Navigation

← Previous Changeset
Next Changeset →

Changeset 445

Timestamp:

03/28/06 20:09:48 (3 years ago)

Author:

common

Message:

shellcode-signatures
- create sch_namespace_##NAME## by deriving NamespaceShellcodehandler? as definded in sch_namespace.{c,h}pp
- removed sc_shellcode from sch_namespace_*
- adds sch_namespace.{c,h}pp

benefits:
every sch_namespace now relies on NamespaceShellcodeHandler::'s construktor, destructor, Init() and Exit() fn, saves code, and time
copying the needed values (pattern, name, namespace) from the sc_shellcode struct is done in NamespaceShellcodeHandlers? constructor
if we add values to the sc_shellcode struct, its very easy to add them to every sch_namespace_*, just extend the NamespaceShellcodeHandler? class and add the copying to the construktor

Files:

nepenthes/trunk/modules/shellcode-signatures/Makefile.am (modified) (1 diff)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace.cpp (added)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace.hpp (added)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_base64.cpp (modified) (5 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_base64.hpp (modified) (1 diff)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindfiletransfer.cpp (modified) (5 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindfiletransfer.hpp (modified) (2 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindshell.cpp (modified) (4 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindshell.hpp (modified) (2 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackfiletransfer.cpp (modified) (5 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackfiletransfer.hpp (modified) (2 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackshell.cpp (modified) (5 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackshell.hpp (modified) (2 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_execute.cpp (modified) (3 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_execute.hpp (modified) (2 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_konstanzxor.cpp (modified) (5 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_konstanzxor.hpp (modified) (2 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_linkxor.cpp (modified) (5 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_linkxor.hpp (modified) (2 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_url.cpp (modified) (3 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_url.hpp (modified) (2 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_xor.cpp (modified) (5 diffs)
nepenthes/trunk/modules/shellcode-signatures/sch_namespace_xor.hpp (modified) (2 diffs)
nepenthes/trunk/modules/shellcode-signatures/shellcode-signatures.sc (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

nepenthes/trunk/modules/shellcode-signatures/Makefile.am

r436	r445
15	15	shellcodesignatures_la_SOURCES += y.tab.c lex.yy.c
16	16	shellcodesignatures_la_SOURCES += shellcode-signatures.cpp shellcode-signatures.hpp
	17	shellcodesignatures_la_SOURCES += sch_namespace.cpp sch_namespace.hpp
17	18	shellcodesignatures_la_SOURCES += sch_namespace_xor.cpp sch_namespace_xor.hpp
18	19	shellcodesignatures_la_SOURCES += sch_namespace_bindshell.cpp sch_namespace_bindshell.hpp

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_base64.cpp

r443	r445
28	28	/* $Id$ */
29	29
30		~~#include <stdint.h>~~
31
32	30	#include "sch_namespace_base64.hpp"
33	31
…	…
51	49	using namespace nepenthes;
52	50
53		NamespaceBase64::NamespaceBase64(sc_shellcode *sc)
	51	NamespaceBase64::NamespaceBase64(sc_shellcode *sc) : NamespaceShellcodeHandler(sc)
54	52	{
55		~~m_ShellcodeHandlerName = sc_get_namespace_by_numeric(sc->nspace);~~
56		~~m_ShellcodeHandlerName += "::";~~
57		~~m_ShellcodeHandlerName += sc->name;~~
58
59		~~m_Shellcode = sc;~~
60	53	}
61	54
…	…
65	58
66	59	}
67
68
69		~~bool NamespaceBase64::Init()~~
70		{
71		~~const char * pcreEerror;~~
72		~~int32_t pcreErrorPos;~~
73		~~if ( (m_Pcre = pcre_compile(m_Shellcode->pattern, PCRE_DOTALL, &pcreEerror, (int *)&pcreErrorPos, 0)) == NULL )~~
74		{
75		~~logCrit("%s could not compile pattern \n\t\"%s\"\n\t Error:\"%s\" at Position %u",~~
76		~~m_ShellcodeHandlerName.c_str(), pcreEerror, pcreErrorPos);~~
77		~~return false;~~
78		~~} else~~
79		{
80		~~logInfo("%s loaded ...\n",m_ShellcodeHandlerName.c_str());~~
81		}
82
83		~~// printf("%s\n",m_Shellcode->pattern);~~
84		~~// g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size);~~
85		~~return true;~~
86		}
87
88		~~bool NamespaceBase64::Exit()~~
89		{
90		~~return true;~~
91		}
92
93	60
94	61	sch_result NamespaceBase64::handleShellcode(Message **msg)
…	…
109	76	{
110	77	int32_t i;
111		for ( i=0; i < m_~~Shellcode->map_i~~tems; i++ )
	78	for ( i=0; i < m_MapItems; i++ )
112	79	{
113		if (m_~~Shellcode->m~~ap[i] == sc_none)
	80	if (m_Map[i] == sc_none)
114	81	continue;
115	82
116		logInfo(" i = %i map_items %i , map = %s\n",i,m_~~Shellcode->map_items, sc_get_mapping_by_numeric(m_Shellcode->m~~ap[i]));
	83	logInfo(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i]));
117	84	const char *match = NULL;
118	85	pcre_get_substring((char ) shellcode, (int )ovec, (int)matchCount, i, &match);
119	86
120		switch ( m_~~Shellcode->m~~ap[i] )
	87	switch ( m_Map[i] )
121	88	{
122	89	case sc_post:
…	…
127	94
128	95	default:
129		logCrit("%s not used mapping %s\n",m_ShellcodeHandlerName.c_str(), sc_get_mapping_by_numeric(m_~~Shellcode->m~~ap[i]));
	96	logCrit("%s not used mapping %s\n",m_ShellcodeHandlerName.c_str(), sc_get_mapping_by_numeric(m_Map[i]));
130	97	}
131	98	}

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_base64.hpp

r436	r445
32	32	#define HAVE_NAMESPACE_BASE64_HPP
33	33
34		~~#include <pcre.h>~~
35		~~#include "ShellcodeHandler.hpp"~~
36		~~#include "parser.hpp"~~
37	34
	35	#include "sch_namespace.hpp"
38	36
39	37	namespace nepenthes
40	38	{
41		class NamespaceBase64 : public ShellcodeHandler
	39	class NamespaceBase64 : public NamespaceShellcodeHandler
42	40	{
43	41	public:
44	42	NamespaceBase64(sc_shellcode *sc);
45	43	~NamespaceBase64();
46		sch_result handleShellcode(Message **msg);
	44	/*
47	45	bool Init();
48	46	bool Exit();
49		private:
50		pcre *m_Pcre;
51		sc_shellcode *m_Shellcode;
	47	*/
	48	sch_result handleShellcode(Message **msg);
52	49	};
53	50	}

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindfiletransfer.cpp

r443	r445
28	28	/* $Id$ */
29	29
30		~~#include <stdint.h>~~
31
32	30	#include <sys/types.h>
33	31	#include <sys/socket.h>
…	…
56	54	using namespace nepenthes;
57	55
58		NamespaceBindFiletransfer::NamespaceBindFiletransfer(sc_shellcode *sc)
	56	NamespaceBindFiletransfer::NamespaceBindFiletransfer(sc_shellcode *sc) : NamespaceShellcodeHandler(sc)
59	57	{
60		~~m_ShellcodeHandlerName = sc_get_namespace_by_numeric(sc->nspace);~~
61		~~m_ShellcodeHandlerName += "::";~~
62		~~m_ShellcodeHandlerName += sc->name;~~
63	58
64		~~m_Shellcode = sc;~~
65	59	}
66	60
…	…
68	62	{
69	63
70		}
71
72		~~bool NamespaceBindFiletransfer::Init()~~
73		{
74		~~const char * pcreEerror;~~
75		~~int32_t pcreErrorPos;~~
76		~~if ( (m_Pcre = pcre_compile(m_Shellcode->pattern, PCRE_DOTALL, &pcreEerror, (int *)&pcreErrorPos, 0)) == NULL )~~
77		{
78		~~logCrit("%s could not compile pattern \n\t\"%s\"\n\t Error:\"%s\" at Position %u",~~
79		~~m_ShellcodeHandlerName.c_str(), pcreEerror, pcreErrorPos);~~
80		~~return false;~~
81		~~} else~~
82		{
83		~~logInfo("%s loaded ...\n",m_ShellcodeHandlerName.c_str());~~
84		}
85
86		~~// printf("%s\n",m_Shellcode->pattern);~~
87		~~// g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size);~~
88		~~return true;~~
89		}
90
91		~~bool NamespaceBindFiletransfer::Exit()~~
92		{
93		~~return true;~~
94	64	}
95	65
…	…
117	87	if ( (matchCount = pcre_exec(m_Pcre, 0, (char ) shellcode, len, 0, 0, (int )ovec, sizeof(ovec)/sizeof(int32_t))) > 0 )
118	88	{
119		logCrit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_~~Shellcode->map_i~~tems);
	89	logCrit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems);
120	90	int32_t i;
121		for ( i=0; i < m_~~Shellcode->map_i~~tems; i++ )
	91	for ( i=0; i < m_MapItems; i++ )
122	92	{
123		if (m_~~Shellcode->m~~ap[i] == sc_none)
	93	if (m_Map[i] == sc_none)
124	94	continue;
125	95
126	96
127		logInfo(" i = %i map_items %i , map = %s\n",i,m_~~Shellcode->map_items, sc_get_mapping_by_numeric(m_Shellcode->m~~ap[i]));
	97	logInfo(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i]));
128	98	const char *match = NULL;
129	99	pcre_get_substring((char ) shellcode, (int )ovec, (int)matchCount, i, &match);
130	100
131		switch ( m_~~Shellcode->m~~ap[i] )
	101	switch ( m_Map[i] )
132	102	{
133	103
…	…
143	113
144	114	default:
145		logCrit("%s not used mapping %s\n",m_ShellcodeHandlerName.c_str(), sc_get_mapping_by_numeric(m_~~Shellcode->m~~ap[i]));
	115	logCrit("%s not used mapping %s\n",m_ShellcodeHandlerName.c_str(), sc_get_mapping_by_numeric(m_Map[i]));
146	116	}
147	117

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindfiletransfer.hpp

r433	r445
32	32
33	33	#include <stdint.h>
34		#include <pcre.h>
35		#include "ShellcodeHandler.hpp"
36		#include "parser.hpp"
	34	#include "sch_namespace.hpp"
	35
37	36
38	37	namespace nepenthes
39	38	{
40		class NamespaceBindFiletransfer : public ShellcodeHandler
	39	class NamespaceBindFiletransfer : public NamespaceShellcodeHandler
41	40	{
42	41	public:
…	…
44	43	~NamespaceBindFiletransfer();
45	44	sch_result handleShellcode(Message **msg);
46		~~bool Init();~~
47		~~bool Exit();~~
48		~~private:~~
49		~~pcre *m_Pcre;~~
50		~~sc_shellcode *m_Shellcode;~~
51	45	};
52	46	}

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindshell.cpp

r443	r445
28	28	/* $Id$ */
29	29
30		~~#include <stdint.h>~~
31
32	30	#include <sys/types.h>
33	31	#include <netinet/in.h>
…	…
54	52	using namespace nepenthes;
55	53
56		NamespaceBindShell::NamespaceBindShell(sc_shellcode *sc)
	54	NamespaceBindShell::NamespaceBindShell(sc_shellcode *sc) : NamespaceShellcodeHandler(sc)
57	55	{
58		~~m_ShellcodeHandlerName = sc_get_namespace_by_numeric(sc->nspace);~~
59		~~m_ShellcodeHandlerName += "::";~~
60		~~m_ShellcodeHandlerName += sc->name;~~
61
62		~~m_Shellcode = sc;~~
63	56	}
64	57
…	…
66	59	{
67	60
68		}
69
70		~~bool NamespaceBindShell::Init()~~
71		{
72		~~const char * pcreEerror;~~
73		~~int32_t pcreErrorPos;~~
74		~~if ( (m_Pcre = pcre_compile(m_Shellcode->pattern, PCRE_DOTALL, &pcreEerror, (int *)&pcreErrorPos, 0)) == NULL )~~
75		{
76		~~logCrit("%s could not compile pattern \n\t\"%s\"\n\t Error:\"%s\" at Position %u",~~
77		~~m_ShellcodeHandlerName.c_str(), pcreEerror, pcreErrorPos);~~
78		~~return false;~~
79		~~} else~~
80		{
81		~~logInfo("%s loaded ...\n",m_ShellcodeHandlerName.c_str());~~
82		}
83
84		~~// printf("%s\n",m_Shellcode->pattern);~~
85		~~// g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size);~~
86		~~return true;~~
87		}
88
89		~~bool NamespaceBindShell::Exit()~~
90		{
91		~~return true;~~
92	61	}
93	62
…	…
111	80	uint16_t port=0;
112	81
113		for ( int i=0; i < m_~~Shellcode->map_i~~tems; i++ )
	82	for ( int i=0; i < m_MapItems; i++ )
114	83	{
115		if ( m_~~Shellcode->m~~ap[i] == sc_port )
	84	if ( m_Map[i] == sc_port )
116	85	{
117	86	pcre_get_substring((char ) shellcode, (int )ovec, (int)matchCount, 1, &match);

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindshell.hpp

r428	r445
31	31	#define HAVE_NAMESPACE_BINDSHELL_HPP
32	32
33		#include <stdint.h>
34		#include <pcre.h>
35		#include "ShellcodeHandler.hpp"
36		#include "parser.hpp"
	33	#include "sch_namespace.hpp"
37	34
38	35	namespace nepenthes
39	36	{
40		class NamespaceBindShell : public ShellcodeHandler
	37	class NamespaceBindShell : public NamespaceShellcodeHandler
41	38	{
42	39	public:
…	…
44	41	~NamespaceBindShell();
45	42	sch_result handleShellcode(Message **msg);
46		~~bool Init();~~
47		~~bool Exit();~~
48		~~private:~~
49		~~pcre *m_Pcre;~~
50		~~sc_shellcode *m_Shellcode;~~
51	43	};
52	44	}

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackfiletransfer.cpp

r443	r445
28	28	/* $Id$ */
29	29
30		~~#include <stdint.h>~~
31
32	30	#include <sys/types.h>
33	31	#include <sys/socket.h>
…	…
56	54	using namespace nepenthes;
57	55
58		NamespaceConnectbackFiletransfer::NamespaceConnectbackFiletransfer(sc_shellcode *sc)
	56	NamespaceConnectbackFiletransfer::NamespaceConnectbackFiletransfer(sc_shellcode *sc) : NamespaceShellcodeHandler(sc)
59	57	{
60		~~m_ShellcodeHandlerName = sc_get_namespace_by_numeric(sc->nspace);~~
61		~~m_ShellcodeHandlerName += "::";~~
62		~~m_ShellcodeHandlerName += sc->name;~~
63
64		~~m_Shellcode = sc;~~
65	58	}
66	59
…	…
68	61	{
69	62
70		}
71
72		~~bool NamespaceConnectbackFiletransfer::Init()~~
73		{
74		~~const char * pcreEerror;~~
75		~~int32_t pcreErrorPos;~~
76		~~if ( (m_Pcre = pcre_compile(m_Shellcode->pattern, PCRE_DOTALL, &pcreEerror, (int *)&pcreErrorPos, 0)) == NULL )~~
77		{
78		~~logCrit("%s could not compile pattern \n\t\"%s\"\n\t Error:\"%s\" at Position %u",~~
79		~~m_ShellcodeHandlerName.c_str(), pcreEerror, pcreErrorPos);~~
80		~~return false;~~
81		~~} else~~
82		{
83		~~logInfo("%s loaded ...\n",m_ShellcodeHandlerName.c_str());~~
84		}
85
86		~~// printf("%s\n",m_Shellcode->pattern);~~
87		~~// g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size);~~
88		~~return true;~~
89		}
90
91		~~bool NamespaceConnectbackFiletransfer::Exit()~~
92		{
93		~~return true;~~
94	63	}
95	64
…	…
121	90	if ( (matchCount = pcre_exec(m_Pcre, 0, (char ) shellcode, len, 0, 0, (int )ovec, sizeof(ovec)/sizeof(int32_t))) > 0 )
122	91	{
123		logCrit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_~~Shellcode->map_i~~tems);
	92	logCrit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems);
124	93	int32_t i;
125		for ( i=0; i < m_~~Shellcode->map_i~~tems; i++ )
	94	for ( i=0; i < m_MapItems; i++ )
126	95	{
127		if (m_~~Shellcode->m~~ap[i] == sc_none)
	96	if (m_Map[i] == sc_none)
128	97	continue;
129	98
130	99
131		logInfo(" i = %i map_items %i , map = %s\n",i,m_~~Shellcode->map_items, sc_get_mapping_by_numeric(m_Shellcode->m~~ap[i]));
	100	logInfo(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i]));
132	101	const char *match = NULL;
133	102	pcre_get_substring((char ) shellcode, (int )ovec, (int)matchCount, i, &match);
134	103
135		switch ( m_~~Shellcode->m~~ap[i] )
	104	switch ( m_Map[i] )
136	105	{
137	106
…	…
152	121
153	122	default:
154		logCrit("%s not used mapping %s\n",m_ShellcodeHandlerName.c_str(), sc_get_mapping_by_numeric(m_~~Shellcode->m~~ap[i]));
	123	logCrit("%s not used mapping %s\n",m_ShellcodeHandlerName.c_str(), sc_get_mapping_by_numeric(m_Map[i]));
155	124	}
156	125

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackfiletransfer.hpp

r432	r445
32	32	#define HAVE_NAMESPACE_CONNECTBACKFILETRANSFER_HPP
33	33
34		#include <stdint.h>
35		#include <pcre.h>
36		#include "ShellcodeHandler.hpp"
37		#include "parser.hpp"
	34	#include "sch_namespace.hpp"
38	35
39	36	namespace nepenthes
40	37	{
41		class NamespaceConnectbackFiletransfer : public ShellcodeHandler
	38	class NamespaceConnectbackFiletransfer : public NamespaceShellcodeHandler
42	39	{
43	40	public:
…	…
45	42	~NamespaceConnectbackFiletransfer();
46	43	sch_result handleShellcode(Message **msg);
47		~~bool Init();~~
48		~~bool Exit();~~
49		~~private:~~
50		~~pcre *m_Pcre;~~
51		~~sc_shellcode *m_Shellcode;~~
52	44	};
53	45	}

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackshell.cpp

r443	r445
28	28	/* $Id$ */
29	29
30		~~#include <stdint.h>~~
31
32	30	#include <sys/types.h>
33	31	#include <sys/socket.h>
…	…
56	54	using namespace nepenthes;
57	55
58		NamespaceConnectbackShell::NamespaceConnectbackShell(sc_shellcode *sc)
	56	NamespaceConnectbackShell::NamespaceConnectbackShell(sc_shellcode *sc) : NamespaceShellcodeHandler(sc)
59	57	{
60		~~m_ShellcodeHandlerName = sc_get_namespace_by_numeric(sc->nspace);~~
61		~~m_ShellcodeHandlerName += "::";~~
62		~~m_ShellcodeHandlerName += sc->name;~~
63
64		~~m_Shellcode = sc;~~
65	58	}
66	59
…	…
68	61	{
69	62
70		}
71
72		~~bool NamespaceConnectbackShell::Init()~~
73		{
74		~~const char * pcreEerror;~~
75		~~int32_t pcreErrorPos;~~
76		~~if ( (m_Pcre = pcre_compile(m_Shellcode->pattern, PCRE_DOTALL, &pcreEerror, (int *)&pcreErrorPos, 0)) == NULL )~~
77		{
78		~~logCrit("%s could not compile pattern \n\t\"%s\"\n\t Error:\"%s\" at Position %u",~~
79		~~m_ShellcodeHandlerName.c_str(), pcreEerror, pcreErrorPos);~~
80		~~return false;~~
81		~~} else~~
82		{
83		~~logInfo("%s loaded ...\n",m_ShellcodeHandlerName.c_str());~~
84		}
85
86		~~// printf("%s\n",m_Shellcode->pattern);~~
87		~~// g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size);~~
88		~~return true;~~
89		}
90
91		~~bool NamespaceConnectbackShell::Exit()~~
92		{
93		~~return true;~~
94	63	}
95	64
…	…
125	94	if ( (matchCount = pcre_exec(m_Pcre, 0, (char ) shellcode, len, 0, 0, (int )ovec, sizeof(ovec)/sizeof(int32_t))) > 0 )
126	95	{
127		logCrit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_~~Shellcode->map_i~~tems);
	96	logCrit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems);
128	97	int32_t i;
129		for ( i=0; i < m_~~Shellcode->map_i~~tems; i++ )
	98	for ( i=0; i < m_MapItems; i++ )
130	99	{
131		if (m_~~Shellcode->m~~ap[i] == sc_none)
	100	if (m_Map[i] == sc_none)
132	101	continue;
133	102
134	103
135		logInfo(" i = %i map_items %i , map = %s\n",i,m_~~Shellcode->map_items, sc_get_mapping_by_numeric(m_Shellcode->m~~ap[i]));
	104	logInfo(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i]));
136	105	const char *match = NULL;
137	106	pcre_get_substring((char ) shellcode, (int )ovec, (int)matchCount, i, &match);
138	107
139		switch ( m_~~Shellcode->m~~ap[i] )
	108	switch ( m_Map[i] )
140	109	{
141	110
…	…
157	126
158	127	default:
159		logCrit("%s not used mapping %s\n",m_ShellcodeHandlerName.c_str(), sc_get_mapping_by_numeric(m_~~Shellcode->m~~ap[i]));
	128	logCrit("%s not used mapping %s\n",m_ShellcodeHandlerName.c_str(), sc_get_mapping_by_numeric(m_Map[i]));
160	129	}
161	130

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackshell.hpp

r428	r445
31	31	#define HAVE_NAMESPACE_CONNECTBACKSHELL_HPP
32	32
33		#include <stdint.h>
34		#include <pcre.h>
35		#include "ShellcodeHandler.hpp"
36		#include "parser.hpp"
	33	#include "sch_namespace.hpp"
37	34
38	35	namespace nepenthes
39	36	{
40		class NamespaceConnectbackShell : public ShellcodeHandler
	37	class NamespaceConnectbackShell : public NamespaceShellcodeHandler
41	38	{
42	39	public:
…	…
44	41	~NamespaceConnectbackShell();
45	42	sch_result handleShellcode(Message **msg);
46		~~bool Init();~~
47		~~bool Exit();~~
48		~~private:~~
49		~~pcre *m_Pcre;~~
50		~~sc_shellcode *m_Shellcode;~~
51	43	};
52	44	}

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_execute.cpp

r443	r445
28	28	/* $Id$ */
29	29
30		~~#include <stdint.h>~~
31
32	30	#include "sch_namespace_execute.hpp"
33	31
…	…
51	49	using namespace nepenthes;
52	50
53		NamespaceExecute::NamespaceExecute(sc_shellcode *sc)
	51	NamespaceExecute::NamespaceExecute(sc_shellcode *sc): NamespaceShellcodeHandler(sc)
54	52	{
55		~~m_ShellcodeHandlerName = sc_get_namespace_by_numeric(sc->nspace);~~
56		~~m_ShellcodeHandlerName += "::";~~
57		~~m_ShellcodeHandlerName += sc->name;~~
58
59		~~m_Shellcode = sc;~~
60	53	}
61	54
…	…
65	58	}
66	59
67		~~bool NamespaceExecute::Init()~~
68		{
69		~~const char * pcreEerror;~~
70		~~int32_t pcreErrorPos;~~
71		~~if ( (m_Pcre = pcre_compile(m_Shellcode->pattern, PCRE_DOTALL, &pcreEerror, (int *)&pcreErrorPos, 0)) == NULL )~~
72		{
73		~~logCrit("%s could not compile pattern \n\t\"%s\"\n\t Error:\"%s\" at Position %u",~~
74		~~m_ShellcodeHandlerName.c_str(), pcreEerror, pcreErrorPos);~~
75		~~return false;~~
76		~~} else~~
77		{
78		~~logInfo("%s loaded ...\n",m_ShellcodeHandlerName.c_str());~~
79		}
80
81		~~// printf("%s\n",m_Shellcode->pattern);~~
82		~~// g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size);~~
83		~~return true;~~
84		}
85
86		~~bool NamespaceExecute::Exit()~~
87		{
88		~~return true;~~
89		}
90	60
91	61	sch_result NamespaceExecute::handleShellcode(Message **msg)

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_execute.hpp

r429	r445
32	32	#define HAVE_NAMESPACE_EXECUTE_HPP
33	33
34		#include <pcre.h>
35		#include "ShellcodeHandler.hpp"
36		#include "parser.hpp"
	34	#include "sch_namespace.hpp"
37	35
38	36
39	37	namespace nepenthes
40	38	{
41		class NamespaceExecute : public ShellcodeHandler
	39	class NamespaceExecute : public NamespaceShellcodeHandler
42	40	{
43	41	public:
…	…
45	43	~NamespaceExecute();
46	44	sch_result handleShellcode(Message **msg);
47		~~bool Init();~~
48		~~bool Exit();~~
49		~~private:~~
50		~~pcre *m_Pcre;~~
51		~~sc_shellcode *m_Shellcode;~~
52	45	};
53	46	}

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_konstanzxor.cpp

r443	r445
28	28	/* $Id$ */
29	29
30		~~#include <stdint.h>~~
31
32	30	#include "sch_namespace_konstanzxor.hpp"
33	31
…	…
47	45	using namespace nepenthes;
48	46
49		NamespaceKonstanzXOR::NamespaceKonstanzXOR(sc_shellcode *sc)
	47	NamespaceKonstanzXOR::NamespaceKonstanzXOR(sc_shellcode *sc): NamespaceShellcodeHandler(sc)
50	48	{
51		~~m_ShellcodeHandlerName = sc_get_namespace_by_numeric(sc->nspace);~~
52		~~m_ShellcodeHandlerName += "::";~~
53		~~m_ShellcodeHandlerName += sc->name;~~
54
55		~~m_Shellcode = sc;~~
56	49
57	50	}
…	…
60	53	{
61	54
62		}
63
64		~~bool NamespaceKonstanzXOR::Init()~~
65		{
66		~~const char * pcreEerror;~~
67		~~int32_t pcreErrorPos;~~
68		~~if ( (m_Pcre = pcre_compile(m_Shellcode->pattern, PCRE_DOTALL, &pcreEerror, (int *)&pcreErrorPos, 0)) == NULL )~~
69		{
70		~~logCrit("%s could not compile pattern \n\t\"%s\"\n\t Error:\"%s\" at Position %u",~~
71		~~m_ShellcodeHandlerName.c_str(), pcreEerror, pcreErrorPos);~~
72		~~return false;~~
73		~~} else~~
74		{
75		~~logInfo("%s loaded ...\n",m_ShellcodeHandlerName.c_str());~~
76		}
77
78		~~// printf("%s\n",m_Shellcode->pattern);~~
79		~~// g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size);~~
80		~~return true;~~
81		}
82
83		~~bool NamespaceKonstanzXOR::Exit()~~
84		{
85		~~return true;~~
86	55	}
87	56
…	…
107	76	if ( (matchCount = pcre_exec(m_Pcre, 0, (char ) shellcode, len, 0, 0, (int )ovec, sizeof(ovec)/sizeof(int32_t))) > 0 )
108	77	{
109		logCrit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_~~Shellcode->map_i~~tems);
	78	logCrit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems);
110	79	int32_t i;
111		for ( i=0; i < m_~~Shellcode->map_i~~tems; i++ )
	80	for ( i=0; i < m_MapItems; i++ )
112	81	{
113		if (m_~~Shellcode->m~~ap[i] == sc_none)
	82	if (m_Map[i] == sc_none)
114	83	continue;
115	84
116		logInfo(" i = %i map_items %i , map = %s\n",i,m_~~Shellcode->map_items, sc_get_mapping_by_numeric(m_Shellcode->m~~ap[i]));
	85	logInfo(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i]));
117	86	const char *match = NULL;
118	87	int matchSize = pcre_get_substring((char ) shellcode, (int )ovec, (int)matchCount, i, &match);
119	88
120		switch ( m_~~Shellcode->m~~ap[i] )
	89	switch ( m_Map[i] )
121	90	{
122	91
…	…
135	104
136	105	default:
137		logCrit("%s not used mapping %s\n",m_ShellcodeHandlerName.c_str(), sc_get_mapping_by_numeric(m_~~Shellcode->m~~ap[i]));
	106	logCrit("%s not used mapping %s\n",m_ShellcodeHandlerName.c_str(), sc_get_mapping_by_numeric(m_Map[i]));
138	107	}
139	108	}

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_konstanzxor.hpp

r436	r445
31	31	#define HAVE_NAMESPACE_KONSTANZXOR_HPP
32	32
33		#include <stdint.h>
34		#include <pcre.h>
35		#include "ShellcodeHandler.hpp"
36		#include "parser.hpp"
	33	#include "sch_namespace.hpp"
37	34
38	35	namespace nepenthes
39	36	{
40		class NamespaceKonstanzXOR : public ShellcodeHandler
	37	class NamespaceKonstanzXOR : public NamespaceShellcodeHandler
41	38	{
42	39	public:
…	…
44	41	~NamespaceKonstanzXOR();
45	42	sch_result handleShellcode(Message **msg);
46		~~bool Init();~~
47		~~bool Exit();~~
48		~~private:~~
49		~~pcre *m_Pcre;~~
50		~~sc_shellcode *m_Shellcode;~~
51	43	};
52	44	}

nepenthes/trunk/modules/shellcode-signatures/sch_namespace_linkxor.cpp

r443	r445
28	28	/* $Id$ */
29	29
30		~~#include <stdint.h>~~
31	30
32	31	#include "sch_namespace_linkxor.hpp"
…	…
47	46	using namespace nepenthes;
48	47
49		NamespaceLinkXOR::NamespaceLinkXOR(sc_shellcode *sc)
	48	NamespaceLinkXOR::NamespaceLinkXOR(sc_shellcode *sc):NamespaceShellcodeHandler(sc)
50	49	{
51		~~m_ShellcodeHandlerName = sc_get_namespace_by_numeric(sc->nspace);~~
52		~~m_ShellcodeHandlerName += "::";~~
53		~~m_ShellcodeHandlerName += sc->name;~~
54
55		~~m_Shellcode = sc;~~
56	50
57	51	}
…	…
62	56	}
63	57
64		~~bool NamespaceLinkXOR::Init()~~
65		{
66		~~const char * pcreEerror;~~
67		~~int32_t pcreErrorPos;~~
68		~~if ( (m_Pcre = pcre_compile(m_Shellcode->pattern, PCRE_DOTALL, &pcreEerror, (int *)&pcreErrorPos, 0)) == NULL )~~
69		{
70		~~logCrit("%s could not compile pattern \n\t\"%s\"\n\t Error:\"%s\" at Position %u",~~
71		~~m_ShellcodeHandlerName.c_str(), pcreEerror, pcreErrorPos);~~
72		~~return false;~~
73		~~} else~~
74		{
75		~~logInfo("%s loaded ...\n",m_ShellcodeHandlerName.c_str());~~
76		}
77
78		~~// printf("%s\n",m_Shellcode->pattern);~~
79		~~// g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size);~~
80		~~return true;~~
81		}
82
83		~~bool NamespaceLinkXOR::Exit()~~
84		{
85		~~return true;~~
86		}
87	58
88	59	sch_result NamespaceLinkXOR::handleShellcode(Message **msg)
…	…
123	94	if ( (matchCount = pcre_exec(m_Pcre, 0, (char ) shellcode, len, 0, 0, (int )ovec, sizeof(ovec)/sizeof(int32_t))) > 0 )
124	95	{
125		logCrit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_~~Shellcode->map_i~~tems);
	96	logCrit("MATCH %s matchCount %i map_items %i \n",m_ShellcodeHandlerName.c_str(), matchCount, m_MapItems);
126	97	int32_t i;
127		for ( i=0; i < m_~~Shellcode->map_i~~tems; i++ )
	98	for ( i=0; i < m_MapItems; i++ )
128	99	{
129		if (m_~~Shellcode->m~~ap[i] == sc_none)
	100	if (m_Map[i] == sc_none)
130	101	continue;
131	102
132		logInfo(" i = %i map_items %i , map = %s\n",i,m_~~Shellcode->map_items, sc_get_mapping_by_numeric(m_Shellcode->m~~ap[i]));
	103	logInfo(" i = %i map_items %i , map = %s\n",i,m_MapItems, sc_get_mapping_by_numeric(m_Map[i]));
133	104	const char *match = NULL;
134	105	int matchSize = pcre_get_substring((char ) shellcode, (int )ovec, (int)matchCount, i, &match);
135	106
136		switch ( m_~~Shellcode->m~~ap[i] )
	107	switch ( m_Map[i] )
137	108	{
138	109
…	…
164	135
165	136	default:
166		logCrit("%s not used mapping %s\n",m