Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 10:23:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add BC_PE_ALL hook (bb #2237).

Browse source
This commit is contained in:
Török Edvin 2010-09-02 15:38:48 +03:00
parent f1d071c8ed
commit 0df99607ed
2 changed files with 34 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -1,3 +1,7 @@
Thu Sep 2 15:38:22 EEST 2010 (edwin)
-------------------------------------
* libclamav/pe.c: add BC_PE_ALL hook (bb #2237)
Wed Sep 1 10:03:26 EEST 2010 (edwin)
-------------------------------------
* libclamav/c++/{bytecode2llvm,ClamBCRTChecks}.cpp: avoid false 'Verification error' messages (bb #2239)

42
libclamav/pe.c
View file

@ -1109,6 +1109,34 @@ int cli_scanpe(cli_ctx *ctx)
}
}
pedata.nsections = nsections;
pedata.ep = ep;
pedata.offset = 0;
memcpy(&pedata.file_hdr, &file_hdr, sizeof(file_hdr));
memcpy(&pedata.opt32, &pe_opt.opt32, sizeof(pe_opt.opt32));
memcpy(&pedata.opt64, &pe_opt.opt64, sizeof(pe_opt.opt64));
memcpy(&pedata.dirs, dirs, sizeof(pedata.dirs));
pedata.e_lfanew = e_lfanew;
pedata.overlays = overlays;
pedata.overlays_sz = fsize - overlays;
pedata.hdr_size = hdr_size;
/* Bytecode BC_PE_ALL hook */
bc_ctx = cli_bytecode_context_alloc();
if (!bc_ctx) {
cli_errmsg("cli_scanpe: can't allocate memory for bc_ctx\n");
return CL_EMEM;
}
cli_bytecode_context_setpe(bc_ctx, &pedata, exe_sections);
cli_bytecode_context_setctx(bc_ctx, ctx);
ret = cli_bytecode_runhook(ctx, ctx->engine, bc_ctx, BC_PE_ALL, ctx->virname);
if (ret == CL_VIRUS) {
free(exe_sections);
cli_bytecode_context_destroy(bc_ctx);
return CL_VIRUS;
}
cli_bytecode_context_destroy(bc_ctx);
/* Attempt to detect some popular polymorphic viruses */
/* W32.Parite.B */
@ -2243,28 +2271,18 @@ int cli_scanpe(cli_ctx *ctx)
/* to be continued ... */
/* Bytecode */
/* Bytecode BC_PE_UNPACKER hook */
bc_ctx = cli_bytecode_context_alloc();
if (!bc_ctx) {
cli_errmsg("cli_scanpe: can't allocate memory for bc_ctx\n");
return CL_EMEM;
}
pedata.nsections = nsections;
pedata.ep = ep;
pedata.offset = 0;
memcpy(&pedata.file_hdr, &file_hdr, sizeof(file_hdr));
memcpy(&pedata.opt32, &pe_opt.opt32, sizeof(pe_opt.opt32));
memcpy(&pedata.opt64, &pe_opt.opt64, sizeof(pe_opt.opt64));
memcpy(&pedata.dirs, dirs, sizeof(pedata.dirs));
pedata.e_lfanew = e_lfanew;
pedata.overlays = overlays;
pedata.overlays_sz = fsize - overlays;
pedata.hdr_size = hdr_size;
cli_bytecode_context_setpe(bc_ctx, &pedata, exe_sections);
cli_bytecode_context_setctx(bc_ctx, ctx);
ret = cli_bytecode_runhook(ctx, ctx->engine, bc_ctx, BC_PE_UNPACKER, map, ctx->virname);
switch (ret) {
case CL_VIRUS:
free(exe_sections);
cli_bytecode_context_destroy(bc_ctx);
return CL_VIRUS;
case CL_SUCCESS: