void emu_log(struct emu *e, enum emu_log_level level, const char *format, ...) { struct emu_logging *el = emu_logging_get(e); if ( el->loglevel == EMU_LOG_NONE ) return; if ( el->loglevel < level ) return; va_list ap; char *message = (char*)malloc(0x100); va_start(ap, format); int va = vsnprintf(message,0x100, format, ap); va_end(ap); if (va == -1) message = strdup("failed to allocate memory in vasprintf\n"); el->logcb(e, level, message); free(message); }
void proc_emu_on_io_in(struct connection *con, struct processor_data *pd) { g_debug("%s con %p pd %p", __PRETTY_FUNCTION__, con, pd); struct emu_ctx *ctx = pd->ctx; int offset = MAX(ctx->offset-300, 0); void *streamdata = NULL; int32_t size = bistream_get_stream(pd->bistream, bistream_in, offset, -1, &streamdata); int ret = 0; if( size != -1 ) { struct emu *e = emu_new(); #if 0 emu_cpu_debugflag_set(emu_cpu_get(e), instruction_string); emu_log_level_set(emu_logging_get(e),EMU_LOG_DEBUG); #endif ret = emu_shellcode_test(e, streamdata, size); emu_free(e); ctx->offset += size; if( ret >= 0 ) { struct incident *ix = incident_new("dionaea.shellcode.detected"); GAsyncQueue *aq = g_async_queue_ref(g_dionaea->threads->cmds); g_async_queue_push(aq, async_cmd_new(async_incident_report, ix)); g_async_queue_unref(aq); ev_async_send(g_dionaea->loop, &g_dionaea->threads->trigger); g_debug("shellcode found offset %i", ret); profile(ctx->config, con, streamdata, size, ret); pd->state = processor_done; } g_free(streamdata); } }