2
* ClamAV bytecode handler tool.
4
* Copyright (C) 2009-2012 Sourcefire, Inc.
8
* This program is free software; you can redistribute it and/or modify
9
* it under the terms of the GNU General Public License version 2 as
10
* published by the Free Software Foundation.
12
* This program is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU General Public License for more details.
17
* You should have received a copy of the GNU General Public License
18
* along with this program; if not, write to the Free Software
19
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
23
#include "clamav-config.h"
31
#include <openssl/ssl.h>
32
#include <openssl/err.h>
33
#include "libclamav/crypto.h"
36
#include "bytecode_priv.h"
38
#include "shared/optparser.h"
39
#include "shared/misc.h"
40
#include "libclamav/dconf.h"
41
#include "libclamav/others.h"
51
static void help(void)
54
printf(" Clam AntiVirus: Bytecode Testing Tool %s\n",
56
printf(" By The ClamAV Team: http://www.clamav.net/team\n");
57
printf(" (C) 2009 Sourcefire, Inc.\n\n");
58
printf("clambc <file> [function] [param1 ...]\n\n");
59
printf(" --help -h Show help\n");
60
printf(" --version -V Show version\n");
61
printf(" --info -i Print information about bytecode\n");
62
printf(" --printsrc -p Print bytecode source\n");
63
printf(" --trace <level> Set bytecode trace level 0..7 (default 7)\n");
64
printf(" --no-trace-showsource Don't show source line during tracing\n");
65
printf(" file file to test\n");
70
static struct dbg_state {
71
const char *directory;
80
static void tracehook(struct cli_bc_ctx *ctx, unsigned event)
82
dbg_state.directory = ctx->directory;
83
if (*ctx->file == '?')
87
fprintf(stderr, "[trace] %s:%u:%u -> %s:%u:%u Entered function %s\n",
88
dbg_state.file, dbg_state.line, dbg_state.col,
89
ctx->file, ctx->line, ctx->col, ctx->scope);
90
dbg_state.scope = ctx->scope;
93
fprintf(stderr, "[trace] function parameter:\n");
96
fprintf(stderr, "[trace] %s:%u:%u -> %s:%u:%u\n",
97
dbg_state.file, dbg_state.line, dbg_state.col,
98
ctx->file, ctx->line, ctx->col);
99
dbg_state.scope = ctx->scope;
103
if (dbg_state.showline)
104
cli_bytecode_debug_printsrc(ctx);
106
fprintf(stderr, "[trace] %s:%u:%u\n",
107
dbg_state.file, dbg_state.line, dbg_state.col);
112
dbg_state.file = ctx->file;
113
dbg_state.line = ctx->line;
114
dbg_state.col = ctx->col;
117
static void tracehook_op(struct cli_bc_ctx *ctx, const char *op)
119
fprintf(stderr, "[trace] %s\n", op);
122
static void tracehook_val(struct cli_bc_ctx *ctx, const char *name, uint32_t value)
124
fprintf(stderr, "[trace] %s = %u\n", name, value);
127
static void tracehook_ptr(struct cli_bc_ctx *ctx, const void *ptr)
129
fprintf(stderr, "[trace] %p\n", ptr);
132
static uint8_t debug_flag = 0;
133
static void print_src(const char *file)
136
int nread, i, found = 0;
137
FILE *f = fopen(file, "r");
139
fprintf(stderr,"Unable to reopen %s\n", file);
143
nread = fread(buf, 1, sizeof(buf), f);
144
for (i=0;i<nread-1;i++) {
145
if (buf[i] == '\n' && buf[i+1] == 'S') {
151
} while (!found && (nread == sizeof(buf)));
153
printf("[clambc] Source code:");
155
for (;i+1<nread;i++) {
156
if (buf[i] == 'S' || buf[i] == '\n') {
160
putc(((buf[i]&0xf) | ((buf[i+1]&0xf)<<4)), stdout);
163
if (i == nread-1 && nread != 1)
164
fseek(f, -1, SEEK_CUR);
166
nread = fread(buf, 1, sizeof(buf), f);
170
static uint32_t deadbeefcounts[64] = {
236
int main(int argc, char *argv[])
240
struct cli_bc_ctx *ctx;
242
struct optstruct *opts;
243
const struct optstruct *opt;
244
unsigned funcid=0, i;
245
struct cli_all_bc bcs;
249
cl_initialize_crypto();
254
opts = optparse(NULL, argc, argv, 1, OPT_CLAMBC, 0, NULL);
256
fprintf(stderr, "ERROR: Can't parse command line options\n");
259
if(optget(opts, "version")->enabled) {
260
printf("Clam AntiVirus Bytecode Testing Tool %s\n", get_version());
261
cl_init(CL_INIT_DEFAULT);
262
cli_bytecode_printversion();
266
if(optget(opts, "help")->enabled || !opts->filename) {
271
f = fopen(opts->filename[0], "r");
273
fprintf(stderr, "Unable to load %s\n", argv[1]);
278
bc = malloc(sizeof(*bc));
280
fprintf(stderr, "Out of memory\n");
285
if (optget(opts,"debug")->enabled) {
289
rc = cl_init(CL_INIT_DEFAULT);
290
if (rc != CL_SUCCESS) {
291
fprintf(stderr,"Unable to init libclamav: %s\n", cl_strerror(rc));
297
while (opts->filename[dbgargc]) dbgargc++;
300
cli_bytecode_debug(dbgargc, opts->filename);
302
if (optget(opts, "force-interpreter")->enabled) {
305
rc = cli_bytecode_init(&bcs);
306
if (rc != CL_SUCCESS) {
307
fprintf(stderr,"Unable to init bytecode engine: %s\n", cl_strerror(rc));
316
rc = cli_bytecode_load(bc, f, NULL, optget(opts, "trust-bytecode")->enabled,
317
optget(opts, "bytecode-statistics")->enabled);
318
if (rc != CL_SUCCESS) {
319
fprintf(stderr,"Unable to load bytecode: %s\n", cl_strerror(rc));
324
if (bc->state == bc_skip) {
325
fprintf(stderr,"bytecode load skipped\n");
329
printf("[clambc] Bytecode loaded\n");
330
if (optget(opts, "info")->enabled) {
331
cli_bytecode_describe(bc);
332
} else if (optget(opts, "printsrc")->enabled) {
333
print_src(opts->filename[0]);
336
struct cl_engine *engine = cl_engine_new();
338
memset(&cctx, 0, sizeof(cctx));
340
fprintf(stderr,"Unable to create engine\n");
344
rc = cl_engine_compile(engine);
346
fprintf(stderr,"Unable to compile engine: %s\n", cl_strerror(rc));
350
rc = cli_bytecode_prepare2(engine, &bcs, BYTECODE_ENGINE_MASK);
351
if (rc != CL_SUCCESS) {
352
fprintf(stderr,"Unable to prepare bytecode: %s\n", cl_strerror(rc));
357
printf("[clambc] Bytecode prepared\n");
359
ctx = cli_bytecode_context_alloc();
361
fprintf(stderr,"Out of memory\n");
365
cctx.engine = engine;
366
cctx.fmap = cli_calloc(sizeof(fmap_t*), engine->maxreclevel+2);
368
fprintf(stderr,"Out of memory\n");
371
memset(&dbg_state, 0, sizeof(dbg_state));
372
dbg_state.file = "<libclamav>";
375
dbg_state.showline = !optget(opts, "no-trace-showsource")->enabled;
376
tracelevel = optget(opts, "trace")->numarg;
377
cli_bytecode_context_set_trace(ctx, tracelevel,
383
if (opts->filename[1]) {
384
funcid = atoi(opts->filename[1]);
386
cli_bytecode_context_setfuncid(ctx, bc, funcid);
388
printf("[clambc] Running bytecode function :%u\n", funcid);
390
if (opts->filename[1]) {
392
while (opts->filename[i]) {
393
rc = cli_bytecode_context_setparam_int(ctx, i-2, atoi(opts->filename[i]));
394
if (rc != CL_SUCCESS) {
395
fprintf(stderr,"Unable to set param %u: %s\n", i-2, cl_strerror(rc));
401
if ((opt = optget(opts,"input"))->enabled) {
402
fd = open(opt->strarg, O_RDONLY);
404
fprintf(stderr, "Unable to open input file %s: %s\n", opt->strarg, strerror(errno));
408
map = fmap(fd, 0, 0);
410
fprintf(stderr, "Unable to map input file %s\n", opt->strarg);
413
rc = cli_bytecode_context_setfile(ctx, map);
414
if (rc != CL_SUCCESS) {
415
fprintf(stderr, "Unable to set file %s: %s\n", opt->strarg, cl_strerror(rc));
421
ctx->hooks.match_counts = deadbeefcounts;
422
ctx->hooks.match_offsets = deadbeefcounts;
423
rc = cli_bytecode_run(&bcs, bc, ctx);
424
if (rc != CL_SUCCESS) {
425
fprintf(stderr,"Unable to run bytecode: %s\n", cl_strerror(rc));
429
printf("[clambc] Bytecode run finished\n");
430
v = cli_bytecode_context_getresult_int(ctx);
432
printf("[clambc] Bytecode returned: 0x%llx\n", (long long)v);
434
cli_bytecode_context_destroy(ctx);
437
cl_engine_free(engine);
440
cli_bytecode_destroy(bc);
441
cli_bytecode_done(&bcs);
447
printf("[clambc] Exiting\n");