/src/yara/libyara/libyara.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | Copyright (c) 2013. The YARA Authors. All Rights Reserved. |
3 | | |
4 | | Redistribution and use in source and binary forms, with or without modification, |
5 | | are permitted provided that the following conditions are met: |
6 | | |
7 | | 1. Redistributions of source code must retain the above copyright notice, this |
8 | | list of conditions and the following disclaimer. |
9 | | |
10 | | 2. Redistributions in binary form must reproduce the above copyright notice, |
11 | | this list of conditions and the following disclaimer in the documentation and/or |
12 | | other materials provided with the distribution. |
13 | | |
14 | | 3. Neither the name of the copyright holder nor the names of its contributors |
15 | | may be used to endorse or promote products derived from this software without |
16 | | specific prior written permission. |
17 | | |
18 | | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
19 | | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
20 | | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
21 | | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR |
22 | | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
23 | | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
24 | | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON |
25 | | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
26 | | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
27 | | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
28 | | */ |
29 | | |
30 | | #if defined(JEMALLOC) |
31 | | #include <jemalloc/jemalloc.h> |
32 | | #endif |
33 | | |
34 | | #include <ctype.h> |
35 | | #include <stdio.h> |
36 | | #include <string.h> |
37 | | #include <yara/error.h> |
38 | | #include <yara/globals.h> |
39 | | #include <yara/mem.h> |
40 | | #include <yara/modules.h> |
41 | | #include <yara/re.h> |
42 | | #include <yara/threading.h> |
43 | | |
44 | | #include "crypto.h" |
45 | | |
46 | | #if defined(_WIN32) || defined(__CYGWIN__) |
47 | | #if !defined(_MSC_VER) || (defined(_MSC_VER) && (_MSC_VER < 1900)) |
48 | | #define snprintf _snprintf |
49 | | #endif |
50 | | #endif |
51 | | |
52 | | YR_THREAD_STORAGE_KEY yr_yyfatal_trampoline_tls; |
53 | | YR_THREAD_STORAGE_KEY yr_trycatch_trampoline_tls; |
54 | | |
55 | | #if !(_WIN32 || __CYGWIN__) |
56 | | |
57 | | #include <pthread.h> |
58 | | #include <signal.h> |
59 | | |
60 | | struct sigaction old_sigsegv_exception_handler; |
61 | | struct sigaction old_sigbus_exception_handler; |
62 | | int exception_handler_usecount = 0; |
63 | | pthread_mutex_t exception_handler_mutex = PTHREAD_MUTEX_INITIALIZER; |
64 | | #endif |
65 | | |
66 | | static int init_count = 0; |
67 | | |
68 | | static struct yr_config_var |
69 | | { |
70 | | union |
71 | | { |
72 | | size_t sz; |
73 | | uint32_t ui32; |
74 | | uint64_t ui64; |
75 | | char *str; |
76 | | }; |
77 | | |
78 | | } yr_cfgs[YR_CONFIG_LAST]; |
79 | | |
80 | | // Global variables. See globals.h for their descriptions. |
81 | | |
82 | | uint8_t yr_lowercase[256]; |
83 | | uint8_t yr_altercase[256]; |
84 | | |
85 | | #if 0 == YR_DEBUG_VERBOSITY |
86 | | |
87 | | #else |
88 | | |
89 | | uint64_t yr_debug_verbosity = YR_DEBUG_VERBOSITY; |
90 | | |
91 | | YR_TLS int yr_debug_indent = 0; |
92 | | |
93 | | YR_TLS int yr_debug_stopwatch_unstarted = 1; |
94 | | |
95 | | YR_TLS YR_STOPWATCH yr_debug_stopwatch; |
96 | | |
97 | | const char yr_debug_spaces[] = " " /* 16 spaces * 1 */ |
98 | | " " /* 16 spaces * 2 */ |
99 | | " " /* 16 spaces * 3 */ |
100 | | " " /* 16 spaces * 4 */ |
101 | | " " /* 16 spaces * 5 */ |
102 | | " " /* 16 spaces * 6 */ |
103 | | " " /* 16 spaces * 7 */ |
104 | | " " /* 16 spaces * 8 */; |
105 | | |
106 | | size_t yr_debug_spaces_len = sizeof(yr_debug_spaces); |
107 | | |
108 | | double yr_debug_get_elapsed_seconds(void) |
109 | | { |
110 | | if (yr_debug_stopwatch_unstarted) |
111 | | { |
112 | | yr_debug_stopwatch_unstarted = 0; |
113 | | yr_stopwatch_start(&yr_debug_stopwatch); |
114 | | } |
115 | | |
116 | | uint64_t elapsed_ns = yr_stopwatch_elapsed_ns(&yr_debug_stopwatch); |
117 | | |
118 | | double seconds = (double) elapsed_ns / 1000000000; |
119 | | |
120 | | return seconds; |
121 | | } |
122 | | |
123 | | char *yr_debug_callback_message_as_string(int message) |
124 | | { |
125 | | char *s = "CALLBACK_MSG_?"; |
126 | | switch (message) |
127 | | { // clang-format off |
128 | | case CALLBACK_MSG_RULE_MATCHING : s = "CALLBACK_MSG_RULE_MATCHING" ; break; |
129 | | case CALLBACK_MSG_RULE_NOT_MATCHING: s = "CALLBACK_MSG_RULE_NOT_MATCHING"; break; |
130 | | case CALLBACK_MSG_SCAN_FINISHED : s = "CALLBACK_MSG_SCAN_FINISHED" ; break; |
131 | | case CALLBACK_MSG_IMPORT_MODULE : s = "CALLBACK_MSG_IMPORT_MODULE" ; break; |
132 | | case CALLBACK_MSG_MODULE_IMPORTED : s = "CALLBACK_MSG_MODULE_IMPORTED" ; break; |
133 | | } // clang-format on |
134 | | return s; |
135 | | } |
136 | | |
137 | | char *yr_debug_error_as_string(int error) |
138 | | { |
139 | | char *s = "ERROR_?"; |
140 | | switch (error) |
141 | | { // clang-format off |
142 | | case ERROR_SUCCESS : s = "ERROR_SUCCESS 0" ; break; |
143 | | case ERROR_INSUFFICIENT_MEMORY : s = "ERROR_INSUFFICIENT_MEMORY" ; break; |
144 | | case ERROR_COULD_NOT_ATTACH_TO_PROCESS : s = "ERROR_COULD_NOT_ATTACH_TO_PROCESS" ; break; |
145 | | case ERROR_COULD_NOT_OPEN_FILE : s = "ERROR_COULD_NOT_OPEN_FILE" ; break; |
146 | | case ERROR_COULD_NOT_MAP_FILE : s = "ERROR_COULD_NOT_MAP_FILE" ; break; |
147 | | case ERROR_INVALID_FILE : s = "ERROR_INVALID_FILE" ; break; |
148 | | case ERROR_CORRUPT_FILE : s = "ERROR_CORRUPT_FILE" ; break; |
149 | | case ERROR_UNSUPPORTED_FILE_VERSION : s = "ERROR_UNSUPPORTED_FILE_VERSION" ; break; |
150 | | case ERROR_INVALID_REGULAR_EXPRESSION : s = "ERROR_INVALID_REGULAR_EXPRESSION" ; break; |
151 | | case ERROR_INVALID_HEX_STRING : s = "ERROR_INVALID_HEX_STRING" ; break; |
152 | | case ERROR_SYNTAX_ERROR : s = "ERROR_SYNTAX_ERROR" ; break; |
153 | | case ERROR_LOOP_NESTING_LIMIT_EXCEEDED : s = "ERROR_LOOP_NESTING_LIMIT_EXCEEDED" ; break; |
154 | | case ERROR_DUPLICATED_LOOP_IDENTIFIER : s = "ERROR_DUPLICATED_LOOP_IDENTIFIER" ; break; |
155 | | case ERROR_DUPLICATED_IDENTIFIER : s = "ERROR_DUPLICATED_IDENTIFIER" ; break; |
156 | | case ERROR_DUPLICATED_TAG_IDENTIFIER : s = "ERROR_DUPLICATED_TAG_IDENTIFIER" ; break; |
157 | | case ERROR_DUPLICATED_META_IDENTIFIER : s = "ERROR_DUPLICATED_META_IDENTIFIER" ; break; |
158 | | case ERROR_DUPLICATED_STRING_IDENTIFIER : s = "ERROR_DUPLICATED_STRING_IDENTIFIER" ; break; |
159 | | case ERROR_UNREFERENCED_STRING : s = "ERROR_UNREFERENCED_STRING" ; break; |
160 | | case ERROR_UNDEFINED_STRING : s = "ERROR_UNDEFINED_STRING" ; break; |
161 | | case ERROR_UNDEFINED_IDENTIFIER : s = "ERROR_UNDEFINED_IDENTIFIER" ; break; |
162 | | case ERROR_MISPLACED_ANONYMOUS_STRING : s = "ERROR_MISPLACED_ANONYMOUS_STRING" ; break; |
163 | | case ERROR_INCLUDES_CIRCULAR_REFERENCE : s = "ERROR_INCLUDES_CIRCULAR_REFERENCE" ; break; |
164 | | case ERROR_INCLUDE_DEPTH_EXCEEDED : s = "ERROR_INCLUDE_DEPTH_EXCEEDED" ; break; |
165 | | case ERROR_WRONG_TYPE : s = "ERROR_WRONG_TYPE" ; break; |
166 | | case ERROR_EXEC_STACK_OVERFLOW : s = "ERROR_EXEC_STACK_OVERFLOW" ; break; |
167 | | case ERROR_SCAN_TIMEOUT : s = "ERROR_SCAN_TIMEOUT" ; break; |
168 | | case ERROR_CALLBACK_ERROR : s = "ERROR_CALLBACK_ERROR" ; break; |
169 | | case ERROR_INVALID_ARGUMENT : s = "ERROR_INVALID_ARGUMENT" ; break; |
170 | | case ERROR_TOO_MANY_MATCHES : s = "ERROR_TOO_MANY_MATCHES" ; break; |
171 | | case ERROR_INTERNAL_FATAL_ERROR : s = "ERROR_INTERNAL_FATAL_ERROR" ; break; |
172 | | case ERROR_NESTED_FOR_OF_LOOP : s = "ERROR_NESTED_FOR_OF_LOOP" ; break; |
173 | | case ERROR_INVALID_FIELD_NAME : s = "ERROR_INVALID_FIELD_NAME" ; break; |
174 | | case ERROR_UNKNOWN_MODULE : s = "ERROR_UNKNOWN_MODULE" ; break; |
175 | | case ERROR_NOT_A_STRUCTURE : s = "ERROR_NOT_A_STRUCTURE" ; break; |
176 | | case ERROR_NOT_INDEXABLE : s = "ERROR_NOT_INDEXABLE" ; break; |
177 | | case ERROR_NOT_A_FUNCTION : s = "ERROR_NOT_A_FUNCTION" ; break; |
178 | | case ERROR_INVALID_FORMAT : s = "ERROR_INVALID_FORMAT" ; break; |
179 | | case ERROR_TOO_MANY_ARGUMENTS : s = "ERROR_TOO_MANY_ARGUMENTS" ; break; |
180 | | case ERROR_WRONG_ARGUMENTS : s = "ERROR_WRONG_ARGUMENTS" ; break; |
181 | | case ERROR_WRONG_RETURN_TYPE : s = "ERROR_WRONG_RETURN_TYPE" ; break; |
182 | | case ERROR_DUPLICATED_STRUCTURE_MEMBER : s = "ERROR_DUPLICATED_STRUCTURE_MEMBER" ; break; |
183 | | case ERROR_EMPTY_STRING : s = "ERROR_EMPTY_STRING" ; break; |
184 | | case ERROR_DIVISION_BY_ZERO : s = "ERROR_DIVISION_BY_ZERO" ; break; |
185 | | case ERROR_REGULAR_EXPRESSION_TOO_LARGE : s = "ERROR_REGULAR_EXPRESSION_TOO_LARGE" ; break; |
186 | | case ERROR_TOO_MANY_RE_FIBERS : s = "ERROR_TOO_MANY_RE_FIBERS" ; break; |
187 | | case ERROR_COULD_NOT_READ_PROCESS_MEMORY : s = "ERROR_COULD_NOT_READ_PROCESS_MEMORY" ; break; |
188 | | case ERROR_INVALID_EXTERNAL_VARIABLE_TYPE: s = "ERROR_INVALID_EXTERNAL_VARIABLE_TYPE"; break; |
189 | | case ERROR_REGULAR_EXPRESSION_TOO_COMPLEX: s = "ERROR_REGULAR_EXPRESSION_TOO_COMPLEX"; break; |
190 | | case ERROR_INVALID_MODULE_NAME : s = "ERROR_INVALID_MODULE_NAME" ; break; |
191 | | case ERROR_TOO_MANY_STRINGS : s = "ERROR_TOO_MANY_STRINGS" ; break; |
192 | | case ERROR_INTEGER_OVERFLOW : s = "ERROR_INTEGER_OVERFLOW" ; break; |
193 | | case ERROR_CALLBACK_REQUIRED : s = "ERROR_CALLBACK_REQUIRED" ; break; |
194 | | case ERROR_INVALID_OPERAND : s = "ERROR_INVALID_OPERAND" ; break; |
195 | | case ERROR_COULD_NOT_READ_FILE : s = "ERROR_COULD_NOT_READ_FILE" ; break; |
196 | | case ERROR_DUPLICATED_EXTERNAL_VARIABLE : s = "ERROR_DUPLICATED_EXTERNAL_VARIABLE" ; break; |
197 | | case ERROR_INVALID_MODULE_DATA : s = "ERROR_INVALID_MODULE_DATA" ; break; |
198 | | case ERROR_WRITING_FILE : s = "ERROR_WRITING_FILE" ; break; |
199 | | case ERROR_INVALID_MODIFIER : s = "ERROR_INVALID_MODIFIER" ; break; |
200 | | case ERROR_DUPLICATED_MODIFIER : s = "ERROR_DUPLICATED_MODIFIER" ; break; |
201 | | case ERROR_BLOCK_NOT_READY : s = "ERROR_BLOCK_NOT_READY" ; break; |
202 | | } // clang-format on |
203 | | return s; |
204 | | } |
205 | | |
206 | | #endif |
207 | | |
208 | | #if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER < 0x10100000L |
209 | | |
210 | | // The OpenSSL library before version 1.1 requires some locks in order |
211 | | // to be thread-safe. These locks are initialized in yr_initialize |
212 | | // function. |
213 | | |
214 | | static YR_MUTEX *openssl_locks; |
215 | | |
216 | | static void _thread_id(CRYPTO_THREADID *id) |
217 | | { |
218 | | CRYPTO_THREADID_set_numeric(id, (unsigned long) yr_current_thread_id()); |
219 | | } |
220 | | |
221 | | static void _locking_function(int mode, int n, const char *file, int line) |
222 | | { |
223 | | if (mode & CRYPTO_LOCK) |
224 | | yr_mutex_lock(&openssl_locks[n]); |
225 | | else |
226 | | yr_mutex_unlock(&openssl_locks[n]); |
227 | | } |
228 | | |
229 | | #endif |
230 | | |
231 | | #if defined(HAVE_WINCRYPT_H) |
232 | | |
233 | | HCRYPTPROV yr_cryptprov; |
234 | | |
235 | | #endif |
236 | | |
237 | | //////////////////////////////////////////////////////////////////////////////// |
238 | | // Should be called by main thread before using any other |
239 | | // function from libyara. |
240 | | // |
241 | | YR_API int yr_initialize(void) |
242 | 2 | { |
243 | 2 | YR_DEBUG_FPRINTF(2, stderr, "+ %s() {\n", __FUNCTION__); |
244 | | |
245 | 2 | uint32_t def_stack_size = DEFAULT_STACK_SIZE; |
246 | 2 | uint32_t def_max_strings_per_rule = DEFAULT_MAX_STRINGS_PER_RULE; |
247 | 2 | uint32_t def_max_match_data = DEFAULT_MAX_MATCH_DATA; |
248 | 2 | uint64_t def_max_process_memory_chunk = DEFAULT_MAX_PROCESS_MEMORY_CHUNK; |
249 | | |
250 | 2 | init_count++; |
251 | | |
252 | 2 | if (init_count > 1) |
253 | 0 | return ERROR_SUCCESS; |
254 | | |
255 | | // Initialize random number generator, as it is used for generating object |
256 | | // canaries. |
257 | 2 | srand((unsigned) time(NULL)); |
258 | | |
259 | 514 | for (int i = 0; i < 256; i++) |
260 | 512 | { |
261 | 512 | if (i >= 'a' && i <= 'z') |
262 | 52 | yr_altercase[i] = i - 32; |
263 | 460 | else if (i >= 'A' && i <= 'Z') |
264 | 52 | yr_altercase[i] = i + 32; |
265 | 408 | else |
266 | 408 | yr_altercase[i] = i; |
267 | | |
268 | 512 | yr_lowercase[i] = tolower(i); |
269 | 512 | } |
270 | | |
271 | 2 | FAIL_ON_ERROR(yr_heap_alloc()); |
272 | 2 | FAIL_ON_ERROR(yr_thread_storage_create(&yr_yyfatal_trampoline_tls)); |
273 | 2 | FAIL_ON_ERROR(yr_thread_storage_create(&yr_trycatch_trampoline_tls)); |
274 | | |
275 | | #if defined HAVE_LIBCRYPTO && OPENSSL_VERSION_NUMBER < 0x10100000L |
276 | | |
277 | | openssl_locks = (YR_MUTEX *) OPENSSL_malloc( |
278 | | CRYPTO_num_locks() * sizeof(YR_MUTEX)); |
279 | | |
280 | | for (int i = 0; i < CRYPTO_num_locks(); i++) |
281 | | yr_mutex_create(&openssl_locks[i]); |
282 | | |
283 | | CRYPTO_THREADID_set_callback(_thread_id); |
284 | | CRYPTO_set_locking_callback(_locking_function); |
285 | | |
286 | | #elif defined(HAVE_WINCRYPT_H) |
287 | | |
288 | | if (!CryptAcquireContext( |
289 | | &yr_cryptprov, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) |
290 | | { |
291 | | return ERROR_INTERNAL_FATAL_ERROR; |
292 | | } |
293 | | |
294 | | #elif defined(HAVE_COMMON_CRYPTO) |
295 | | |
296 | | ... |
297 | | |
298 | | #endif |
299 | | |
300 | 2 | FAIL_ON_ERROR(yr_modules_initialize()); |
301 | | |
302 | | // Initialize default configuration options |
303 | | |
304 | 2 | FAIL_ON_ERROR(yr_set_configuration(YR_CONFIG_STACK_SIZE, &def_stack_size)); |
305 | | |
306 | 2 | FAIL_ON_ERROR(yr_set_configuration( |
307 | 2 | YR_CONFIG_MAX_STRINGS_PER_RULE, &def_max_strings_per_rule)); |
308 | | |
309 | 2 | FAIL_ON_ERROR(yr_set_configuration( |
310 | 2 | YR_CONFIG_MAX_PROCESS_MEMORY_CHUNK, &def_max_process_memory_chunk)); |
311 | | |
312 | 2 | FAIL_ON_ERROR( |
313 | 2 | yr_set_configuration(YR_CONFIG_MAX_MATCH_DATA, &def_max_match_data)); |
314 | | |
315 | 2 | YR_DEBUG_FPRINTF(2, stderr, "} // %s()\n", __FUNCTION__); |
316 | | |
317 | 2 | return ERROR_SUCCESS; |
318 | 2 | } |
319 | | |
320 | | //////////////////////////////////////////////////////////////////////////////// |
321 | | // Should be called by main thread before exiting. |
322 | | // |
323 | | YR_API int yr_finalize(void) |
324 | 0 | { |
325 | 0 | YR_DEBUG_FPRINTF(2, stderr, "+ %s() {\n", __FUNCTION__); |
326 | |
|
327 | | #if defined HAVE_LIBCRYPTO && OPENSSL_VERSION_NUMBER < 0x10100000L |
328 | | int i; |
329 | | #endif |
330 | | |
331 | | // yr_finalize shouldn't be called without calling yr_initialize first |
332 | |
|
333 | 0 | if (init_count == 0) |
334 | 0 | return ERROR_INTERNAL_FATAL_ERROR; |
335 | | |
336 | 0 | init_count--; |
337 | |
|
338 | 0 | if (init_count > 0) |
339 | 0 | return ERROR_SUCCESS; |
340 | | |
341 | | #if defined HAVE_LIBCRYPTO && OPENSSL_VERSION_NUMBER < 0x10100000L |
342 | | |
343 | | for (i = 0; i < CRYPTO_num_locks(); i++) yr_mutex_destroy(&openssl_locks[i]); |
344 | | |
345 | | OPENSSL_free(openssl_locks); |
346 | | CRYPTO_THREADID_set_callback(NULL); |
347 | | CRYPTO_set_locking_callback(NULL); |
348 | | |
349 | | #elif defined(HAVE_WINCRYPT_H) |
350 | | |
351 | | CryptReleaseContext(yr_cryptprov, 0); |
352 | | |
353 | | #endif |
354 | | |
355 | 0 | FAIL_ON_ERROR(yr_thread_storage_destroy(&yr_yyfatal_trampoline_tls)); |
356 | 0 | FAIL_ON_ERROR(yr_thread_storage_destroy(&yr_trycatch_trampoline_tls)); |
357 | 0 | FAIL_ON_ERROR(yr_modules_finalize()); |
358 | 0 | FAIL_ON_ERROR(yr_heap_free()); |
359 | |
|
360 | | #if defined(JEMALLOC) |
361 | | malloc_stats_print(NULL, NULL, NULL); |
362 | | mallctl("prof.dump", NULL, NULL, NULL, 0); |
363 | | #endif |
364 | |
|
365 | 0 | YR_DEBUG_FPRINTF(2, stderr, "} // %s()\n", __FUNCTION__); |
366 | |
|
367 | 0 | return ERROR_SUCCESS; |
368 | 0 | } |
369 | | |
370 | | //////////////////////////////////////////////////////////////////////////////// |
371 | | // Set a configuration option. |
372 | | // |
373 | | // This function receives a configuration name, as defined by the YR_CONFIG_NAME |
374 | | // enum, and a pointer to the value being set. The type of the value depends on |
375 | | // the configuration name. |
376 | | // |
377 | | // The caller must ensure that the pointer passed to the function is the correct |
378 | | // type. Using yr_set_configuration_uintXX is preferred, as those functions will |
379 | | // perform the necessary type checking. |
380 | | // |
381 | | // Args: |
382 | | // name: Any of the values defined by the YR_CONFIG_NAME enum. Possible values |
383 | | // are: |
384 | | // YR_CONFIG_STACK_SIZE data type: uint32_t |
385 | | // YR_CONFIG_MAX_STRINGS_PER_RULE data type: uint32_t |
386 | | // YR_CONFIG_MAX_MATCH_DATA data type: uint32_t |
387 | | // YR_CONFIG_MAX_PROCESS_MEMORY_CHUNK data type: uint64_t |
388 | | // |
389 | | // src: Pointer to the value being set for the option. |
390 | | // |
391 | | // Returns: |
392 | | // ERROR_SUCCESS |
393 | | // ERROR_INVALID_ARGUMENT |
394 | | // |
395 | | YR_API int yr_set_configuration(YR_CONFIG_NAME name, void *src) |
396 | 8 | { |
397 | 8 | if (src == NULL) |
398 | 0 | return ERROR_INTERNAL_FATAL_ERROR; |
399 | | |
400 | 8 | switch (name) |
401 | 8 | { // lump all the cases using same types together in one cascade |
402 | 2 | case YR_CONFIG_STACK_SIZE: |
403 | 4 | case YR_CONFIG_MAX_STRINGS_PER_RULE: |
404 | 6 | case YR_CONFIG_MAX_MATCH_DATA: |
405 | 6 | yr_cfgs[name].ui32 = *(uint32_t *) src; |
406 | 6 | break; |
407 | | |
408 | 2 | case YR_CONFIG_MAX_PROCESS_MEMORY_CHUNK: |
409 | 2 | yr_cfgs[name].ui64 = *(uint64_t *) src; |
410 | 2 | break; |
411 | | |
412 | 0 | default: |
413 | 0 | return ERROR_INTERNAL_FATAL_ERROR; |
414 | 8 | } |
415 | | |
416 | 8 | return ERROR_SUCCESS; |
417 | 8 | } |
418 | | |
419 | | //////////////////////////////////////////////////////////////////////////////// |
420 | | // Set a configuration option. |
421 | | // |
422 | | // This function receives a configuration name, as defined by the YR_CONFIG_NAME |
423 | | // and a value for the configuration being set. Only configuration names with |
424 | | // type uint32_t will be accepted, if not ERROR_INVALID_ARGUMENT will be |
425 | | // returned. |
426 | | // |
427 | | // Returns: |
428 | | // ERROR_SUCCESS |
429 | | // ERROR_INVALID_ARGUMENT |
430 | | // |
431 | | YR_API int yr_set_configuration_uint32(YR_CONFIG_NAME name, uint32_t value) |
432 | 0 | { |
433 | 0 | switch (name) |
434 | 0 | { |
435 | | // Accept only the configuration options that are of type uint32_t. |
436 | 0 | case YR_CONFIG_STACK_SIZE: |
437 | 0 | case YR_CONFIG_MAX_STRINGS_PER_RULE: |
438 | 0 | case YR_CONFIG_MAX_MATCH_DATA: |
439 | 0 | return yr_set_configuration(name, &value); |
440 | 0 | default: |
441 | 0 | return ERROR_INVALID_ARGUMENT; |
442 | 0 | } |
443 | 0 | } |
444 | | |
445 | | //////////////////////////////////////////////////////////////////////////////// |
446 | | // Set a configuration option. |
447 | | // |
448 | | // See yr_set_configuration_uint32 for more details. |
449 | | // |
450 | | YR_API int yr_set_configuration_uint64(YR_CONFIG_NAME name, uint64_t value) |
451 | 0 | { |
452 | 0 | switch (name) |
453 | 0 | { |
454 | 0 | case YR_CONFIG_MAX_PROCESS_MEMORY_CHUNK: |
455 | 0 | return yr_set_configuration(name, &value); |
456 | 0 | default: |
457 | 0 | return ERROR_INVALID_ARGUMENT; |
458 | 0 | } |
459 | 0 | } |
460 | | |
461 | | //////////////////////////////////////////////////////////////////////////////// |
462 | | // Get a configuration option. |
463 | | // |
464 | | // This function receives a configuration name, as defined by the YR_CONFIG_NAME |
465 | | // enum, and a pointer to the variable that will receive the value for that |
466 | | // option. The type of the value depends on the configuration name. |
467 | | // |
468 | | // The caller must ensure that the pointer passed to the function is the correct |
469 | | // type. Using yr_get_configuration_uintXX is preferred. |
470 | | // |
471 | | // Args: |
472 | | // name: Any of the values defined by the YR_CONFIG_NAME enum. Possible values |
473 | | // are: |
474 | | // YR_CONFIG_STACK_SIZE data type: uint32_t |
475 | | // YR_CONFIG_MAX_STRINGS_PER_RULE data type: uint32_t |
476 | | // YR_CONFIG_MAX_MATCH_DATA data type: uint32_t |
477 | | // YR_CONFIG_MAX_PROCESS_MEMORY_CHUNK data type: uint64_t |
478 | | // |
479 | | // dest: Pointer to a variable that will receive the value for the option. |
480 | | // |
481 | | // Returns: |
482 | | // ERROR_SUCCESS |
483 | | // ERROR_INVALID_ARGUMENT |
484 | | // |
485 | | YR_API int yr_get_configuration(YR_CONFIG_NAME name, void *dest) |
486 | 679 | { |
487 | 679 | if (dest == NULL) |
488 | 0 | return ERROR_INVALID_ARGUMENT; |
489 | | |
490 | 679 | switch (name) |
491 | 679 | { // lump all the cases using same types together in one cascade |
492 | 0 | case YR_CONFIG_STACK_SIZE: |
493 | 679 | case YR_CONFIG_MAX_STRINGS_PER_RULE: |
494 | 679 | case YR_CONFIG_MAX_MATCH_DATA: |
495 | 679 | *(uint32_t *) dest = yr_cfgs[name].ui32; |
496 | 679 | break; |
497 | | |
498 | 0 | case YR_CONFIG_MAX_PROCESS_MEMORY_CHUNK: |
499 | 0 | *(uint64_t *) dest = yr_cfgs[name].ui64; |
500 | 0 | break; |
501 | | |
502 | 0 | default: |
503 | 0 | return ERROR_INVALID_ARGUMENT; |
504 | 679 | } |
505 | | |
506 | 679 | return ERROR_SUCCESS; |
507 | 679 | } |
508 | | |
509 | | //////////////////////////////////////////////////////////////////////////////// |
510 | | // Get a configuration option. |
511 | | // |
512 | | // This function receives a configuration name, as defined by the YR_CONFIG_NAME |
513 | | // and a value for the configuration being set. Only configuration names with |
514 | | // type uint32_t will be accepted, if not ERROR_INVALID_ARGUMENT will be |
515 | | // returned. |
516 | | // |
517 | | // Returns: |
518 | | // ERROR_SUCCESS |
519 | | // ERROR_INVALID_ARGUMENT |
520 | | // |
521 | | YR_API int yr_get_configuration_uint32(YR_CONFIG_NAME name, uint32_t *dest) |
522 | 679 | { |
523 | 679 | switch (name) |
524 | 679 | { |
525 | | // Accept only the configuration options that are of type uint32_t. |
526 | 0 | case YR_CONFIG_STACK_SIZE: |
527 | 679 | case YR_CONFIG_MAX_STRINGS_PER_RULE: |
528 | 679 | case YR_CONFIG_MAX_MATCH_DATA: |
529 | 679 | return yr_get_configuration(name, (void *) dest); |
530 | 0 | default: |
531 | 0 | return ERROR_INVALID_ARGUMENT; |
532 | 679 | } |
533 | 679 | } |
534 | | |
535 | | //////////////////////////////////////////////////////////////////////////////// |
536 | | // Get a configuration option. |
537 | | // |
538 | | // See yr_get_configuration_uint64 for more details. |
539 | | // |
540 | | YR_API int yr_get_configuration_uint64(YR_CONFIG_NAME name, uint64_t *value) |
541 | 0 | { |
542 | 0 | switch (name) |
543 | 0 | { |
544 | 0 | case YR_CONFIG_MAX_PROCESS_MEMORY_CHUNK: |
545 | 0 | return yr_get_configuration(name, (void *) value); |
546 | 0 | default: |
547 | 0 | return ERROR_INVALID_ARGUMENT; |
548 | 0 | } |
549 | 0 | } |