2009-09-04 12:09:17 +03:00
|
|
|
/*
|
|
|
|
|
* ClamAV bytecode API.
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2009 Sourcefire, Inc.
|
|
|
|
|
*
|
|
|
|
|
* Authors: Török Edvin
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
|
|
|
* MA 02110-1301, USA.
|
|
|
|
|
*/
|
2009-10-02 17:33:11 +03:00
|
|
|
#ifndef BYTECODE_API_H
|
|
|
|
|
#define BYTECODE_API_H
|
2009-09-04 12:09:17 +03:00
|
|
|
|
2009-09-30 13:41:02 +03:00
|
|
|
#ifdef __CLAMBC__
|
|
|
|
|
#include "bytecode_execs.h"
|
2009-11-06 16:34:46 +02:00
|
|
|
#include "bytecode_pe.h"
|
|
|
|
|
#include "bytecode_disasm.h"
|
2009-09-30 13:41:02 +03:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifndef __CLAMBC__
|
|
|
|
|
#include "execs.h"
|
2009-11-06 16:34:46 +02:00
|
|
|
struct DISASM_RESULT;
|
2009-09-30 13:41:02 +03:00
|
|
|
#endif
|
2009-09-04 12:09:17 +03:00
|
|
|
|
2009-08-20 16:23:43 +03:00
|
|
|
struct foo {
|
|
|
|
|
struct foo *nxt;
|
|
|
|
|
};
|
|
|
|
|
|
2009-10-02 17:33:11 +03:00
|
|
|
enum BytecodeKind {
|
|
|
|
|
BC_GENERIC=0,/* generic bytecode, not tied to a specific hook */
|
|
|
|
|
_BC_START_HOOKS=256,
|
|
|
|
|
BC_LOGICAL=256,/* triggered by a logical signature */
|
|
|
|
|
BC_PE_UNPACKER,/* a PE unpacker */
|
|
|
|
|
_BC_LAST_HOOK
|
|
|
|
|
};
|
|
|
|
|
|
2009-09-04 17:29:13 +03:00
|
|
|
#ifdef __CLAMBC__
|
|
|
|
|
|
2009-09-30 13:41:02 +03:00
|
|
|
extern const uint32_t __clambc_match_counts[64];
|
|
|
|
|
extern const struct cli_exe_info __clambc_exeinfo;
|
2009-10-06 17:32:38 +03:00
|
|
|
extern const struct cli_pe_hook_data __clambc_pedata;
|
2009-09-30 13:41:02 +03:00
|
|
|
|
2009-10-06 17:32:38 +03:00
|
|
|
const uint16_t __clambc_kind;
|
2009-09-30 13:41:02 +03:00
|
|
|
|
2009-09-04 16:24:52 +03:00
|
|
|
uint32_t test0(struct foo*, uint32_t);
|
|
|
|
|
uint32_t test1(uint32_t, uint32_t);
|
2009-09-04 17:29:13 +03:00
|
|
|
|
|
|
|
|
/* reads @size bytes from current file (if any) to @data, returns amount read */
|
2009-09-21 18:48:43 +03:00
|
|
|
int32_t read(uint8_t *data, int32_t size);
|
2009-09-04 17:29:13 +03:00
|
|
|
|
|
|
|
|
enum {
|
|
|
|
|
SEEK_SET=0,
|
|
|
|
|
SEEK_CUR,
|
|
|
|
|
SEEK_END
|
|
|
|
|
};
|
|
|
|
|
|
2009-11-06 16:34:46 +02:00
|
|
|
int32_t write(uint8_t *data, int32_t size);
|
2009-09-04 17:29:13 +03:00
|
|
|
/* seeks current position to @pos, from @whence, returns current position from
|
|
|
|
|
* start of file */
|
|
|
|
|
int32_t seek(int32_t pos, uint32_t whence);
|
|
|
|
|
|
2009-09-22 11:03:17 +03:00
|
|
|
/* Set the name of the virus we have found */
|
|
|
|
|
uint32_t setvirusname(const uint8_t *name, uint32_t len);
|
|
|
|
|
|
2009-09-21 18:48:43 +03:00
|
|
|
uint32_t debug_print_str(const uint8_t *str, uint32_t len);
|
2009-09-11 15:12:17 +03:00
|
|
|
uint32_t debug_print_uint(uint32_t a, uint32_t b);
|
|
|
|
|
|
2009-11-06 16:34:46 +02:00
|
|
|
// disassembles at current file position, use lseek to disasm someplace else
|
|
|
|
|
uint32_t disasm_x86(struct DISASM_RESULT*, uint32_t len);
|
2009-09-04 17:29:13 +03:00
|
|
|
#endif
|
2009-10-02 17:33:11 +03:00
|
|
|
#endif
|
