clamav JIT模式扫描分析(LLVM 和 clamav的结合)

本文在clamav 函数调用流程分析(bytecode scan in JIT mode)的基础上，对clamav和LLVM的结合方式进行了分析，包括clamav和llvm之间变量的传递，bytecode的传递和编译执行以及执行结果的返回。

bytecode in llvm:

完整内容请点击如下链接：

点击打开链接

摘要

Clamav funcation call flow..1

(bytecode scan using llvm for JIT).1

Description.2

about llvm..2

about bytecode in clamav.2

Data structures.4

Test case.4

1. source-code and bytecode.4

2. run test.6

init.7

load bytecode.7

journey of a bytecode.7

cli_ loadcbc.7

load and parse the bytecode cli_bytecode_load.8

compile the engine and bytecode testing run.13

call stack.13

Scan.14

call stack.14

from clamav to llvm..15

cli_bytecode_runlsig.19

cli_bytecode_run.20

functions in libclamav/c++/bytecode2llvm.cpp.23

cli_bytecode_prepare_jit.23

cli_bytecode_done_jit.37

cli_vm_execute_jit.37