cli_bc *bc);
int cli_bytecode_done(struct cli_all_bc *allbc);
+void cli_bytecode_describe(const struct cli_bc *bc);
/* Hooks */
struct cli_exe_info;
diff --git a/libclamav/clambc.h b/libclamav/clambc.h
index 9336428..4dd7b63 100644
--- a/libclamav/clambc.h
+++ b/libclamav/clambc.h
@@ -23,9 +23,12 @@
#define CLAMBC_H
struct bytecode_metadata {
- unsigned long maxStack, maxMem;
- unsigned long maxTime;
- char *targetExclude;
+ char *compiler;
+ char *sigmaker;
+ uint64_t timestamp;
+ unsigned long maxStack, maxMem;
+ unsigned long maxTime;
+ unsigned targetExclude;
};
#define BC_FUNC_LEVEL 5
diff --git a/libclamav/libclamav.map b/libclamav/libclamav.map
index 378033c..39579c3 100644
--- a/libclamav/libclamav.map
+++ b/libclamav/libclamav.map
@@ -170,6 +170,7 @@ CLAMAV_PRIVATE {
cli_bytecode_context_set_trace;
cli_bytecode_debug_printsrc;
cli_bytecode_printversion;
+ cli_bytecode_describe;
local:
*;
};
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index f6f3026..887c28a 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -1333,6 +1333,7 @@ static int cli_loadcbc(FILE *fs, struct cl_engine *engine, unsigned int *signo,
}
bcs->count++;
bc = &bcs->all_bcs[bcs->count-1];
+ bc->id = bcs->count;
switch (engine->bytecode_security) {
case CL_BYTECODE_TRUST_ALL:
@@ -1362,7 +1363,7 @@ static int cli_loadcbc(FILE *fs, struct cl_engine *engine, unsigned int *signo,
cli_errmsg("Bytecode %s has logical kind, but missing logical signature!\n", dbname);
return CL_EMALFDB;
}
- cli_dbgmsg("Bytecode %s has logical signature: %s\n", dbname, bc->lsig);
+ cli_dbgmsg("Bytecode %s(%u) has logical signature: %s\n", dbname, bc->id, bc->lsig);
rc = load_oneldb(bc->lsig, 0, 0, engine, options, dbname, 0, &sigs, bc, NULL);
if (rc != CL_SUCCESS) {
cli_errmsg("Problem parsing logical signature %s for bytecode %s: %s\n",
diff --git a/shared/optparser.c b/shared/optparser.c
index 03039cf..d4d430a 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -121,6 +121,7 @@ const struct clam_option __clam_options[] = {
{ NULL, "generate-config", 'g', TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMCONF, "", "" },
{ NULL, "force-interpreter", 'f', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Force using the interpreter instead of the JIT", "" },
+ { NULL, "describe", 'd', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Load and describe bytecode without executing", ""},
{ NULL, "input", 'i', TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMBC, "Input file to run the bytecode n", ""},
{ NULL, "trace", 't', TYPE_NUMBER, MATCH_NUMBER, 7, NULL, 0, OPT_CLAMBC, "bytecode trace level",""},
{ NULL, "no-trace-showsource", 's', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Don't show source line during tracing",""},
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list