bytecode_local.h File Reference

Go to the source code of this file.

Data Structures

struct  DIS_mem_arg
struct  DIS_arg
struct  DIS_fixed

Defines

#define VIRUSNAME_PREFIX(name)   const char __clambc_virusname_prefix[] = name;
#define VIRUSNAMES(...)   const char *const __clambc_virusnames[] = {__VA_ARGS__};
#define PE_UNPACKER_DECLARE   const uint16_t __clambc_kind = BC_PE_UNPACKER;
#define PDF_HOOK_DECLARE   const uint16_t __clambc_kind = BC_PDF;
#define BYTECODE_ABORT_HOOK   0xcea5e
#define PE_HOOK_DECLARE   const uint16_t __clambc_kind = BC_PE_ALL;
#define SIGNATURES_DECL_BEGIN   struct __Signatures {
#define DECLARE_SIGNATURE(name)
#define SIGNATURES_DECL_END   };
#define TARGET(tgt)   const unsigned short __Target = (tgt);
#define COPYRIGHT(c)   const char *const __Copyright = (c);
#define ICONGROUP1(group)   const char *const __IconGroup1 = (group);
#define ICONGROUP2(group)   const char *const __IconGroup2 = (group);
#define FUNCTIONALITY_LEVEL_MIN(m)   const unsigned short __FuncMin = (m);
#define FUNCTIONALITY_LEVEL_MAX(m)   const unsigned short __FuncMax = (m);
#define SIGNATURES_DEF_BEGIN
#define DEFINE_SIGNATURE(name, hex)
#define SIGNATURES_END   };\

Functions

static force_inline void
overloadable_func 
debug (const char *str)
static force_inline void
overloadable_func 
debug (const uint8_t *str)
static force_inline void
overloadable_func 
debug (uint32_t a)
void debug (...) __attribute__((overloadable
static force_inline uint32_t count_match (__Signature sig)
static force_inline uint32_t matches (__Signature sig)
static force_inline uint32_t match_location (__Signature sig, uint32_t goback)
static force_inline int32_t match_location_check (__Signature sig, uint32_t goback, const char *static_start, uint32_t static_len)
static force_inline
overloadable_func void 
foundVirus (const char *virusname)
static force_inline void
overloadable_func 
foundVirus (void)
static force_inline uint32_t getFilesize (void)
bool __is_bigendian (void) __attribute__((const )) __attribute__((nothrow))
static uint32_t force_inline le32_to_host (uint32_t v)
static uint64_t force_inline le64_to_host (uint64_t v)
static uint16_t force_inline le16_to_host (uint16_t v)
static uint32_t force_inline cli_readint32 (const void *buff)
static uint16_t force_inline cli_readint16 (const void *buff)
static void force_inline cli_writeint32 (void *offset, uint32_t v)
static force_inline bool hasExeInfo (void)
static force_inline bool hasPEInfo (void)
static force_inline bool isPE64 (void)
static static force_inline
force_inline uint8_t 
getPEMajorLinkerVersion (void)
static force_inline uint8_t getPEMinorLinkerVersion (void)
static force_inline uint32_t getPESizeOfCode (void)
static force_inline uint32_t getPESizeOfInitializedData (void)
static force_inline uint32_t getPESizeOfUninitializedData (void)
static force_inline uint32_t getPEBaseOfCode (void)
static force_inline uint32_t getPEBaseOfData (void)
static force_inline uint64_t getPEImageBase (void)
static force_inline uint32_t getPESectionAlignment (void)
static force_inline uint32_t getPEFileAlignment (void)
static force_inline uint16_t getPEMajorOperatingSystemVersion (void)
static force_inline uint16_t getPEMinorOperatingSystemVersion (void)
static force_inline uint16_t getPEMajorImageVersion (void)
static force_inline uint16_t getPEMinorImageVersion (void)
static force_inline uint16_t getPEMajorSubsystemVersion (void)
static force_inline uint16_t getPEMinorSubsystemVersion (void)
static force_inline uint32_t getPEWin32VersionValue (void)
static force_inline uint32_t getPESizeOfImage (void)
static force_inline uint32_t getPESizeOfHeaders (void)
static force_inline uint32_t getPECheckSum (void)
static force_inline uint16_t getPESubsystem (void)
static force_inline uint16_t getPEDllCharacteristics (void)
 Return the PE DllCharacteristics.
static force_inline uint32_t getPESizeOfStackReserve (void)
static force_inline uint32_t getPESizeOfStackCommit (void)
static force_inline uint32_t getPESizeOfHeapReserve (void)
static force_inline uint32_t getPESizeOfHeapCommit (void)
static force_inline uint32_t getPELoaderFlags (void)
static force_inline uint16_t getPEMachine ()
static force_inline uint32_t getPETimeDateStamp ()
static force_inline uint32_t getPEPointerToSymbolTable ()
static force_inline uint32_t getPENumberOfSymbols ()
static force_inline uint16_t getPESizeOfOptionalHeader ()
static force_inline uint16_t getPECharacteristics ()
static force_inline bool getPEisDLL ()
static force_inline uint32_t getPEDataDirRVA (unsigned n)
static force_inline uint32_t getPEDataDirSize (unsigned n)
static force_inline uint16_t getNumberOfSections (void)
static uint32_t getPELFANew (void)
static force_inline int readPESectionName (unsigned char name[8], unsigned n)
static force_inline uint32_t getEntryPoint (void)
static force_inline uint32_t getExeOffset (void)
static force_inline uint32_t getImageBase (void)
static uint32_t getVirtualEntryPoint (void)
static uint32_t getSectionRVA (unsigned i)
static uint32_t getSectionVirtualSize (unsigned i)
static force_inline bool readRVA (uint32_t rva, void *buf, size_t bufsize)
static void * memchr (const void *s, int c, size_t n)
void * memset (void *src, int c, uintptr_t n) __attribute__((nothrow)) __attribute__((__nonnull__((1))))
void * memmove (void *dst, const void *src, uintptr_t n) __attribute__((__nothrow__)) __attribute__((__nonnull__(1
void *void memcpy (void *restrict dst, const void *restrict src, uintptr_t n) __attribute__((__nothrow__)) __attribute__((__nonnull__(1
void *void int memcmp (const void *s1, const void *s2, uint32_t n) __attribute__((__nothrow__)) __attribute__((__pure__)) __attribute__((__nonnull__(1
static force_inline uint32_t DisassembleAt (struct DIS_fixed *result, uint32_t offset, uint32_t len)
static int32_t ilog2_compat (uint32_t a, uint32_t b)

Detailed Description


Define Documentation

#define BYTECODE_ABORT_HOOK   0xcea5e

entrypoint() return code that tells hook invoker that it should skip executing, probably because it'd trigger a bug in it

#define COPYRIGHT (   c)    const char *const __Copyright = (c);

Defines an alternative copyright for this bytecode.

config:
This will also prevent the sourcecode from being embedded into the bytecode
#define DECLARE_SIGNATURE (   name)
Value:
const char *name##_sig;\
    __Signature name;

Declares a name for a subsignature.

config:
#define DEFINE_SIGNATURE (   name,
  hex 
)
Value:
.name##_sig = (hex),\
    .name = {__COUNTER__ - __signature_bias},

Defines the pattern for a previously declared subsignature.

See also:
DECLARE_SIGNATURE
config:
Parameters:
namethe name of a previously declared subsignature
hexthe pattern for this subsignature
#define FUNCTIONALITY_LEVEL_MAX (   m)    const unsigned short __FuncMax = (m);

Define the maximum engine functionality level required for this bytecode/logical signature. Engines newer than this will skip loading the bytecode. You can use the 'enum FunctionalityLevels' constants here.

config:
#define FUNCTIONALITY_LEVEL_MIN (   m)    const unsigned short __FuncMin = (m);

Define the minimum engine functionality level required for this bytecode/logical signature. Engines older than this will skip loading the bytecode. You can use the 'enum FunctionalityLevels' constants here.

config:
#define ICONGROUP1 (   group)    const char *const __IconGroup1 = (group);

Define IconGroup1 for logical signature.

See logical signature documentation for what it is

config:
#define ICONGROUP2 (   group)    const char *const __IconGroup2 = (group);

Define IconGroup2 for logical signature. See logical signature documentation for what it is.

config:
#define PDF_HOOK_DECLARE   const uint16_t __clambc_kind = BC_PDF;

Make the current bytecode a PDF hook. Having a logical signature doesn't make sense here, since logical signature is evaluated AFTER these hooks run.

config:
This hook is called several times, use pdf_get_phase() to find out in which phase you got called.
#define PE_HOOK_DECLARE   const uint16_t __clambc_kind = BC_PE_ALL;

Make the current bytecode a PE hook, i.e. it will be called once the logical signature trigger matches (or always if there is none), and you have access to all the PE information. By default you only have access to execs.h information, and not to PE field information (even for PE files).

config:
#define PE_UNPACKER_DECLARE   const uint16_t __clambc_kind = BC_PE_UNPACKER;

Like PE_HOOK_DECLARE, but it is not run for packed files that pe.c can unpack (only on the unpacked file).

config:
#define SIGNATURES_DECL_BEGIN   struct __Signatures {

Marks the beginning of the subsignature name declaration section.

config:
#define SIGNATURES_DECL_END   };

Marks the end of the subsignature name declaration section.

config:
#define SIGNATURES_DEF_BEGIN
Value:
static const unsigned __signature_bias = __COUNTER__+1;\
const struct __Signatures Signatures = {\

Marks the beginning of subsignature pattern definitions.

config:
See also:
SIGNATURES_DECL_BEGIN
#define SIGNATURES_END   };\

Marks the end of the subsignature pattern definitions.

config:
#define TARGET (   tgt)    const unsigned short __Target = (tgt);

Defines the ClamAV file target.

config:
Parameters:
tgtClamAV signature type (0 - raw, 1 - PE, etc.)
#define VIRUSNAME_PREFIX (   name)    const char __clambc_virusname_prefix[] = name;

Declares the virusname prefix.

config:
Parameters:
namethe prefix common to all viruses reported by this bytecode
#define VIRUSNAMES (   ...)    const char *const __clambc_virusnames[] = {__VA_ARGS__};

Declares all the virusnames that this bytecode can report.

config:
Parameters:
...a comma-separated list of strings interpreted as virusnames

Function Documentation

bool __is_bigendian ( void  ) const

Returns true if the bytecode is executing on a big-endian CPU.

Returns:
true if executing on bigendian CPU, false otherwise
Environment:

This will be optimized away in libclamav, but it must be used when dealing with endianess for portability reasons. For example whenever you read a 32-bit integer from a file, it can be written in little-endian convention (x86 CPU for example), or big-endian convention (PowerPC CPU for example). If the file always contains little-endian integers, then conversion might be needed. ClamAV bytecodes by their nature must only handle known-endian integers, if endianness can change, then both situations must be taken into account (based on a 1-byte field for example).

static uint16_t force_inline cli_readint16 ( const void *  buff) [static]

Reads from the specified buffer a 16-bit of little-endian integer.

Data structure:
Parameters:
[in]buffpointer to buffer
Returns:
16-bit little-endian integer converted to host endianness
static uint32_t force_inline cli_readint32 ( const void *  buff) [static]

Reads from the specified buffer a 32-bit of little-endian integer.

Data structure:
Parameters:
[in]buffpointer to buffer
Returns:
32-bit little-endian integer converted to host endianness
static void force_inline cli_writeint32 ( void *  offset,
uint32_t  v 
) [static]

Writes the specified value into the specified buffer in little-endian order

Data structure:
Parameters:
[out]offsetpointer to buffer to write to
[in]vvalue to write
static force_inline uint32_t count_match ( __Signature  sig) [static]

Returns how many times the specified signature matched.

Parameters:
signame of subsignature queried
Returns:
number of times this subsignature matched in the entire file
Engine query:

This is a constant-time operation, the counts for all subsignatures are already computed.

void debug (   ...)

debug is an overloaded function (yes clang supports that in C!), but it only works on strings, and integers. Give an error on any other type

static force_inline void overloadable_func debug ( const char *  str) [static]

Prints str to clamscan's --debug output.

Parameters:
strnull terminated string
static force_inline void overloadable_func debug ( const uint8_t *  str) [static]

Prints str to clamscan's --debug output.

Parameters:
strnull terminated string
static force_inline void overloadable_func debug ( uint32_t  a) [static]

Prints a integer to clamscan's --debug output.

Parameters:
ainteger
static force_inline uint32_t DisassembleAt ( struct DIS_fixed result,
uint32_t  offset,
uint32_t  len 
) [static]

Disassembles one X86 instruction starting at the specified offset.

Disassemble:
Parameters:
[out]resultdisassembly result
[in]offsetstart disassembling from this offset, in the current file
[in]lenmax amount of bytes to disassemble
Returns:
offset where disassembly ended
static force_inline overloadable_func void foundVirus ( const char *  virusname) [static]

Sets the specified virusname as the virus detected by this bytecode.

Scan:
Parameters:
virusnamethe name of the virus, excluding the prefix, must be one of the virusnames declared in VIRUSNAMES.
See also:
VIRUSNAMES
static force_inline void overloadable_func foundVirus ( void  ) [static]

Like foundVirus() but just use the prefix as virusname

static force_inline uint32_t getEntryPoint ( void  ) [static]

Returns the offset of the EntryPoint in the executable file.

PE:
Returns:
offset of EP as 32-bit unsigned integer
static force_inline uint32_t getExeOffset ( void  ) [static]

Returns the offset of the executable in the file.

PE:
Returns:
offset of embedded executable inside file.
static force_inline uint32_t getFilesize ( void  ) [static]

Returns the currently scanned file's size.

File operation:
Returns:
file size as 32-bit unsigned integer
static force_inline uint32_t getImageBase ( void  ) [static]

Returns the ImageBase with the correct endian conversion. Only works if the bytecode is a PE hook (i.e. you invoked PE_UNPACKER_DECLARE)

PE:
Returns:
ImageBase of PE file, 0 - for non-PE hook
static force_inline uint16_t getNumberOfSections ( void  ) [static]

Returns the number of sections in this executable file.

PE:
Returns:
number of sections as 16-bit unsigned integer
static force_inline uint32_t getPEBaseOfCode ( void  ) [static]

Return the PE BaseOfCode.

PE:
Returns:
PE BaseOfCode, or 0 if not in PE hook.
static force_inline uint32_t getPEBaseOfData ( void  ) [static]

Return the PE BaseOfData.

PE:
Returns:
PE BaseOfData, or 0 if not in PE hook.
static force_inline uint16_t getPECharacteristics ( ) [static]

Returns PE characteristics. For example you can use this to check whether it is a DLL (0x2000).

PE:
Returns:
characteristic of PE file, or 0 if not in PE hook
static force_inline uint32_t getPECheckSum ( void  ) [static]

Return the PE CheckSum.

PE:
Returns:
PE CheckSum, or 0 if not in PE hook
static force_inline uint32_t getPEDataDirRVA ( unsigned  n) [static]

Gets the virtual address of specified image data directory.

PE:
Parameters:
nimage directory requested
Returns:
Virtual Address of requested image directory
static force_inline uint32_t getPEDataDirSize ( unsigned  n) [static]

Gets the size of the specified image data directory.

PE:
Parameters:
nimage directory requested
Returns:
Size of requested image directory
static force_inline uint16_t getPEDllCharacteristics ( void  ) [static]

Return the PE DllCharacteristics.

PE:
Returns:
PE DllCharacteristics, or 0 if not in PE hook
static force_inline uint32_t getPEFileAlignment ( void  ) [static]

Return the PE FileAlignment.

PE:
Returns:
PE FileAlignment, or 0 if not in PE hook
static force_inline uint64_t getPEImageBase ( void  ) [static]

Return the PE ImageBase as 64-bit integer.

PE:
Returns:
PE ImageBase as 64-bit int, or 0 if not in PE hook
static force_inline bool getPEisDLL ( ) [static]

Returns whether this is a DLL. Use this only in a PE hook!

PE:
Returns:
true - the file is a DLL false - file is not a DLL
static uint32_t getPELFANew ( void  ) [static]

Gets the offset to the PE header.

PE:
Returns:
offset to the PE header, or 0 if not in PE hook
static force_inline uint32_t getPELoaderFlags ( void  ) [static]

Return the PE LoaderFlags.

PE:
Returns:
PE LoaderFlags or 0 if not in PE hook
static force_inline uint16_t getPEMachine ( ) [static]

Returns the CPU this executable runs on, see libclamav/pe.c for possible values.

PE:
Returns:
PE Machine or 0 if not in PE hook
static force_inline uint16_t getPEMajorImageVersion ( void  ) [static]

Return the PE MajorImageVersion.

PE:
Returns:
PE MajorImageVersion, or 0 if not in PE hook
static static force_inline force_inline uint8_t getPEMajorLinkerVersion ( void  ) [static]

Returns MajorLinkerVersion for this PE file.

PE:
Returns:
PE MajorLinkerVersion or 0 if not in PE hook
static force_inline uint16_t getPEMajorOperatingSystemVersion ( void  ) [static]

Return the PE MajorOperatingSystemVersion.

PE:
Returns:
PE MajorOperatingSystemVersion, or 0 if not in PE hook
static force_inline uint16_t getPEMajorSubsystemVersion ( void  ) [static]

Return the PE MajorSubsystemVersion.

PE:
Returns:
PE MajorSubsystemVersion or 0 if not in PE hook
static force_inline uint16_t getPEMinorImageVersion ( void  ) [static]

Return the PE MinorImageVersion.

PE:
Returns:
PE MinorrImageVersion, or 0 if not in PE hook
static force_inline uint8_t getPEMinorLinkerVersion ( void  ) [static]

Returns MinorLinkerVersion for this PE file.

PE:
Returns:
PE MinorLinkerVersion or 0 if not in PE hook
static force_inline uint16_t getPEMinorOperatingSystemVersion ( void  ) [static]

Return the PE MinorOperatingSystemVersion.

PE:
Returns:
PE MinorOperatingSystemVersion, or 0 if not in PE hook
static force_inline uint16_t getPEMinorSubsystemVersion ( void  ) [static]

Return the PE MinorSubsystemVersion.

PE:
Returns:
PE MinorSubsystemVersion, or 0 if not in PE hook
static force_inline uint32_t getPENumberOfSymbols ( ) [static]

Returns the PE number of debug symbols

PE:
Returns:
PE NumberOfSymbols or 0 if not in PE hook
static force_inline uint32_t getPEPointerToSymbolTable ( ) [static]

Returns pointer to the PE debug symbol table

PE:
Returns:
PE PointerToSymbolTable or 0 if not in PE hook
static force_inline uint32_t getPESectionAlignment ( void  ) [static]

Return the PE SectionAlignment.

PE:
Returns:
PE SectionAlignment, or 0 if not in PE hook
static force_inline uint32_t getPESizeOfCode ( void  ) [static]

Return the PE SizeOfCode.

PE:
Returns:
PE SizeOfCode or 0 if not in PE hook
static force_inline uint32_t getPESizeOfHeaders ( void  ) [static]

Return the PE SizeOfHeaders.

PE:
Returns:
PE SizeOfHeaders, or 0 if not in PE hook
static force_inline uint32_t getPESizeOfHeapCommit ( void  ) [static]

Return the PE SizeOfHeapCommit.

PE:
Returns:
PE SizeOfHeapCommit, or 0 if not in PE hook
static force_inline uint32_t getPESizeOfHeapReserve ( void  ) [static]

Return the PE SizeOfHeapReserve.

PE:
Returns:
PE SizeOfHeapReserve, or 0 if not in PE hook
static force_inline uint32_t getPESizeOfImage ( void  ) [static]

Return the PE SizeOfImage.

PE:
Returns:
PE SizeOfImage, or 0 if not in PE hook
static force_inline uint32_t getPESizeOfInitializedData ( void  ) [static]

Return the PE SizeofInitializedData.

PE:
Returns:
PE SizeOfInitializeData or 0 if not in PE hook
static force_inline uint16_t getPESizeOfOptionalHeader ( ) [static]

Returns the size of PE optional header.

PE:
Returns:
size of PE optional header, or 0 if not in PE hook
static force_inline uint32_t getPESizeOfStackCommit ( void  ) [static]

Return the PE SizeOfStackCommit.

PE:
Returns:
PE SizeOfStackCommit, or 0 if not in PE hook
static force_inline uint32_t getPESizeOfStackReserve ( void  ) [static]

Return the PE SizeOfStackReserve.

PE:
Returns:
PE SizeOfStackReserver, or 0 if not in PE hook
static force_inline uint32_t getPESizeOfUninitializedData ( void  ) [static]

Return the PE SizeofUninitializedData.

PE:
Returns:
PE SizeofUninitializedData or 0 if not in PE hook
static force_inline uint16_t getPESubsystem ( void  ) [static]

Return the PE Subsystem.

PE:
Returns:
PE subsystem, or 0 if not in PE hook
static force_inline uint32_t getPETimeDateStamp ( ) [static]

Returns the PE TimeDateStamp from headers

PE:
Returns:
PE TimeDateStamp or 0 if not in PE hook
static force_inline uint32_t getPEWin32VersionValue ( void  ) [static]

Return the PE Win32VersionValue.

PE:
Returns:
PE Win32VersionValue, or 0 if not in PE hook
static uint32_t getSectionRVA ( unsigned  i) [static]

Return the RVA of the specified section

PE:
Parameters:
isection index (from 0)
Returns:
RVA of section, or -1 if invalid
static uint32_t getSectionVirtualSize ( unsigned  i) [static]

Return the virtual size of the specified section.

PE:
Parameters:
isection index (from 0)
Returns:
VSZ of section, or -1 if invalid
static uint32_t getVirtualEntryPoint ( void  ) [static]

The address of the EntryPoint. Use this for matching EP against sections.

PE:
Returns:
virtual address of EntryPoint, or 0 if not in PE hook
static force_inline bool hasExeInfo ( void  ) [static]

Returns whether the current file has executable information.

PE:
Returns:
true if the file has exe info, false otherwise
static force_inline bool hasPEInfo ( void  ) [static]

Returns whether PE information is available

PE:
Returns:
true if PE information is available (in PE hooks)
static int32_t ilog2_compat ( uint32_t  a,
uint32_t  b 
) [inline, static]

ilog2_compat for 0.96 compatibility, you should use ilog2() 0.96.1 API instead of this one!

static force_inline bool isPE64 ( void  ) [static]

Returns whether this is a PE32+ executable.

PE:
Returns:
true if this is a PE32+ executable
static uint16_t force_inline le16_to_host ( uint16_t  v) [static]

Converts the specified value if needed, knowing it is in little endian order.

Data structure:
Parameters:
[in]v16-bit integer as read from a file
Returns:
integer converted to host's endianess
static uint32_t force_inline le32_to_host ( uint32_t  v) [static]

Converts the specified value if needed, knowing it is in little endian order.

Data structure:
Parameters:
[in]v32-bit integer as read from a file
Returns:
integer converted to host's endianess
static uint64_t force_inline le64_to_host ( uint64_t  v) [static]

Converts the specified value if needed, knowing it is in little endian order.

Data structure:
Parameters:
[in]v64-bit integer as read from a file
Returns:
integer converted to host's endianess
static force_inline uint32_t match_location ( __Signature  sig,
uint32_t  goback 
) [static]

Returns the offset of the match.

Engine query:
Parameters:
sig- Signature
goback- max length of signature
Returns:
offset of match
static force_inline int32_t match_location_check ( __Signature  sig,
uint32_t  goback,
const char *  static_start,
uint32_t  static_len 
) [static]

Like match_location(), but also checks that the match starts with the specified hex string.

Engine query:
It is recommended to use this for safety and compatibility with 0.96.1
Parameters:
sig- signature
goback- maximum length of signature (till start of last subsig)
static_start- static string that sig must begin with
static_len- static string that sig must begin with - length
Returns:
>=0 - offset of match -1 - no match
static force_inline uint32_t matches ( __Signature  sig) [static]

Returns whether the specified subsignature has matched at least once.

Engine query:
Parameters:
signame of subsignature queried
Returns:
1 if subsignature one or more times, 0 otherwise
static void* memchr ( const void *  s,
int  c,
size_t  n 
) [static]

Scan the first n bytes of the buffer s, for the character c.

String operation:
Parameters:
[in]sbuffer to scan
ccharacter to look for
nsize of buffer
Returns:
a pointer to the first byte to match, or NULL if not found.
void* void int memcmp ( const void *  s1,
const void *  s2,
uint32_t  n 
)

Compares two memory buffers.

String operation:
Parameters:
[in]s1buffer one
[in]s2buffer two
[in]namount of bytes to copy
Returns:
an integer less than, equal to, or greater than zero if the first n bytes of s1 are found, respectively, to be less than, to match, or be greater than the first n bytes of s2.
void* void memcpy ( void *restrict  dst,
const void *restrict  src,
uintptr_t  n 
)

Copies data between two non-overlapping buffers.

String operation:
Parameters:
[out]dstdestination buffer
[in]srcsource buffer
[in]namount of bytes to copy
Returns:
dst
void* memmove ( void *  dst,
const void *  src,
uintptr_t  n 
)

Copies data between two possibly overlapping buffers.

String operation:
Parameters:
[out]dstdestination buffer
[in]srcsource buffer
[in]namount of bytes to copy
Returns:
dst
void* memset ( void *  src,
int  c,
uintptr_t  n 
)

Fills the specified buffer to the specified value.

String operation:
Parameters:
[out]srcpointer to buffer
[in]ccharacter to fill buffer with
[in]nlength of buffer
Returns:
src
static force_inline int readPESectionName ( unsigned char  name[8],
unsigned  n 
) [static]

Read name of requested PE section.

PE:
Parameters:
[out]namename of PE section
[in]nPE section requested
Returns:
0 if successful, <0 otherwise
static force_inline bool readRVA ( uint32_t  rva,
void *  buf,
size_t  bufsize 
) [static]

read the specified amount of bytes from the PE file, starting at the address specified by RVA.

PE:
Parameters:
rvathe Relative Virtual Address you want to read from (will be converted to file offset)
[out]bufdestination buffer
bufsizesize of buffer
Returns:
true on success (full read), false on any failure
 All Data Structures Files Functions Variables Enumerations Enumerator Defines