2009-06-26 20:23:52 +03:00
|
|
|
/*
|
|
|
|
|
* ClamAV bytecode handler tool.
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2009 Sourcefire, Inc.
|
|
|
|
|
*
|
|
|
|
|
* Authors: Török Edvin
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
|
|
|
* MA 02110-1301, USA.
|
|
|
|
|
*/
|
|
|
|
|
#if HAVE_CONFIG_H
|
|
|
|
|
#include "clamav-config.h"
|
|
|
|
|
#endif
|
2009-08-25 18:54:14 +03:00
|
|
|
#include "cltypes.h"
|
2009-12-11 20:57:41 +02:00
|
|
|
#ifndef _WIN32
|
2009-12-03 11:37:38 +02:00
|
|
|
#include <sys/time.h>
|
2009-12-11 20:57:41 +02:00
|
|
|
#endif
|
2009-12-03 11:37:38 +02:00
|
|
|
#include <stdlib.h>
|
2009-06-26 20:23:52 +03:00
|
|
|
#include "bytecode.h"
|
2009-12-08 23:02:49 +02:00
|
|
|
#include "bytecode_priv.h"
|
2009-06-26 20:23:52 +03:00
|
|
|
#include "clamav.h"
|
2009-06-30 18:15:12 +03:00
|
|
|
#include "shared/optparser.h"
|
2009-06-30 19:27:26 +03:00
|
|
|
#include "shared/misc.h"
|
2009-06-26 20:23:52 +03:00
|
|
|
|
2009-09-08 22:25:33 +03:00
|
|
|
#include <fcntl.h>
|
2009-06-26 20:23:52 +03:00
|
|
|
#include <stdlib.h>
|
2009-09-08 22:25:33 +03:00
|
|
|
#include <errno.h>
|
2009-10-02 12:27:52 +03:00
|
|
|
#include <string.h>
|
2009-12-11 20:57:41 +02:00
|
|
|
#ifdef HAVE_UNISTD_H
|
2009-10-02 12:27:52 +03:00
|
|
|
#include <unistd.h>
|
2009-12-11 20:57:41 +02:00
|
|
|
#endif
|
2009-06-26 20:23:52 +03:00
|
|
|
|
2009-06-30 18:15:12 +03:00
|
|
|
static void help(void)
|
|
|
|
|
{
|
|
|
|
|
printf("\n");
|
2009-06-30 20:14:21 +03:00
|
|
|
printf(" Clam AntiVirus: Bytecode Testing Tool %s\n",
|
|
|
|
|
get_version());
|
2009-06-30 18:15:12 +03:00
|
|
|
printf(" By The ClamAV Team: http://www.clamav.net/team\n");
|
|
|
|
|
printf(" (C) 2009 Sourcefire, Inc.\n\n");
|
2009-07-07 23:36:36 +03:00
|
|
|
printf("clambc <file> [function] [param1 ...]\n\n");
|
2009-06-30 18:15:12 +03:00
|
|
|
printf(" --help -h Show help\n");
|
|
|
|
|
printf(" --version -V Show version\n");
|
2009-12-10 15:17:40 +02:00
|
|
|
printf(" --trace <level> Set bytecode trace level 0..7 (default 7)\n");
|
|
|
|
|
printf(" --no-trace-showsource Don't show source line during tracing\n");
|
2009-06-30 18:15:12 +03:00
|
|
|
printf(" file file to test\n");
|
|
|
|
|
printf("\n");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2009-12-09 16:50:55 +02:00
|
|
|
static struct dbg_state {
|
|
|
|
|
const char *directory;
|
|
|
|
|
const char *file;
|
|
|
|
|
const char *scope;
|
|
|
|
|
uint32_t scopeid;
|
|
|
|
|
unsigned line;
|
|
|
|
|
unsigned col;
|
|
|
|
|
unsigned showline;
|
|
|
|
|
} dbg_state;
|
|
|
|
|
|
|
|
|
|
static void tracehook(struct cli_bc_ctx *ctx, unsigned event)
|
|
|
|
|
{
|
|
|
|
|
dbg_state.directory = ctx->directory;
|
|
|
|
|
if (*ctx->file == '?')
|
|
|
|
|
return;
|
|
|
|
|
switch (event) {
|
|
|
|
|
case trace_func:
|
2009-12-11 18:09:33 +02:00
|
|
|
fprintf(stderr, "[trace] %s:%u:%u -> %s:%u:%u Entered function %s\n",
|
2009-12-09 16:50:55 +02:00
|
|
|
dbg_state.file, dbg_state.line, dbg_state.col,
|
|
|
|
|
ctx->file, ctx->line, ctx->col, ctx->scope);
|
|
|
|
|
dbg_state.scope = ctx->scope;
|
|
|
|
|
break;
|
|
|
|
|
case trace_param:
|
2009-12-11 18:09:33 +02:00
|
|
|
fprintf(stderr, "[trace] function parameter:\n");
|
2009-12-09 16:50:55 +02:00
|
|
|
return;
|
|
|
|
|
case trace_scope:
|
2009-12-11 18:09:33 +02:00
|
|
|
fprintf(stderr, "[trace] %s:%u:%u -> %s:%u:%u\n",
|
2009-12-09 16:50:55 +02:00
|
|
|
dbg_state.file, dbg_state.line, dbg_state.col,
|
|
|
|
|
ctx->file, ctx->line, ctx->col);
|
|
|
|
|
dbg_state.scope = ctx->scope;
|
|
|
|
|
break;
|
|
|
|
|
case trace_line:
|
|
|
|
|
case trace_col:
|
|
|
|
|
if (dbg_state.showline)
|
|
|
|
|
cli_bytecode_debug_printsrc(ctx);
|
|
|
|
|
else
|
2009-12-11 18:09:33 +02:00
|
|
|
fprintf(stderr, "[trace] %s:%u:%u\n",
|
2009-12-09 16:50:55 +02:00
|
|
|
dbg_state.file, dbg_state.line, dbg_state.col);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
dbg_state.file = ctx->file;
|
|
|
|
|
dbg_state.line = ctx->line;
|
|
|
|
|
dbg_state.col = ctx->col;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void tracehook_op(struct cli_bc_ctx *ctx, const char *op)
|
|
|
|
|
{
|
2009-12-11 18:09:33 +02:00
|
|
|
fprintf(stderr, "[trace] %s\n", op);
|
2009-12-09 16:50:55 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void tracehook_val(struct cli_bc_ctx *ctx, const char *name, uint32_t value)
|
|
|
|
|
{
|
2009-12-11 18:09:33 +02:00
|
|
|
fprintf(stderr, "[trace] %s = %u\n", name, value);
|
2009-12-09 16:50:55 +02:00
|
|
|
}
|
|
|
|
|
|
2009-12-17 17:40:35 +02:00
|
|
|
static void tracehook_ptr(struct cli_bc_ctx *ctx, const void *ptr)
|
|
|
|
|
{
|
|
|
|
|
fprintf(stderr, "[trace] %p\n", ptr);
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-06 17:53:17 +02:00
|
|
|
static void print_src(const char *file)
|
|
|
|
|
{
|
|
|
|
|
char buf[4096];
|
|
|
|
|
int nread, i, found = 0;
|
|
|
|
|
FILE *f = fopen(file, "r");
|
|
|
|
|
if (!f) {
|
|
|
|
|
fprintf(stderr,"Unable to reopen %s\n", file);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
do {
|
|
|
|
|
nread = fread(buf, 1, sizeof(buf), f);
|
|
|
|
|
for (i=0;i<nread-1;i++) {
|
|
|
|
|
if (buf[i] == '\n' && buf[i+1] == 'S') {
|
|
|
|
|
found = 1;
|
|
|
|
|
i++;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} while (!found && (nread == sizeof(buf)));
|
|
|
|
|
printf("Source code:");
|
|
|
|
|
do {
|
|
|
|
|
for (;i+1<nread;i++) {
|
|
|
|
|
if (buf[i] == 'S' || buf[i] == '\n') {
|
|
|
|
|
putc('\n', stdout);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2010-02-08 15:34:37 +02:00
|
|
|
putc(((buf[i]&0xf) | ((buf[i+1]&0xf)<<4)), stdout);
|
2010-02-06 17:53:17 +02:00
|
|
|
i++;
|
|
|
|
|
}
|
|
|
|
|
i=0;
|
|
|
|
|
nread = fread(buf, 1, sizeof(buf), f);
|
|
|
|
|
} while (nread > 0);
|
|
|
|
|
fclose(f);
|
|
|
|
|
}
|
|
|
|
|
|
2009-06-26 20:23:52 +03:00
|
|
|
int main(int argc, char *argv[])
|
|
|
|
|
{
|
|
|
|
|
FILE *f;
|
|
|
|
|
struct cli_bc *bc;
|
|
|
|
|
struct cli_bc_ctx *ctx;
|
2009-08-27 18:12:39 +03:00
|
|
|
int rc, dbgargc;
|
2009-06-30 18:15:12 +03:00
|
|
|
struct optstruct *opts;
|
2009-09-08 22:25:33 +03:00
|
|
|
const struct optstruct *opt;
|
2009-07-07 23:36:36 +03:00
|
|
|
unsigned funcid=0, i;
|
2009-08-25 18:54:14 +03:00
|
|
|
struct cli_all_bc bcs;
|
2009-09-08 22:25:33 +03:00
|
|
|
unsigned int fd = -1;
|
2009-12-10 15:17:40 +02:00
|
|
|
unsigned tracelevel;
|
2009-06-30 18:15:12 +03:00
|
|
|
|
|
|
|
|
opts = optparse(NULL, argc, argv, 1, OPT_CLAMBC, 0, NULL);
|
|
|
|
|
if (!opts) {
|
|
|
|
|
fprintf(stderr, "ERROR: Can't parse command line options\n");
|
2009-06-26 20:23:52 +03:00
|
|
|
exit(1);
|
|
|
|
|
}
|
2009-09-04 12:09:17 +03:00
|
|
|
if(optget(opts, "version")->enabled) {
|
|
|
|
|
printf("Clam AntiVirus Bytecode Testing Tool %s\n", get_version());
|
2009-12-11 12:26:20 +02:00
|
|
|
cl_init(CL_INIT_DEFAULT);
|
2009-12-11 20:43:58 +02:00
|
|
|
cli_bytecode_printversion();
|
2009-06-30 18:15:12 +03:00
|
|
|
optfree(opts);
|
|
|
|
|
exit(0);
|
|
|
|
|
}
|
2009-09-04 12:09:17 +03:00
|
|
|
if(optget(opts, "help")->enabled || !opts->filename) {
|
2009-06-30 18:15:12 +03:00
|
|
|
optfree(opts);
|
2009-09-04 12:09:17 +03:00
|
|
|
help();
|
2009-06-30 18:15:12 +03:00
|
|
|
exit(0);
|
|
|
|
|
}
|
2009-07-07 23:36:36 +03:00
|
|
|
f = fopen(opts->filename[0], "r");
|
2009-06-26 20:23:52 +03:00
|
|
|
if (!f) {
|
|
|
|
|
fprintf(stderr, "Unable to load %s\n", argv[1]);
|
2009-06-30 19:40:26 +03:00
|
|
|
optfree(opts);
|
2009-06-26 20:23:52 +03:00
|
|
|
exit(2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bc = malloc(sizeof(*bc));
|
|
|
|
|
if (!bc) {
|
|
|
|
|
fprintf(stderr, "Out of memory\n");
|
2009-06-30 19:40:26 +03:00
|
|
|
optfree(opts);
|
2009-06-26 20:23:52 +03:00
|
|
|
exit(3);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cl_debug();
|
2009-08-25 18:54:14 +03:00
|
|
|
rc = cl_init(CL_INIT_DEFAULT);
|
|
|
|
|
if (rc != CL_SUCCESS) {
|
|
|
|
|
fprintf(stderr,"Unable to init libclamav: %s\n", cl_strerror(rc));
|
|
|
|
|
optfree(opts);
|
|
|
|
|
exit(4);
|
|
|
|
|
}
|
|
|
|
|
|
2009-08-27 18:12:39 +03:00
|
|
|
dbgargc=1;
|
|
|
|
|
while (opts->filename[dbgargc]) dbgargc++;
|
|
|
|
|
|
|
|
|
|
if (dbgargc > 1)
|
|
|
|
|
cli_bytecode_debug(dbgargc, opts->filename);
|
2009-09-04 12:09:17 +03:00
|
|
|
|
|
|
|
|
if (optget(opts, "force-interpreter")->enabled) {
|
|
|
|
|
bcs.engine = NULL;
|
|
|
|
|
} else {
|
|
|
|
|
rc = cli_bytecode_init(&bcs);
|
|
|
|
|
if (rc != CL_SUCCESS) {
|
|
|
|
|
fprintf(stderr,"Unable to init bytecode engine: %s\n", cl_strerror(rc));
|
|
|
|
|
optfree(opts);
|
|
|
|
|
exit(4);
|
|
|
|
|
}
|
2009-08-25 18:54:14 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bcs.all_bcs = bc;
|
|
|
|
|
bcs.count = 1;
|
|
|
|
|
|
2010-01-22 14:36:56 +02:00
|
|
|
rc = cli_bytecode_load(bc, f, NULL, 0);
|
2009-06-26 20:23:52 +03:00
|
|
|
if (rc != CL_SUCCESS) {
|
|
|
|
|
fprintf(stderr,"Unable to load bytecode: %s\n", cl_strerror(rc));
|
2009-06-30 19:40:26 +03:00
|
|
|
optfree(opts);
|
2009-06-26 20:23:52 +03:00
|
|
|
exit(4);
|
|
|
|
|
}
|
2009-06-30 19:58:08 +03:00
|
|
|
|
2009-08-25 18:54:14 +03:00
|
|
|
rc = cli_bytecode_prepare(&bcs);
|
2009-07-23 17:33:11 +03:00
|
|
|
if (rc != CL_SUCCESS) {
|
|
|
|
|
fprintf(stderr,"Unable to prepare bytecode: %s\n", cl_strerror(rc));
|
|
|
|
|
optfree(opts);
|
|
|
|
|
exit(4);
|
|
|
|
|
}
|
2009-06-26 20:23:52 +03:00
|
|
|
fclose(f);
|
|
|
|
|
|
|
|
|
|
printf("Bytecode loaded\n");
|
2010-01-22 16:50:16 +02:00
|
|
|
if (optget(opts, "describe")->enabled) {
|
|
|
|
|
cli_bytecode_describe(bc);
|
2010-02-06 17:53:17 +02:00
|
|
|
print_src(opts->filename[0]);
|
2010-01-22 16:50:16 +02:00
|
|
|
} else {
|
2009-06-26 20:23:52 +03:00
|
|
|
|
2010-01-22 16:50:16 +02:00
|
|
|
ctx = cli_bytecode_context_alloc();
|
|
|
|
|
if (!ctx) {
|
|
|
|
|
fprintf(stderr,"Out of memory\n");
|
|
|
|
|
exit(3);
|
|
|
|
|
}
|
|
|
|
|
memset(&dbg_state, 0, sizeof(dbg_state));
|
|
|
|
|
dbg_state.file = "<libclamav>";
|
|
|
|
|
dbg_state.line = 0;
|
|
|
|
|
dbg_state.col = 0;
|
|
|
|
|
dbg_state.showline = !optget(opts, "no-trace-showsource")->enabled;
|
|
|
|
|
tracelevel = optget(opts, "trace")->numarg;
|
|
|
|
|
cli_bytecode_context_set_trace(ctx, tracelevel,
|
|
|
|
|
tracehook,
|
|
|
|
|
tracehook_op,
|
|
|
|
|
tracehook_val,
|
|
|
|
|
tracehook_ptr);
|
2009-07-07 23:36:36 +03:00
|
|
|
|
2010-01-22 16:50:16 +02:00
|
|
|
if (opts->filename[1]) {
|
|
|
|
|
funcid = atoi(opts->filename[1]);
|
2009-07-07 23:36:36 +03:00
|
|
|
}
|
2010-01-22 16:50:16 +02:00
|
|
|
cli_bytecode_context_setfuncid(ctx, bc, funcid);
|
|
|
|
|
printf("Running bytecode function :%u\n", funcid);
|
2009-07-07 23:36:36 +03:00
|
|
|
|
2010-01-22 16:50:16 +02:00
|
|
|
if (opts->filename[1]) {
|
|
|
|
|
i=2;
|
|
|
|
|
while (opts->filename[i]) {
|
|
|
|
|
rc = cli_bytecode_context_setparam_int(ctx, i-2, atoi(opts->filename[i]));
|
|
|
|
|
if (rc != CL_SUCCESS) {
|
|
|
|
|
fprintf(stderr,"Unable to set param %u: %s\n", i-2, cl_strerror(rc));
|
|
|
|
|
}
|
|
|
|
|
i++;
|
|
|
|
|
}
|
2009-09-08 22:25:33 +03:00
|
|
|
}
|
2010-01-22 16:50:16 +02:00
|
|
|
|
|
|
|
|
if ((opt = optget(opts,"input"))->enabled) {
|
|
|
|
|
fmap_t *map;
|
|
|
|
|
fd = open(opt->strarg, O_RDONLY);
|
|
|
|
|
if (fd == -1) {
|
|
|
|
|
fprintf(stderr, "Unable to open input file %s: %s\n", opt->strarg, strerror(errno));
|
|
|
|
|
optfree(opts);
|
|
|
|
|
exit(5);
|
|
|
|
|
}
|
|
|
|
|
map = fmap(fd, 0, 0);
|
|
|
|
|
if (!map) {
|
|
|
|
|
fprintf(stderr, "Unable to map input file %s\n", opt->strarg);
|
|
|
|
|
}
|
|
|
|
|
rc = cli_bytecode_context_setfile(ctx, map);
|
|
|
|
|
if (rc != CL_SUCCESS) {
|
|
|
|
|
fprintf(stderr, "Unable to set file %s: %s\n", opt->strarg, cl_strerror(rc));
|
|
|
|
|
optfree(opts);
|
|
|
|
|
exit(5);
|
|
|
|
|
}
|
|
|
|
|
funmap(map);
|
2009-12-03 11:37:38 +02:00
|
|
|
}
|
2010-01-22 16:50:16 +02:00
|
|
|
|
|
|
|
|
rc = cli_bytecode_run(&bcs, bc, ctx);
|
2009-09-08 22:25:33 +03:00
|
|
|
if (rc != CL_SUCCESS) {
|
2010-01-22 16:50:16 +02:00
|
|
|
fprintf(stderr,"Unable to run bytecode: %s\n", cl_strerror(rc));
|
|
|
|
|
} else {
|
|
|
|
|
uint64_t v;
|
|
|
|
|
printf("Bytecode run finished\n");
|
|
|
|
|
v = cli_bytecode_context_getresult_int(ctx);
|
|
|
|
|
printf("Bytecode returned: 0x%llx\n", (long long)v);
|
2009-09-08 22:25:33 +03:00
|
|
|
}
|
2010-01-22 16:50:16 +02:00
|
|
|
cli_bytecode_context_destroy(ctx);
|
2009-07-07 23:36:36 +03:00
|
|
|
}
|
2009-06-26 20:23:52 +03:00
|
|
|
cli_bytecode_destroy(bc);
|
2009-08-25 18:54:14 +03:00
|
|
|
cli_bytecode_done(&bcs);
|
2009-06-26 20:23:52 +03:00
|
|
|
free(bc);
|
2009-06-30 19:40:26 +03:00
|
|
|
optfree(opts);
|
2009-09-08 22:25:33 +03:00
|
|
|
if (fd != -1)
|
|
|
|
|
close(fd);
|
2009-07-08 12:45:06 +03:00
|
|
|
printf("Exiting\n");
|
2009-06-26 20:23:52 +03:00
|
|
|
return 0;
|
|
|
|
|
}
|
