2009-07-07 23:36:36 +03:00
|
|
|
/*
|
|
|
|
|
* Load, verify and execute ClamAV bytecode.
|
|
|
|
|
*
|
2010-02-02 14:03:32 +02:00
|
|
|
* Copyright (C) 2009-2010 Sourcefire, Inc.
|
2009-07-07 23:36:36 +03:00
|
|
|
*
|
|
|
|
|
* Authors: Török Edvin
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
|
|
|
* MA 02110-1301, USA.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef BYTECODE_PRIV_H
|
|
|
|
|
#define BYTECODE_PRIV_H
|
2009-07-31 15:28:36 +03:00
|
|
|
|
2010-03-20 21:18:54 +02:00
|
|
|
#include <zlib.h>
|
2009-12-09 16:50:55 +02:00
|
|
|
#include "bytecode.h"
|
2009-07-31 15:28:36 +03:00
|
|
|
#include "type_desc.h"
|
2009-09-30 13:41:02 +03:00
|
|
|
#include "execs.h"
|
|
|
|
|
#include "bytecode_hooks.h"
|
2009-12-03 11:37:38 +02:00
|
|
|
#include "fmap.h"
|
2010-01-20 20:04:01 +02:00
|
|
|
#include "mpool.h"
|
2010-03-21 15:10:49 +02:00
|
|
|
#include "hashtab.h"
|
2009-12-03 11:25:24 +02:00
|
|
|
|
2009-07-07 23:36:36 +03:00
|
|
|
typedef uint32_t operand_t;
|
|
|
|
|
typedef uint16_t bbid_t;
|
|
|
|
|
typedef uint16_t funcid_t;
|
|
|
|
|
|
|
|
|
|
struct cli_bc_callop {
|
|
|
|
|
operand_t* ops;
|
2009-07-23 17:33:11 +03:00
|
|
|
uint16_t* opsizes;
|
2009-07-07 23:36:36 +03:00
|
|
|
uint8_t numOps;
|
|
|
|
|
funcid_t funcid;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct branch {
|
|
|
|
|
operand_t condition;
|
|
|
|
|
bbid_t br_true;
|
|
|
|
|
bbid_t br_false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct cli_bc_cast {
|
|
|
|
|
uint64_t mask;
|
2009-07-20 16:34:32 +03:00
|
|
|
operand_t source;
|
|
|
|
|
uint8_t size;/* 0: 1-bit, 1: 8b, 2: 16b, 3: 32b, 4: 64b */
|
2009-07-07 23:36:36 +03:00
|
|
|
};
|
2009-07-20 16:34:32 +03:00
|
|
|
|
|
|
|
|
typedef uint8_t interp_op_t;
|
2009-07-07 23:36:36 +03:00
|
|
|
struct cli_bc_inst {
|
|
|
|
|
enum bc_opcode opcode;
|
|
|
|
|
uint16_t type;
|
2009-07-20 16:34:32 +03:00
|
|
|
interp_op_t interp_op;/* opcode for interpreter */
|
2009-07-08 12:45:06 +03:00
|
|
|
operand_t dest;
|
2009-07-07 23:36:36 +03:00
|
|
|
union {
|
|
|
|
|
operand_t unaryop;
|
|
|
|
|
struct cli_bc_cast cast;
|
|
|
|
|
operand_t binop[2];
|
|
|
|
|
operand_t three[3];
|
|
|
|
|
struct cli_bc_callop ops;
|
|
|
|
|
struct branch branch;
|
|
|
|
|
bbid_t jump;
|
|
|
|
|
} u;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct cli_bc_bb {
|
|
|
|
|
unsigned numInsts;
|
|
|
|
|
struct cli_bc_inst *insts;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct cli_bc_func {
|
|
|
|
|
uint8_t numArgs;
|
|
|
|
|
uint16_t numLocals;
|
|
|
|
|
uint32_t numInsts;
|
2009-07-23 17:33:11 +03:00
|
|
|
uint32_t numValues;/* without constants */
|
2009-07-07 23:36:36 +03:00
|
|
|
uint32_t numConstants;
|
2009-07-23 17:33:11 +03:00
|
|
|
uint32_t numBytes;/* stack size */
|
2009-07-07 23:36:36 +03:00
|
|
|
uint16_t numBB;
|
2009-08-27 18:12:39 +03:00
|
|
|
uint16_t returnType;
|
2009-07-07 23:36:36 +03:00
|
|
|
uint16_t *types;
|
|
|
|
|
uint32_t insn_idx;
|
|
|
|
|
struct cli_bc_bb *BB;
|
|
|
|
|
struct cli_bc_inst *allinsts;
|
2009-07-23 17:33:11 +03:00
|
|
|
uint64_t *constants;
|
2009-11-30 15:22:20 +02:00
|
|
|
unsigned *dbgnodes;
|
2009-07-07 23:36:36 +03:00
|
|
|
};
|
2009-11-30 15:22:20 +02:00
|
|
|
|
|
|
|
|
struct cli_bc_dbgnode_element {
|
|
|
|
|
unsigned nodeid;
|
|
|
|
|
char *string;
|
|
|
|
|
unsigned len;
|
|
|
|
|
uint64_t constant;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct cli_bc_dbgnode {
|
|
|
|
|
unsigned numelements;
|
|
|
|
|
struct cli_bc_dbgnode_element* elements;
|
|
|
|
|
};
|
|
|
|
|
|
2009-07-23 17:33:11 +03:00
|
|
|
#define MAX_OP ~0u
|
2009-12-09 16:50:55 +02:00
|
|
|
enum trace_level {
|
|
|
|
|
trace_none=0,
|
|
|
|
|
trace_func,
|
|
|
|
|
trace_param,
|
|
|
|
|
trace_scope,
|
|
|
|
|
trace_line,
|
|
|
|
|
trace_col,
|
|
|
|
|
trace_op,
|
|
|
|
|
trace_val
|
|
|
|
|
};
|
2010-03-21 12:56:05 +02:00
|
|
|
|
|
|
|
|
struct bc_buffer {
|
|
|
|
|
unsigned char *data;
|
|
|
|
|
unsigned size;
|
|
|
|
|
unsigned write_cursor;
|
|
|
|
|
unsigned read_cursor;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct bc_inflate {
|
|
|
|
|
z_stream stream;
|
|
|
|
|
int32_t from;
|
|
|
|
|
int32_t to;
|
|
|
|
|
int8_t needSync;
|
|
|
|
|
};
|
|
|
|
|
|
2010-03-31 10:53:11 +03:00
|
|
|
struct bc_jsnorm {
|
|
|
|
|
struct parser_state *state;
|
|
|
|
|
int32_t from;
|
|
|
|
|
};
|
|
|
|
|
|
2009-07-07 23:36:36 +03:00
|
|
|
struct cli_bc_ctx {
|
2010-03-23 15:54:41 +02:00
|
|
|
uint8_t timeout;/* must be first byte in struct! */
|
2009-07-07 23:36:36 +03:00
|
|
|
/* id and params of toplevel function called */
|
2009-07-10 16:11:54 +03:00
|
|
|
const struct cli_bc *bc;
|
|
|
|
|
const struct cli_bc_func *func;
|
2010-03-22 17:16:07 +02:00
|
|
|
uint32_t bytecode_timeout;
|
2009-07-23 17:33:11 +03:00
|
|
|
unsigned bytes;
|
|
|
|
|
uint16_t *opsizes;
|
|
|
|
|
char *values;
|
2009-07-07 23:36:36 +03:00
|
|
|
operand_t *operands;
|
|
|
|
|
uint16_t funcid;
|
|
|
|
|
unsigned numParams;
|
2010-01-18 19:31:59 +02:00
|
|
|
uint32_t file_size;
|
2009-09-04 17:29:13 +03:00
|
|
|
off_t off;
|
2009-12-03 11:37:38 +02:00
|
|
|
fmap_t *fmap;
|
2010-05-12 18:26:02 +03:00
|
|
|
fmap_t *save_map;
|
2009-09-22 11:03:17 +03:00
|
|
|
const char *virname;
|
2009-09-30 13:41:02 +03:00
|
|
|
struct cli_bc_hooks hooks;
|
2010-02-12 16:47:44 +02:00
|
|
|
const struct cli_exe_section *sections;
|
2009-12-02 17:13:07 +02:00
|
|
|
int outfd;
|
|
|
|
|
char *tempfile;
|
|
|
|
|
void *ctx;
|
|
|
|
|
unsigned written;
|
2010-03-19 15:47:26 +02:00
|
|
|
unsigned filewritten;
|
|
|
|
|
unsigned found;
|
2009-12-09 16:50:55 +02:00
|
|
|
bc_dbg_callback_trace trace;
|
|
|
|
|
bc_dbg_callback_trace_op trace_op;
|
|
|
|
|
bc_dbg_callback_trace_val trace_val;
|
2009-12-17 17:40:35 +02:00
|
|
|
bc_dbg_callback_trace_ptr trace_ptr;
|
2009-12-09 16:50:55 +02:00
|
|
|
unsigned trace_level;
|
|
|
|
|
const char *directory;
|
|
|
|
|
const char *file;
|
2009-12-08 23:02:49 +02:00
|
|
|
const char *scope;
|
|
|
|
|
uint32_t scopeid;
|
2009-12-09 16:50:55 +02:00
|
|
|
unsigned line;
|
|
|
|
|
unsigned col;
|
2010-01-20 20:04:01 +02:00
|
|
|
mpool_t *mpool;
|
2010-03-21 12:56:05 +02:00
|
|
|
struct bc_inflate* inflates;
|
|
|
|
|
unsigned ninflates;
|
|
|
|
|
struct bc_buffer *buffers;
|
|
|
|
|
unsigned nbuffers;
|
2010-03-21 15:10:49 +02:00
|
|
|
struct cli_hashset *hashsets;
|
|
|
|
|
unsigned nhashsets;
|
2010-03-31 10:53:11 +03:00
|
|
|
struct bc_jsnorm* jsnorms;
|
|
|
|
|
unsigned njsnorms;
|
|
|
|
|
char *jsnormdir;
|
|
|
|
|
unsigned jsnormwritten;
|
2010-05-12 18:26:02 +03:00
|
|
|
struct cli_map *maps;
|
|
|
|
|
unsigned nmaps;
|
|
|
|
|
unsigned containertype;
|
|
|
|
|
unsigned extracted_file_input;
|
2009-07-07 23:36:36 +03:00
|
|
|
};
|
2009-08-25 18:54:14 +03:00
|
|
|
struct cli_all_bc;
|
2009-07-09 23:05:08 +03:00
|
|
|
int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct cli_bc_func *func, const struct cli_bc_inst *inst);
|
2009-08-25 18:54:14 +03:00
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
|
|
|
|
#endif
|
|
|
|
|
|
2009-08-27 20:41:29 +03:00
|
|
|
int cli_vm_execute_jit(const struct cli_all_bc *bcs, struct cli_bc_ctx *ctx, const struct cli_bc_func *func);
|
2009-08-25 18:54:14 +03:00
|
|
|
int cli_bytecode_prepare_jit(struct cli_all_bc *bc);
|
2010-02-15 14:37:09 +02:00
|
|
|
int cli_bytecode_init_jit(struct cli_all_bc *bc, unsigned dconfmask);
|
2009-08-25 18:54:14 +03:00
|
|
|
int cli_bytecode_done_jit(struct cli_all_bc *bc);
|
|
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2009-07-07 23:36:36 +03:00
|
|
|
#endif
|
