int
mime_decode(const uschar **listptr)
{
int sep = 0;
const uschar *list = *listptr;
uschar *option;
uschar option_buffer[1024];
uschar decode_path[1024];
FILE *decode_file = NULL;
long f_pos = 0;
ssize_t size_counter = 0;
ssize_t (*decode_function)(FILE*, FILE*, uschar*);
if (mime_stream == NULL)
return FAIL;
f_pos = ftell(mime_stream);
/* build default decode path (will exist since MBOX must be spooled up) */
(void)string_format(decode_path,1024,"%s/scan/%s",spool_directory,message_id);
/* try to find 1st option */
if ((option = string_nextinlist(&list, &sep,
option_buffer,
sizeof(option_buffer))) != NULL)
{
/* parse 1st option */
if ( (Ustrcmp(option,"false") == 0) || (Ustrcmp(option,"0") == 0) )
/* explicitly no decoding */
return FAIL;
if (Ustrcmp(option,"default") == 0)
/* explicit default path + file names */
goto DEFAULT_PATH;
if (option[0] == '/')
{
struct stat statbuf;
memset(&statbuf,0,sizeof(statbuf));
/* assume either path or path+file name */
if ( (stat(CS option, &statbuf) == 0) && S_ISDIR(statbuf.st_mode) )
/* is directory, use it as decode_path */
decode_file = mime_get_decode_file(option, NULL);
else
/* does not exist or is a file, use as full file name */
decode_file = mime_get_decode_file(NULL, option);
}
else
/* assume file name only, use default path */
decode_file = mime_get_decode_file(decode_path, option);
}
else
{
/* no option? patch default path */
DEFAULT_PATH:
decode_file = mime_get_decode_file(decode_path, NULL);
}
if (!decode_file)
return DEFER;
/* decode according to mime type */
decode_function =
!mime_content_transfer_encoding
? mime_decode_asis /* no encoding, dump as-is */
: Ustrcmp(mime_content_transfer_encoding, "base64") == 0
? mime_decode_base64
: Ustrcmp(mime_content_transfer_encoding, "quoted-printable") == 0
? mime_decode_qp
: mime_decode_asis; /* unknown encoding type, just dump as-is */
size_counter = decode_function(mime_stream, decode_file, mime_current_boundary);
clearerr(mime_stream);
if (fseek(mime_stream, f_pos, SEEK_SET))
return DEFER;
if (fclose(decode_file) != 0 || size_counter < 0)
return DEFER;
/* round up to the next KiB */
mime_content_size = (size_counter + 1023) / 1024;
return OK;
}
void send2server(char *uuid_ptr, char *product_ptr, char *version_ptr,
char *softversion_ptr, char *mapdate_ptr, char *mapinfo_ptr)
{
int wlen, rlen ;
int i, sockfd ;
char ret ;
char msgid ;
char buf[72+28] ;
char ret_buf[121] ;
char decode_key1[30] ;
char decode_key2[30] ;
char code[60] ;
int len ;
char source[256] ;
struct sockaddr_in serv_addr;
memset((char *) &serv_addr, 0, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_addr.s_addr = inet_addr(POZ_SERVER_IP);
serv_addr.sin_port = htons(POZ_SERVER_PORT);
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
printf("clientsoc: can't open stream socket") ;
close(sockfd), exit(0);
}
if (connect(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) {
printf("clientsoc: can't connect to server") ;
close(sockfd), exit(0);
}
// send msgid
msgid = 0x14 ;
if ((wlen = write(sockfd, &msgid, sizeof(char))) <= 0) {
printf("write error...\n") ;
close(sockfd), exit(1) ;
}
len = 0 ;
memset(buf, 0, sizeof(buf)) ;
memcpy(&(buf[len]), uuid_ptr, 50) ; len += 50 ;
memcpy(&(buf[len]), product_ptr, 18) ; len += 18 ;
memcpy(&(buf[len]), version_ptr, 4) ; len += 4 ;
memcpy(&(buf[len]), softversion_ptr, 4) ; len += 4 ;
memcpy(&(buf[len]), mapdate_ptr, 8) ; len += 8 ;
memcpy(&(buf[len]), mapinfo_ptr, 16) ; len += 16 ;
// uuid + product + version + softversion + mapdate + mapinfo
if ((wlen = write(sockfd, buf, len)) <= 0) {
printf("write error...\n") ;
close(sockfd), exit(1) ;
}
// read msgid
if ((rlen = read(sockfd, &msgid, sizeof(char))) <= 0) {
printf("read error...\n") ;
close(sockfd), exit(1) ;
}
printf("Msgid[%x]\n", msgid) ;
if(msgid == 0x21) {
if ((wlen = read(sockfd, &ret, sizeof(char))) <= 0) {
printf("read error...\n") ;
close(sockfd), exit(1) ;
}
printf("server errdata [%d] return\n", ret) ;
}
else if(msgid == 0x14)
{
memset(ret_buf, 0, sizeof(ret_buf)) ;
if ((rlen = read(sockfd, ret_buf, sizeof(ret_buf))) <= 0) {
printf("read error...\n") ;
close(sockfd), exit(1) ;
}
memset(decode_key1, 0, sizeof(decode_key1)) ;
memset(decode_key2, 0, sizeof(decode_key2)) ;
memset(code, 0, sizeof(code)) ;
memcpy(decode_key1, &(ret_buf[0]), 30) ;
memcpy(decode_key2, &(ret_buf[30]), 30) ;
memcpy(code, &(ret_buf[60]), 60) ;
len = ret_buf[120] ;
printf("decode_key1[%s] decode_key2[%s] len[%d]\n", decode_key1, decode_key2, len) ;
memset(source, 0, sizeof(source)) ;
// view_encode_code(code, len) ;
ret = decode_function(decode_key1, decode_key2, code, len, source) ;
printf("source[%s]\n", source) ;
}
else {
printf("Msgid error\n") ;
}
close(sockfd) ;
}
static void
process_exports(void *dcontext, char *dllname, LOADED_IMAGE *img)
{
IMAGE_EXPORT_DIRECTORY *dir;
IMAGE_SECTION_HEADER *sec;
DWORD *name, *code;
WORD *ordinal;
const char *string;
ULONG size;
uint i;
byte *addr, *start_exports, *end_exports;
verbose_print("Processing exports of \"%s\"\n", dllname);
dir = (IMAGE_EXPORT_DIRECTORY *)
ImageDirectoryEntryToData(img->MappedAddress, FALSE,
IMAGE_DIRECTORY_ENTRY_EXPORT, &size);
verbose_print("mapped at "PFX" (preferred "PFX"), exports 0x%08x, size 0x%x\n",
img->MappedAddress, get_preferred_base(img), dir, size);
start_exports = (byte *) dir;
end_exports = start_exports + size;
verbose_print("name=%s, ord base=0x%08x, names=%d 0x%08x\n",
(char *) ImageRvaToVa(img->FileHeader, img->MappedAddress,
dir->Name, NULL),
dir->Base, dir->NumberOfNames, dir->AddressOfNames);
/* don't limit functions to lie in .text --
* for ntdll, some exported routines have their code after .text, inside
* ECODE section!
*/
sec = img->Sections;
for (i = 0; i < img->NumberOfSections; i++) {
verbose_print("Section %d %s: 0x%x + 0x%x == 0x%08x through 0x%08x\n",
i, sec->Name, sec->VirtualAddress, sec->SizeOfRawData,
ImageRvaToVa(img->FileHeader, img->MappedAddress,
sec->VirtualAddress, NULL),
(ptr_uint_t) ImageRvaToVa(img->FileHeader, img->MappedAddress,
sec->VirtualAddress, NULL) +
sec->SizeOfRawData);
sec++;
}
name = (DWORD *) ImageRvaToVa(img->FileHeader, img->MappedAddress,
dir->AddressOfNames, NULL);
code = (DWORD *) ImageRvaToVa(img->FileHeader, img->MappedAddress,
dir->AddressOfFunctions, NULL);
ordinal = (WORD *) ImageRvaToVa(img->FileHeader, img->MappedAddress,
dir->AddressOfNameOrdinals, NULL);
verbose_print("names: from 0x%08x to 0x%08x\n",
ImageRvaToVa(img->FileHeader, img->MappedAddress, name[0], NULL),
ImageRvaToVa(img->FileHeader, img->MappedAddress,
name[dir->NumberOfNames-1], NULL));
for (i = 0; i < dir->NumberOfNames; i++) {
string = (char *) ImageRvaToVa(img->FileHeader, img->MappedAddress, name[i], NULL);
/* ordinal is biased (dir->Base), but don't add base when using as index */
assert(dir->NumberOfFunctions > ordinal[i]);
/* I don't understand why have to do RVA to VA here, when dumpbin /exports
* seems to give the same offsets but by simply adding them to base we
* get the appropriate code location -- but that doesn't work here...
*/
addr = ImageRvaToVa(img->FileHeader, img->MappedAddress,
code[ordinal[i]], NULL);
verbose_print("name=%s 0x%08x, ord=%d, code=0x%x -> 0x%08x\n",
string, string, ordinal[i], code[ordinal[i]], addr);
if (list_exports) {
print("ord %3d offs 0x%08x %s\n", ordinal[i],
addr - img->MappedAddress, string);
}
if (list_Ki && string[0] == 'K' && string[1] == 'i') {
print("\n==================================================\n");
print("%s\n\n", string);
check_Ki(string);
print("\ndisassembly:\n");
decode_function(dcontext, addr);
print( "==================================================\n");
}
/* forwarded export points inside exports section */
if (addr >= start_exports && addr < end_exports) {
if (list_forwards || verbose) {
/* I've had issues w/ forwards before, so avoid printing crap */
if (addr[0] > 0 && addr[0] < 127)
print("%s is forwarded to %.128s\n", string, addr);
else
print("ERROR identifying forwarded entry for %s\n", string);
}
} else if (list_syscalls) {
process_syscall_wrapper(dcontext, addr, string, "export", img);
}
}
}