Go to the source code of this file.
Data Structures | |
struct | DIS_mem_arg |
struct | DIS_arg |
struct | DIS_fixed |
Macros | |
#define | VIRUSNAME_PREFIX(name) const char __clambc_virusname_prefix[] = name; |
#define | VIRUSNAMES(...) const char *const __clambc_virusnames[] = {__VA_ARGS__}; |
#define | PE_UNPACKER_DECLARE const uint16_t __clambc_kind = BC_PE_UNPACKER; |
#define | PDF_HOOK_DECLARE const uint16_t __clambc_kind = BC_PDF; |
#define | BYTECODE_ABORT_HOOK 0xcea5e |
#define | PE_HOOK_DECLARE const uint16_t __clambc_kind = BC_PE_ALL; |
#define | SIGNATURES_DECL_BEGIN struct __Signatures { |
#define | DECLARE_SIGNATURE(name) |
#define | SIGNATURES_DECL_END }; |
#define | TARGET(tgt) const unsigned short __Target = (tgt); |
#define | COPYRIGHT(c) const char *const __Copyright = (c); |
#define | ICONGROUP1(group) const char *const __IconGroup1 = (group); |
#define | ICONGROUP2(group) const char *const __IconGroup2 = (group); |
#define | FUNCTIONALITY_LEVEL_MIN(m) const unsigned short __FuncMin = (m); |
#define | FUNCTIONALITY_LEVEL_MAX(m) const unsigned short __FuncMax = (m); |
#define | SIGNATURES_DEF_BEGIN |
#define | SIGNATURES_END }; |
#define | SIGNATURES_DEF_END }; |
Functions | |
static force_inline void overloadable_func | debug (const char *str) |
static force_inline void overloadable_func | debug (const uint8_t *str) |
static force_inline void overloadable_func | debug (uint32_t a) |
void | debug (...) __attribute__((overloadable |
static force_inline uint32_t | count_match (__Signature sig) |
static force_inline uint32_t | matches (__Signature sig) |
static force_inline uint32_t | match_location (__Signature sig, uint32_t goback) |
static force_inline int32_t | match_location_check (__Signature sig, uint32_t goback, const char *static_start, uint32_t static_len) |
static force_inline overloadable_func void | foundVirus (const char *virusname) |
static force_inline void overloadable_func | foundVirus (void) |
static force_inline uint32_t | getFilesize (void) |
bool | __is_bigendian (void) __attribute__((const )) __attribute__((nothrow)) |
static uint32_t force_inline | le32_to_host (uint32_t v) |
static uint32_t force_inline | be32_to_host (uint32_t v) |
static uint64_t force_inline | le64_to_host (uint64_t v) |
static uint64_t force_inline | be64_to_host (uint64_t v) |
static uint16_t force_inline | le16_to_host (uint16_t v) |
static uint16_t force_inline | be16_to_host (uint16_t v) |
static uint32_t force_inline | cli_readint32 (const void *buff) |
static uint16_t force_inline | cli_readint16 (const void *buff) |
static void force_inline | cli_writeint32 (void *offset, uint32_t v) |
static force_inline bool | hasExeInfo (void) |
static force_inline bool | hasPEInfo (void) |
static force_inline bool | isPE64 (void) |
static force_inline uint8_t | getPEMajorLinkerVersion (void) |
static force_inline uint8_t | getPEMinorLinkerVersion (void) |
static force_inline uint32_t | getPESizeOfCode (void) |
static force_inline uint32_t | getPESizeOfInitializedData (void) |
static force_inline uint32_t | getPESizeOfUninitializedData (void) |
static force_inline uint32_t | getPEBaseOfCode (void) |
static force_inline uint32_t | getPEBaseOfData (void) |
static force_inline uint64_t | getPEImageBase (void) |
static force_inline uint32_t | getPESectionAlignment (void) |
static force_inline uint32_t | getPEFileAlignment (void) |
static force_inline uint16_t | getPEMajorOperatingSystemVersion (void) |
static force_inline uint16_t | getPEMinorOperatingSystemVersion (void) |
static force_inline uint16_t | getPEMajorImageVersion (void) |
static force_inline uint16_t | getPEMinorImageVersion (void) |
static force_inline uint16_t | getPEMajorSubsystemVersion (void) |
static force_inline uint16_t | getPEMinorSubsystemVersion (void) |
static force_inline uint32_t | getPEWin32VersionValue (void) |
static force_inline uint32_t | getPESizeOfImage (void) |
static force_inline uint32_t | getPESizeOfHeaders (void) |
static force_inline uint32_t | getPECheckSum (void) |
static force_inline uint16_t | getPESubsystem (void) |
static force_inline uint16_t | getPEDllCharacteristics (void) |
static force_inline uint32_t | getPESizeOfStackReserve (void) |
static force_inline uint32_t | getPESizeOfStackCommit (void) |
static force_inline uint32_t | getPESizeOfHeapReserve (void) |
static force_inline uint32_t | getPESizeOfHeapCommit (void) |
static force_inline uint32_t | getPELoaderFlags (void) |
static force_inline uint16_t | getPEMachine () |
static force_inline uint32_t | getPETimeDateStamp () |
static force_inline uint32_t | getPEPointerToSymbolTable () |
static force_inline uint32_t | getPENumberOfSymbols () |
static force_inline uint16_t | getPESizeOfOptionalHeader () |
static force_inline uint16_t | getPECharacteristics () |
static force_inline bool | getPEisDLL () |
static force_inline uint32_t | getPEDataDirRVA (unsigned n) |
static force_inline uint32_t | getPEDataDirSize (unsigned n) |
static force_inline uint16_t | getNumberOfSections (void) |
static uint32_t | getPELFANew (void) |
static force_inline int | readPESectionName (unsigned char name[8], unsigned n) |
static force_inline uint32_t | getEntryPoint (void) |
static force_inline uint32_t | getExeOffset (void) |
static force_inline uint32_t | getImageBase (void) |
static uint32_t | getVirtualEntryPoint (void) |
static uint32_t | getSectionRVA (unsigned i) |
static uint32_t | getSectionVirtualSize (unsigned i) |
static force_inline bool | readRVA (uint32_t rva, void *buf, size_t bufsize) |
static force_inline void * | memchr (const void *s, int c, size_t n) |
void * | memset (void *src, int c, uintptr_t n) __attribute__((nothrow)) __attribute__((__nonnull__((1)))) |
void * | memmove (void *dst, const void *src, uintptr_t n) __attribute__((__nothrow__)) __attribute__((__nonnull__(1 |
void void * | memcpy (void *restrict dst, const void *restrict src, uintptr_t n) __attribute__((__nothrow__)) __attribute__((__nonnull__(1 |
void void int | memcmp (const void *s1, const void *s2, uint32_t n) __attribute__((__nothrow__)) __attribute__((__pure__)) __attribute__((__nonnull__(1 |
static force_inline uint32_t | DisassembleAt (struct DIS_fixed *result, uint32_t offset, uint32_t len) |
static int32_t | ilog2_compat (uint32_t a, uint32_t b) |
#define BYTECODE_ABORT_HOOK 0xcea5e |
entrypoint() return code that tells hook invoker that it should skip executing, probably because it'd trigger a bug in it
#define SIGNATURES_END }; |
Old macro used to mark the end of the subsignature pattern definitions.
|
static |
Like foundVirus() but just use the prefix as virusname
|
inlinestatic |
ilog2_compat for 0.96 compatibility, you should use ilog2() 0.96.1 API instead of this one!
a | input |
b | input |