Scripting language design

[LaptoniC]

Hi,
I am trying to create some kind of spyware scanner.I know there are a lot of scanners already and most works well.After thinking about how the engine should be and how it works I have come up with below ideas.

Engine should be scriptable.For example there must be functions for every occassion and definiton file should have this.

Code Select Expand


<sig>
@file1:$Windows$\System32\1.dll
@file2:$Windows$\System32\2.dll
@rKey1:HKLM\ABC\,xxx
</sig>
<clean>
Delete(@file1)
Delete(@file2)
DeleteKey(rKey1)
</clean>


Also I think script functions can have script function inside ie

Code Select Expand

Delete(GetReg(HKLM\ABC\,xxx)

I have found only Jibz's jasg library for this purpose.Could you suggest me a roadmap to design such a scripting engine.Also I think to convert this human readable code to bytecode language.Any tips will be appreciated.Thanks.

[sluggy]

You don't need a scripting engine - everything you listed can be represented in an XML file. You just might want to have separate "handlers" for each section of the file. This is a technique that is done routinely in HLL, you might want to read up on it before attempting it in asm - it isn't difficult, you just need to get your head around it before you start writing.

[gabor]

Hi!

I must join the latest post: you could use XML as the input of the scripting engine. For scripting, processing scripts I can recommend to use finite state machines.
I started a topic about FSM that lead to an XML parser. You can find all source and possibly all needed explanations there.
http://www.masmforum.com/simple/index.php?topic=2173.0

I would be glad if you would use that parser I created.
(BTW, I haven't received feedbacks about how it is working, about its errors...)

Greets, Gábor

[LaptoniC]

I downloaded your xmlparser.zip.However your code is divided and it is hard to grasp on first look.Anyway,I guess it works like below;

Code Select Expand

invoke XML_createParser,offset MyStartTagHandler,offset MyCDATAHandler,offset MyEndTagHandler,addr CommandHandler
mov MyXMLParser,eax
I dont know what is the purpose of lpCommandHandler
after we create parser object we take it to esi(I think it is bad coding practice it is better to use parserobject as parameter in the functions.Then we use XML_parse,source,length and parse it.If error occurs carry flag is set.Show the error with XML_Error.After parsing,free the memory with

Code Select Expand

invoke XML_destroyParser,MyXMLParser

So, am I missing something?
Please add documentation to your work.Because without documentation ,the description of structures and logic, it is very hard to understand for me.Also please add parser object as parameter.I know I will forgot parsing parserobject by esi or esi will be destroyed etc...

Thanks for your help.

[gabor]

Hi LaptoniC!

Many thanks for your excellent ideas! I am very glad that you shared your opinion.
- I used esi "implicitly" because I thought in the whole parsing loop esi could hold the parser object's address. I have to admit this is not an optimization that makes the code that much faster that it is worth the bigger complexity it may cause.
- And yes, you're right. I didn't create the adaquate documentation, I'll write it. (I believe I am finishing it today.)

I still count on you and on anyone else to give comments and reviews to my work!

Thanks again, and greets! Gábor

BTW: have you checked out the automaton stuff? (It is on the XML parser topic too, I posted it earlier.)

[LaptoniC]

Thanks for your reply.I am waiting your documentation and possibly couple of examples for its extensive usage.You know its capability more than anyone else.I checked automation and its example.I guess it is like this,every thing is described wtih respect to states.When some character is encountered it is checked against accept reject state.Frankly I didt understood all of it :)

Regards.