static uint32_t assemble_shift(instruction_t *instr) { /* PRE: Take a valid and legal pointer to an instruction. * POST: Check the presence of the shift and in case it applies it. */ assert (instr != NULL); /* The offset is a register so we set the BIT_I: */ uint32_t shift_result = 0x0000000; uint32_t BIT_I = 1 << 25; uint8_t rm = 0; if (instr->no_of_ops > 2) rm = get_reg_int(instr->ops[2]); else rm = get_reg_int(instr->ops[1] + 4); regex_t rec_shift_reg; regex_t rec_shift_exp; regmatch_t shift_pos[1]; /* We use regex to check if the instructions contains a shift and to save * the index of the start and end of the shift: */ check_and_compile_regex(&rec_shift_reg, RE_SHIFT_REG, REG_EXTENDED); check_and_compile_regex(&rec_shift_exp, RE_SHIFT_EXP, REG_EXTENDED); int reg_match = !regexec(&rec_shift_reg, instr->instr_str, 1, shift_pos, 0); int exp_match = !regexec(&rec_shift_exp, instr->instr_str, 1, shift_pos, 0); /* Check if we have a shift with register or a shift with expression */ if (reg_match || exp_match) { int start_shift = shift_pos->rm_so; int end_shift = shift_pos->rm_eo; char *shift_name = cut_string(instr->instr_str, start_shift, start_shift + 3); uint32_t reg_or_exp = (reg_match ? reg_to_int : string_to_int) (cut_string(instr->instr_str, start_shift + 3, end_shift)); regfree(&rec_shift_reg); regfree(&rec_shift_exp); /* Calculate the shift given the shift name, a string containing the * value of the register or the expression shifted, the index of rm, * and an int to indicate if the shift use a register (1) or an * expression (0) */ shift_result = get_shift(shift_name, reg_or_exp, rm, reg_match); } regfree(&rec_shift_reg); regfree(&rec_shift_exp); /* If there is not shift we return the index of rm */ return shift_result | BIT_I | rm; }
void diag(FILE *output) { char *yn[] = { "No", "Yes", "Unknown" }; fprintf(output,"CVSNT Diagnostic output\n"); fprintf(output,"-----------------------\n"); fprintf(output,"\n"); fprintf(output,"Server version: "CVSNT_PRODUCTVERSION_STRING"\n"); fprintf(output,"OS Version: %s\n",get_os_version()); fprintf(output,"\n"); fprintf(output,"CVS Service installed: %s\n",service_installed("Cvsnt")?"Yes":"No"); fprintf(output,"LockService installed: %s\n",service_installed("CvsLock")?"Yes":"No"); fprintf(output,"\n"); fprintf(output,":pserver: installed: %s\n",protocol_installed("pserver")?"Yes":"No"); fprintf(output,":sserver: installed: %s\n",protocol_installed("sserver")?"Yes":"No"); fprintf(output,":gserver: installed: %s\n",protocol_installed("gserver")?"Yes":"No"); fprintf(output,":server: installed: %s\n",protocol_installed("server")?"Yes":"No"); fprintf(output,":ssh: installed: %s\n",protocol_installed("ssh")?"Yes":"No"); fprintf(output,":sspi: installed: %s\n",protocol_installed("sspi")?"Yes":"No"); fprintf(output,":ext: installed: %s\n",protocol_installed("ext")?"Yes":"No"); fprintf(output,"\n"); fprintf(output,"Installation Path: %s\n",get_reg_string("InstallPath")); fprintf(output,"Repository 0 Path: %s\n",get_reg_string("Repository0")); fprintf(output,"Repository 0 Name: %s\n",get_reg_string("Repository0Name")); fprintf(output,"Repository 1 Path: %s\n",get_reg_string("Repository1")); fprintf(output,"Repository 1 Name: %s\n",get_reg_string("Repository1Name")); fprintf(output,"Repository 2 Path: %s\n",get_reg_string("Repository2")); fprintf(output,"Repository 2 Name: %s\n",get_reg_string("Repository2Name")); fprintf(output,"Repository 3 Path: %s\n",get_reg_string("Repository3")); fprintf(output,"Repository 3 Name: %s\n",get_reg_string("Repository3Name")); fprintf(output,"CVS Temp directory: %s\n",get_reg_string("TempDir")); fprintf(output,"CA Certificate File: %s\n",get_reg_string("CertificateFile")); fprintf(output,"Private Key File: %s\n",get_reg_string("PrivateKeyFile")); fprintf(output,"Local Users Only: %s\n",get_reg_int("DontUseDomain")?"Yes":"No"); fprintf(output,"Default LockServer: %s\n",get_reg_string("LockServer")); fprintf(output,"Disable Reverse DNS: %s\n",get_reg_int("NoReverseDns")?"Yes":"No"); fprintf(output,"Server Tracing: %s\n",get_reg_int("AllowTrace")?"Yes":"No"); fprintf(output,"Case Sensitive: %s\n",get_reg_int("CaseSensitive")?"Yes":"No"); fprintf(output,"Server listen port: %d\n",get_reg_int("PServerPort")); fprintf(output,"Compatibility (Non-cvsnt clients):\n"); fprintf(output,"\tReport old CVS version: %s\n",get_reg_int("Compat0_OldVersion")?"Yes":"No"); fprintf(output,"\tHide extended status: %s\n",get_reg_int("Compat0_HideStatus")?"Yes":"No"); fprintf(output,"\tEmulate co -n bug: %s\n",get_reg_int("Compat0_OldCheckout")?"Yes":"No"); fprintf(output,"\tIgnore client wrappers: %s\n",get_reg_int("Compat0_IgnoreWrappers")?"Yes":"No"); fprintf(output,"Compatibility (CVSNT clients):\n"); fprintf(output,"\tReport old CVS version: %s\n",get_reg_int("Compat1_OldVersion")?"Yes":"No"); fprintf(output,"\tHide extended status: %s\n",get_reg_int("Compat1_HideStatus")?"Yes":"No"); fprintf(output,"\tEmulate co -n bug: %s\n",get_reg_int("Compat1_OldCheckout")?"Yes":"No"); fprintf(output,"\tIgnore client wrappers: %s\n",get_reg_int("Compat1_IgnoreWrappers")?"Yes":"No"); fprintf(output,"Default domain: %s\n",get_reg_string("DefaultDomain")); fprintf(output,"Force run as user: %s\n",get_reg_string("RunAsUser")); fprintf(output,"\n"); fprintf(output,"Temp dir readable by current user: %s\n",yn[is_readable(false,get_reg_string("TempDir"))]); // fprintf(output,"Temp dir readable by LocalSystem: %s\n",yn[is_readable(true,get_reg_string("TempDir"))]); fprintf(output,"Repository0 readable by current user: %s\n",yn[is_readable(false,get_reg_string("Repository0"))]); // fprintf(output,"Repository0 readable by LocalSystem: %s\n",yn[is_readable(true,get_reg_string("Repository0"))]); fprintf(output,"Temp dir writable by current user: %s\n",yn[is_writable(false,get_reg_string("TempDir"))]); // fprintf(output,"Temp dir writable by LocalSystem: %s\n",yn[is_writable(true,get_reg_string("TempDir"))]); fprintf(output,"\n"); fprintf(output,"AV files detected:\n"); print_found_files(output,"_AVP32.EXE\0_AVPCC.EXE\0_AVPM.EXE\0AVP32.EXE\0AVPCC.EXE\0AVPM.EXE\0" "N32SCANW.EXE\0NAVAPSVC.EXE\0NAVAPW32.EXE\0NAVLU32.EXE\0NAVRUNR.EXE\0NAVW32.EXE" "NAVWNT.EXE\0NOD32.EXE\0NPSSVC.EXE\0NRESQ32.EXE\0NSCHED32.EXE\0NSCHEDNT.EXE" "NSPLUGIN.EXE\0SCAN.EXE\0AVGSRV.EXE\0AVGSERV.EXE\0AVGCC32.EXE\0AVGCC.EXE\0" "AVGAMSVR.EXE\0AVGUPSVC.EXE\0NOD32KRN.EXE\0NOD32KUI.EXE\0"); fprintf(output,"\n"); WSADATA wsa = {0}; if(WSAStartup(MAKEWORD(2,0),&wsa)) fprintf(output,"Winsock intialisation failed!\n"); else { fprintf(output,"Installed Winsock protocols:\n\n"); DWORD dwSize=0; LPWSAPROTOCOL_INFO proto; WSAEnumProtocols(NULL,NULL,&dwSize); proto=(LPWSAPROTOCOL_INFO)malloc(dwSize); WSAEnumProtocols(NULL,proto,&dwSize); for(int n=0; n<(int)(dwSize/sizeof(proto[0])); n++) { if(!strncmp(proto[n].szProtocol,"MSAFD NetBIOS",13)) continue; // Ignore netbios layers fprintf(output,"%d: %s\n",proto[n].dwCatalogEntryId,proto[n].szProtocol); } free(proto); } }
static int calculate_second_operand(assembly_state_t *state, instruction_t *instr, uint32_t addr, uint32_t *load) { /* PRE : The given state is initialised. The instruction is a SDTR instr. load points to sufficient space to store uint32_t. * POST: If can be completed, loads the value of both base register and offset into the given uint32_t* and returns 0. If we need to pass to data processing (for mov), we leave load and return 1. */ assert (state != NULL && instr != NULL && load != NULL); uint32_t offset = 0x00000000; uint32_t rn = 0; regex_t regex; /* We use a regex to check if we need to subtract the offset form the base * register or if we need to add it and we set the BIT_U according to it. */ check_and_compile_regex(®ex, RE_MINUS, REG_EXTENDED); uint32_t BIT_U = (regexec(®ex, instr->instr_str, 0, NULL, 0) != 0) << 23; regfree(®ex); /* Check if the second operand is a numeric constant (i.e. it has the * form "=expression"). */ check_and_compile_regex(®ex, RE_EQ_EXP, REG_EXTENDED); if (!regexec(®ex, instr->ops[1], 0, NULL, 0)) { /* If assemble_constant calls the mov function we exit from the * single_data function */ if (assemble_constant(state, instr, addr, &offset)) return EXIT_FAILURE; } regfree(®ex); /* Check if the second operand has the form "[Rn].." or [Rn, .." * If it is, we use Rn as base register */ check_and_compile_regex(®ex, RE_REGISTER, REG_EXTENDED); if (!regexec(®ex, instr->ops[1], 0, NULL, 0)) { rn = get_reg_int(instr->ops[1]) << 16; } regfree(®ex); /* Check if the address is exactly "[Rn, <#expression>]: or has the exact * form "[Rn], <#expression>". */ check_and_compile_regex(®ex, RE_REG_EXP, REG_EXTENDED); if (!regexec(®ex, instr->instr_str, 0, NULL, 0)) { offset |= assemble_expression(instr); } regfree(®ex); /* Check if the instruction contains the form "[Rn,{+/-}Rm]" or the form * "[Rn,{+/-}Rm" */ check_and_compile_regex(®ex, RE_RN_RM, REG_EXTENDED); if (!regexec(®ex, instr->instr_str, 0, NULL, 0)) { offset |= assemble_shift(instr); } regfree(®ex); *load |= offset | rn | BIT_U; return EXIT_SUCCESS; }