Refactor process memory scanning variants (VirusTotal#776)

Implementation details are placed into separate files and a dummy implementation stub has been added for other platforms.
seonar22 · Oct 30, 2017 · c4cdf42 · c4cdf42
1 parent 9e03c23
commit c4cdf42
Show file tree

Hide file tree

Showing 9 changed files with 662 additions and 463 deletions.
diff --git a/configure.ac b/configure.ac
@@ -28,12 +28,16 @@ case $host_alias in
      i?86-*-mingw*) CFLAGS="$CFLAGS -D__MINGW_USE_VC2005_COMPAT" ;;
 esac
 
+proc_interface=none
 case $host_os in
     darwin*) CFLAGS="$CFLAGS -I/opt/local/include"
              # Starting with Mac OS X 10.11 (El Capitan) the OpenSSL headers
              # are in /usr/local/opt/openssl/include
              CFLAGS="$CFLAGS -I/usr/local/opt/openssl/include"
-             LDFLAGS="$LDFLAGS -L/usr/local/opt/openssl/lib" ;;
+             LDFLAGS="$LDFLAGS -L/usr/local/opt/openssl/lib"
+             proc_interface=mach ;;
+    mingw*) proc_interface=windows ;;
+    linux*|freebsd*|openbsd*) proc_interface=linux ;;
 esac
 
 AC_C_BIGENDIAN
@@ -206,6 +210,11 @@ AM_CONDITIONAL([HASH_MODULE], [test x$build_hash_module = xtrue])
 AM_CONDITIONAL([DOTNET_MODULE], [test x$build_dotnet_module = xtrue])
 AM_CONDITIONAL([GCC], [test "x$GCC" = xyes])
 
+AM_CONDITIONAL([USE_WINDOWS_PROC], [test x$proc_interface = xwindows ])
+AM_CONDITIONAL([USE_LINUX_PROC], [test x$proc_interface = xlinux ])
+AM_CONDITIONAL([USE_MACH_PROC], [test x$proc_interface = xmach ])
+AM_CONDITIONAL([USE_NO_PROC], [test x$proc_interface = xnone ])
+
 AC_SUBST([PC_REQUIRES_PRIVATE])
 AC_SUBST([PC_LIBS_PRIVATE])
 

diff --git a/libyara/Makefile.am b/libyara/Makefile.am
@@ -142,5 +142,18 @@ libyara_la_SOURCES = \
   threading.h \
   utils.h
 
+if USE_WINDOWS_PROC
+libyara_la_SOURCES += proc_windows.c
+endif
+if USE_LINUX_PROC
+libyara_la_SOURCES += proc_linux.c
+endif
+if USE_MACH_PROC
+libyara_la_SOURCES += proc_mach.c
+endif
+if USE_NO_PROC
+libyara_la_SOURCES += proc_none.c
+endif
+
 pkgconfigdir = $(libdir)/pkgconfig
 nodist_pkgconfig_DATA = yara.pc
diff --git a/libyara/include/yara/proc.h b/libyara/include/yara/proc.h
@@ -32,6 +32,13 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #include <yara/types.h>
 
+typedef struct _YR_PROC_ITERATOR_CTX {
+  const uint8_t*  buffer;
+  size_t          buffer_size;
+  YR_MEMORY_BLOCK current_block;
+  void*           proc_info;
+} YR_PROC_ITERATOR_CTX;
+
 YR_API int yr_process_open_iterator(
     int pid,
     YR_MEMORY_BLOCK_ITERATOR* iterator);