void emu_log(struct emu *e, enum emu_log_level level, const char *format, ...)
{
struct emu_logging *el = emu_logging_get(e);
if ( el->loglevel == EMU_LOG_NONE )
return;
if ( el->loglevel < level )
return;
va_list ap;
char *message = (char*)malloc(0x100);
va_start(ap, format);
int va = vsnprintf(message,0x100, format, ap);
va_end(ap);
if (va == -1)
message = strdup("failed to allocate memory in vasprintf\n");
el->logcb(e, level, message);
free(message);
}
void proc_emu_on_io_in(struct connection *con, struct processor_data *pd)
{
g_debug("%s con %p pd %p", __PRETTY_FUNCTION__, con, pd);
struct emu_ctx *ctx = pd->ctx;
int offset = MAX(ctx->offset-300, 0);
void *streamdata = NULL;
int32_t size = bistream_get_stream(pd->bistream, bistream_in, offset, -1, &streamdata);
int ret = 0;
if( size != -1 )
{
struct emu *e = emu_new();
#if 0
emu_cpu_debugflag_set(emu_cpu_get(e), instruction_string);
emu_log_level_set(emu_logging_get(e),EMU_LOG_DEBUG);
#endif
ret = emu_shellcode_test(e, streamdata, size);
emu_free(e);
ctx->offset += size;
if( ret >= 0 )
{
struct incident *ix = incident_new("dionaea.shellcode.detected");
GAsyncQueue *aq = g_async_queue_ref(g_dionaea->threads->cmds);
g_async_queue_push(aq, async_cmd_new(async_incident_report, ix));
g_async_queue_unref(aq);
ev_async_send(g_dionaea->loop, &g_dionaea->threads->trigger);
g_debug("shellcode found offset %i", ret);
profile(ctx->config, con, streamdata, size, ret);
pd->state = processor_done;
}
g_free(streamdata);
}
}
