diff --git a/libclamav/bytecode.c b/libclamav/bytecode.c index 71484b7a4..a866cc911 100644 --- a/libclamav/bytecode.c +++ b/libclamav/bytecode.c @@ -430,14 +430,18 @@ static int parseHeader(struct cli_bc *bc, unsigned char *buffer) static int parseLSig(struct cli_bc *bc, unsigned char *buffer) { - if (buffer[0] != 'L') { - cli_errmsg("Invalid logical signature header: %c\n", buffer[0]); - return CL_EMALFDB; - } - bc->lsig = NULL; - if (!buffer[1]) - return CL_SUCCESS; - bc->lsig = cli_strdup(buffer); + const char *prefix; + char *vnames, *vend = strchr(buffer, ';'); + if (vend) { + bc->lsig = cli_strdup(buffer); + } else { + /* Not a logical signature, but we still have a virusname */ + bc->lsig = NULL; + } + *vend++ = '\0'; + prefix = buffer; + vnames = strchr(vend, '{'); + return CL_SUCCESS; } diff --git a/libclamav/bytecode.h b/libclamav/bytecode.h index a10a13388..2d64653ee 100644 --- a/libclamav/bytecode.h +++ b/libclamav/bytecode.h @@ -58,6 +58,9 @@ struct cli_bc { uint16_t start_tid; struct bitset_tag *uses_apis; char *lsig; + char *vnameprefix; + char **vnames; + unsigned vnames_cnt; }; struct cli_all_bc { diff --git a/libclamav/bytecode_api.h b/libclamav/bytecode_api.h index 88c44ad05..8ab8ac7f2 100644 --- a/libclamav/bytecode_api.h +++ b/libclamav/bytecode_api.h @@ -24,10 +24,12 @@ #ifdef __CLAMBC__ #include "bytecode_execs.h" +//#include "bytecode_pe.h" #endif #ifndef __CLAMBC__ #include "execs.h" +#include "pe.h" #endif struct foo { @@ -46,8 +48,9 @@ enum BytecodeKind { extern const uint32_t __clambc_match_counts[64]; extern const struct cli_exe_info __clambc_exeinfo; +extern const struct cli_pe_hook_data __clambc_pedata; -const uint8_t __clambc_kind; +const uint16_t __clambc_kind; uint32_t test0(struct foo*, uint32_t); uint32_t test1(uint32_t, uint32_t); diff --git a/libclamav/bytecode_api_decl.c b/libclamav/bytecode_api_decl.c index 5e401005d..15c8b5081 100644 --- a/libclamav/bytecode_api_decl.c +++ b/libclamav/bytecode_api_decl.c @@ -36,47 +36,51 @@ uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t, uint32_t); const struct cli_apiglobal cli_globals[] = { /* Bytecode globals BEGIN */ - {"__clambc_match_counts", GLOBAL_MATCH_COUNTS, 72, + {"__clambc_match_counts", GLOBAL_MATCH_COUNTS, 73, ((char*)&((struct cli_bc_ctx*)0)->hooks.match_counts - (char*)NULL)}, - {"__clambc_exeinfo", GLOBAL_EXEINFO, 69, + {"__clambc_exeinfo", GLOBAL_EXEINFO, 70, ((char*)&((struct cli_bc_ctx*)0)->hooks.exeinfo - (char*)NULL)}, - {"__clambc_kind", GLOBAL_KIND, 8, - ((char*)&((struct cli_bc_ctx*)0)->hooks.kind - (char*)NULL)} + {"__clambc_kind", GLOBAL_KIND, 16, + ((char*)&((struct cli_bc_ctx*)0)->hooks.kind - (char*)NULL)}, + {"__clambc_pedata", GLOBAL_PEDATA, 69, + ((char*)&((struct cli_bc_ctx*)0)->hooks.pedata - (char*)NULL)} /* Bytecode globals END */ }; const unsigned cli_apicall_maxglobal = _LAST_GLOBAL-1; -static uint16_t cli_tmp0[]={70, 32, 32, 16}; -static uint16_t cli_tmp1[]={71}; -static uint16_t cli_tmp2[]={32, 32, 32, 32, 32, 32, 32, 32, 32}; -static uint16_t cli_tmp3[]={32}; -static uint16_t cli_tmp4[]={32, 32, 32}; -static uint16_t cli_tmp5[]={32, 65, 32}; -static uint16_t cli_tmp6[]={32, 76, 32}; -static uint16_t cli_tmp7[]={77}; -static uint16_t cli_tmp8[]={76}; +static uint16_t cli_tmp0[]={}; +static uint16_t cli_tmp1[]={71, 32, 32, 16}; +static uint16_t cli_tmp2[]={72}; +static uint16_t cli_tmp3[]={32, 32, 32, 32, 32, 32, 32, 32, 32}; +static uint16_t cli_tmp4[]={32}; +static uint16_t cli_tmp5[]={32, 32, 32}; +static uint16_t cli_tmp6[]={32, 65, 32}; +static uint16_t cli_tmp7[]={32, 77, 32}; +static uint16_t cli_tmp8[]={78}; +static uint16_t cli_tmp9[]={77}; const struct cli_bc_type cli_apicall_types[]={ - {DStructType, cli_tmp0, 4, 0, 0}, - {DPointerType, cli_tmp1, 1, 0, 0}, - {DStructType, cli_tmp2, 9, 0, 0}, - {DArrayType, cli_tmp3, 64, 0, 0}, - {DFunctionType, cli_tmp4, 3, 0, 0}, + {, cli_tmp0, , 0, 0}, + {DStructType, cli_tmp1, 4, 0, 0}, + {DPointerType, cli_tmp2, 1, 0, 0}, + {DStructType, cli_tmp3, 9, 0, 0}, + {DArrayType, cli_tmp4, 64, 0, 0}, {DFunctionType, cli_tmp5, 3, 0, 0}, {DFunctionType, cli_tmp6, 3, 0, 0}, - {DPointerType, cli_tmp7, 1, 0, 0}, - {DStructType, cli_tmp8, 1, 0, 0} + {DFunctionType, cli_tmp7, 3, 0, 0}, + {DPointerType, cli_tmp8, 1, 0, 0}, + {DStructType, cli_tmp9, 1, 0, 0} }; const unsigned cli_apicall_maxtypes=sizeof(cli_apicall_types)/sizeof(cli_apicall_types[0]); const struct cli_apicall cli_apicalls[]={ /* Bytecode APIcalls BEGIN */ - {"test0", 6, 0, 1}, - {"test1", 4, 0, 0}, - {"read", 5, 1, 1}, - {"seek", 4, 1, 0}, - {"setvirusname", 5, 2, 1}, - {"debug_print_str", 5, 3, 1}, - {"debug_print_uint", 4, 2, 0} + {"test0", 7, 0, 1}, + {"test1", 5, 0, 0}, + {"read", 6, 1, 1}, + {"seek", 5, 1, 0}, + {"setvirusname", 6, 2, 1}, + {"debug_print_str", 6, 3, 1}, + {"debug_print_uint", 5, 2, 0} /* Bytecode APIcalls END */ }; const cli_apicall_int2 cli_apicalls0[] = { diff --git a/libclamav/bytecode_hooks.h b/libclamav/bytecode_hooks.h index a068dc223..0fbe8c7c4 100644 --- a/libclamav/bytecode_hooks.h +++ b/libclamav/bytecode_hooks.h @@ -24,8 +24,8 @@ struct cli_bc_hooks { const uint32_t* match_counts; - const struct cli_exe_info *exeinfo; - const struct cli_pe_hook_data *pedata; - const uint8_t kind; + const struct cli_exe_info exeinfo; + const uint16_t kind; + const cli_pe_hook_data pedata; }; #endif diff --git a/libclamav/clambc.h b/libclamav/clambc.h index 623b68849..12e954500 100644 --- a/libclamav/clambc.h +++ b/libclamav/clambc.h @@ -101,6 +101,7 @@ enum bc_global { _FIRST_GLOBAL = 0x8000, GLOBAL_MATCH_COUNTS = 0x8000, GLOBAL_KIND, + GLOBAL_VIRUSNAMES, GLOBAL_EXEINFO, _LAST_GLOBAL }; diff --git a/unit_tests/input/apicalls.cbc b/unit_tests/input/apicalls.cbc index 50f571c59..b87ced231 100644 --- a/unit_tests/input/apicalls.cbc +++ b/unit_tests/input/apicalls.cbc @@ -1,5 +1,5 @@ ClamBCaa`|``````|`afafp`clamcoincidencejb -L + Tedacb`bb`bb`b Eabaaabbed|afdgefcgdgac`` G`` diff --git a/unit_tests/input/apicalls2.cbc b/unit_tests/input/apicalls2.cbc index 22ea04b59..7f574d7d2 100644 --- a/unit_tests/input/apicalls2.cbc +++ b/unit_tests/input/apicalls2.cbc @@ -1,5 +1,5 @@ ClamBCaa`|``````|`ajafp`clamcoincidencejb -L + Tedcabidebidacb`bbidb`bacb`bb`bb`bebed Eababaabgd|afdgefcgdg`c``abbhd|afdgefcgdgac`` G`` diff --git a/unit_tests/input/arith.cbc b/unit_tests/input/arith.cbc index c8e018455..855f63826 100644 --- a/unit_tests/input/arith.cbc +++ b/unit_tests/input/arith.cbc @@ -1,5 +1,5 @@ ClamBCaa`|``````|`aebbep`clamcoincidencejb -L + Ted E`` G`` diff --git a/unit_tests/input/div0.cbc b/unit_tests/input/div0.cbc index 1f8ea38f4..b52778ae7 100644 --- a/unit_tests/input/div0.cbc +++ b/unit_tests/input/div0.cbc @@ -1,5 +1,5 @@ ClamBCaa`|``````|`aeabp`clamcoincidencejb -L + Ted E`` G`` diff --git a/unit_tests/input/lsig.cbc b/unit_tests/input/lsig.cbc index b9760408d..1aa040dc3 100644 --- a/unit_tests/input/lsig.cbc +++ b/unit_tests/input/lsig.cbc @@ -1,11 +1,9 @@ -ClamBCaa`|``````|`bbaabp`clamcoincidencejb -L;Target:0;((0|1|2)=42,2);aabb;ffffffff;aaccee;f00d -Tedebaeeb`eebodebndebmdebadebcdacb`bbadb`bdb`db`bdakahdagahdaiahdaeah -Eaeaaaebld|amcgefdgfgifbgegcgnfafmfef`` -Gd```hanbaeBafBafBbfBbf@`b`eBffBffBffBffBffBffBffBff@`baeBffB`cB`cBdf@`bodBafBafBcfBcfBefBef@`bndBdeBbgBofBjfBafBnfBnbBfdBodBod@`bad@@`bad@Aa`bad@Ab`bad@Ac`bad@Ad`bcdAcD```h`bcdAbD```h`bcd@D```h`bcdAaD```h` -A`b`bLacb`baa`Fafac -Bb`b`gbAj`aaaaeab`b`AbdTaaaaaaab -B```b`abTcab`b@d +ClamBCaa`|``````|`alaap`clamcoincidencejb +Trojan.Foo/A/B;Target:0;((0|1|2)=42,2);aabb;ffffffff;aaccee;f00d +Tedebkdebjdebadebcdacb`bbadb`bdb`db`bdabah +Eaeaaaebid|amcgefdgfgifbgegcgnfafmfef`` +Gd```hahbkdBad@`bkdBbd@`bad@@`bad@Aa`bcdAcD```h`bcdAbD```h`bcd@D```h`bcdAaD```h` +A`b`bLaeb`baaaabadb`bFahac +Bb`b`gbAd`aaaaiab`b`AbdTaaaaabaa +Baaabeab`b`AbdbadacoaabAb`Ac`b`badabbaeac@dTcab`b@d BTcab`b@dE -A``Laab`bFabaa -Bb`b`abbaeAi`@dTdaE diff --git a/unit_tests/input/retmagic.cbc b/unit_tests/input/retmagic.cbc index a6ee6e0dd..5160166be 100644 --- a/unit_tests/input/retmagic.cbc +++ b/unit_tests/input/retmagic.cbc @@ -1,5 +1,5 @@ ClamBCaa`|``````|`aeaap`clamcoincidencejb -L + Ted E`` G``