File: dmg.h

package info (click to toggle)
clamav 0.98.7+dfsg-0+deb6u2
  • links: PTS, VCS
  • area: main
  • in suites: squeeze-lts
  • size: 60,204 kB
  • ctags: 49,129
  • sloc: cpp: 267,090; ansic: 152,211; sh: 35,196; python: 2,630; makefile: 2,220; perl: 1,690; pascal: 1,218; lisp: 184; csh: 117; xml: 38; asm: 32; exp: 4
file content (131 lines) | stat: -rw-r--r-- 3,864 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
/*
 *  Copyright (C) 2013 Sourcefire, Inc.
 *
 *  Authors: David Raynor <draynor@sourcefire.com>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2 as
 *  published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 *  MA 02110-1301, USA.
 */

#ifndef __DMG_H
#define __DMG_H

#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif

#include "cltypes.h"
#include "others.h"

/* Simple stripe types */
#define DMG_STRIPE_EMPTY   0x00000000
#define DMG_STRIPE_STORED  0x00000001
#define DMG_STRIPE_ZEROES  0x00000002
/* Compressed stripe type */
#define DMG_STRIPE_ADC     0x80000004
#define DMG_STRIPE_DEFLATE 0x80000005
#define DMG_STRIPE_BZ      0x80000006
/* Stripe types that are only seen with sector count zero */
#define DMG_STRIPE_SKIP    0x7FFFFFFE
#define DMG_STRIPE_END     0xFFFFFFFF

/* So far, this has been constant */
#define DMG_SECTOR_SIZE   512

#ifndef HAVE_ATTRIB_PACKED
#define __attribute__(x)
#endif

#ifdef HAVE_PRAGMA_PACK
#pragma pack(1)
#endif

#ifdef HAVE_PRAGMA_PACK_HPPA
#pragma pack 1
#endif

/* 512-byte block, remember these are big-endian! */
struct dmg_koly_block {
    uint32_t magic  __attribute__ ((packed));
    uint32_t version __attribute__ ((packed));
    uint32_t headerLength __attribute__ ((packed));
    uint32_t flags __attribute__ ((packed));
    uint64_t runningOffset __attribute__ ((packed));
    uint64_t dataForkOffset __attribute__ ((packed));
    uint64_t dataForkLength __attribute__ ((packed));
    uint64_t resourceForkOffset __attribute__ ((packed));
    uint64_t resourceForkLength __attribute__ ((packed));
    uint32_t segment __attribute__ ((packed));
    uint32_t segmentCount __attribute__ ((packed));
    /* technically uuid */
    uint8_t  segmentID[16];

    uint32_t dataChecksumFields[34] __attribute__ ((packed));

    uint64_t xmlOffset __attribute__ ((packed));
    uint64_t xmlLength __attribute__ ((packed));
    uint8_t  padding[120];

    uint32_t masterChecksumFields[34] __attribute__ ((packed));

    uint32_t imageVariant __attribute__ ((packed));
    uint64_t sectorCount __attribute__ ((packed));

    uint32_t reserved[3] __attribute__ ((packed));
};

/* 204-byte block, still big-endian */
struct dmg_mish_block {
    uint32_t magic  __attribute__ ((packed));
    uint32_t version  __attribute__ ((packed));

    uint64_t startSector  __attribute__ ((packed));
    uint64_t sectorCount  __attribute__ ((packed));
    uint64_t dataOffset  __attribute__ ((packed));
    uint32_t bufferCount  __attribute__ ((packed));
    uint32_t descriptorBlocks  __attribute__ ((packed));

    uint8_t  reserved[24];

    uint32_t checksum[34]  __attribute__ ((packed));
    uint32_t blockDataCount  __attribute__ ((packed));
};

/* 40-byte block, big-endian */
struct dmg_block_data {
    uint32_t type  __attribute__ ((packed));
    uint32_t reserved  __attribute__ ((packed));
    uint64_t startSector  __attribute__ ((packed));
    uint64_t sectorCount  __attribute__ ((packed));
    uint64_t dataOffset  __attribute__ ((packed));
    uint64_t dataLength  __attribute__ ((packed));
};

struct dmg_mish_with_stripes {
    struct dmg_mish_block *mish;
    struct dmg_block_data *stripes;
    struct dmg_mish_with_stripes *next;
};

#ifdef HAVE_PRAGMA_PACK
#pragma pack()
#endif

#ifdef HAVE_PRAGMA_PACK_HPPA
#pragma pack
#endif

int cli_scandmg(cli_ctx *ctx);

#endif