1 /*
2 Copyright (c) 2013. The YARA Authors. All Rights Reserved.
3 
4 Licensed under the Apache License, Version 2.0 (the "License");
5 you may not use this file except in compliance with the License.
6 You may obtain a copy of the License at
7 
8    http://www.apache.org/licenses/LICENSE-2.0
9 
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS,
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 See the License for the specific language governing permissions and
14 limitations under the License.
15 */
16 
17 #ifndef YR_EXEC_H
18 #define YR_EXEC_H
19 
20 #if REAL_YARA
21 #include <yara/hash.h>
22 #include <yara/scan.h>
23 #include <yara/types.h>
24 #include <yara/rules.h>
25 #endif
26 
27 #define UNDEFINED           (int64_t)0xFFFABADAFABADAFF
28 #define IS_UNDEFINED(x)     ((x) == UNDEFINED)
29 
30 #define OP_HALT           255
31 
32 #define OP_AND            1
33 #define OP_OR             2
34 #define OP_XOR            3
35 #define OP_NOT            4
36 #define OP_LT             5
37 #define OP_GT             6
38 #define OP_LE             7
39 #define OP_GE             8
40 #define OP_EQ             9
41 #define OP_NEQ            10
42 #define OP_SZ_EQ          11
43 #define OP_SZ_NEQ         12
44 #define OP_SZ_TO_BOOL     13
45 #define OP_ADD            14
46 #define OP_SUB            15
47 #define OP_MUL            16
48 #define OP_DIV            17
49 #define OP_MOD            18
50 #define OP_NEG            19
51 #define OP_SHL            20
52 #define OP_SHR            21
53 #define OP_PUSH           22
54 #define OP_POP            23
55 #define OP_CALL           24
56 #define OP_OBJ_LOAD       25
57 #define OP_OBJ_VALUE      26
58 #define OP_OBJ_FIELD      27
59 #define OP_INDEX_ARRAY    28
60 #define OP_STR_COUNT      29
61 #define OP_STR_FOUND      30
62 #define OP_STR_FOUND_AT   31
63 #define OP_STR_FOUND_IN   32
64 #define OP_STR_OFFSET     33
65 #define OP_OF             34
66 #define OP_PUSH_RULE      35
67 #define OP_MATCH_RULE     36
68 #define OP_INCR_M         37
69 #define OP_CLEAR_M        38
70 #define OP_ADD_M          39
71 #define OP_POP_M          40
72 #define OP_PUSH_M         41
73 #define OP_SWAPUNDEF      42
74 #define OP_JNUNDEF        43
75 #define OP_JLE            44
76 #define OP_FILESIZE       45
77 #define OP_ENTRYPOINT     46
78 #define OP_INT8           47
79 #define OP_INT16          48
80 #define OP_INT32          49
81 #define OP_UINT8          50
82 #define OP_UINT16         51
83 #define OP_UINT32         52
84 #define OP_CONTAINS       53
85 #define OP_MATCHES        54
86 #define OP_IMPORT         55
87 
88 
89 int yr_execute_code(
90 #if REAL_YARA
91     YR_RULES* rules,
92 #else
93     struct cli_ac_lsig * aclsig,
94     struct cli_ac_data * acdata,
95 #endif
96     YR_SCAN_CONTEXT* context,
97     int timeout,
98     time_t start_time);
99 
100 #endif
101