From 0e92280b33b1f13f4a81bc8de905c2bfb93e5209 Mon Sep 17 00:00:00 2001 From: John Reiser Date: Mon, 3 Jul 2006 19:35:56 -0700 Subject: [PATCH] *BSD elf-fold escape hatch differs from Linux --- src/stub/i386-bsd.elf-fold.h | 205 +++++++++++++------------ src/stub/i386-openbsd.elf-fold.h | 142 +++++++++++++++++ src/stub/src/i386-bsd.elf-fold.asm | 32 ++-- src/stub/src/i386-bsd.elf-main.c | 2 +- src/stub/src/i386-openbsd.elf-fold.asm | 30 ++-- src/stub/src/i386-openbsd.elf-main.c | 2 +- 6 files changed, 282 insertions(+), 131 deletions(-) create mode 100644 src/stub/i386-openbsd.elf-fold.h diff --git a/src/stub/i386-bsd.elf-fold.h b/src/stub/i386-bsd.elf-fold.h index bae6ed04..c5cfc570 100644 --- a/src/stub/i386-bsd.elf-fold.h +++ b/src/stub/i386-bsd.elf-fold.h @@ -1,4 +1,4 @@ -/* i386-bsd.elf-fold.h -- created from i386-bsd.elf-fold.bin, 1702 (0x6a6) bytes +/* i386-bsd.elf-fold.h -- created from i386-bsd.elf-fold.bin, 1714 (0x6b2) bytes This file is part of the UPX executable compressor. @@ -27,116 +27,117 @@ */ -#define BSD_I386ELF_FOLD_SIZE 1702 -#define BSD_I386ELF_FOLD_ADLER32 0xd3fbf52c -#define BSD_I386ELF_FOLD_CRC32 0x627f021f +#define BSD_I386ELF_FOLD_SIZE 1714 +#define BSD_I386ELF_FOLD_ADLER32 0x01dafca5 +#define BSD_I386ELF_FOLD_CRC32 0x0c3241bd -unsigned char bsd_i386elf_fold[1702] = { +unsigned char bsd_i386elf_fold[1714] = { 127, 69, 76, 70, 1, 1, 1, 9, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 0 */ 2, 0, 3, 0, 1, 0, 0, 0,128, 16,192, 0, 52, 0, 0, 0, /* 0x 10 */ 0, 0, 0, 0, 0, 0, 0, 0, 52, 0, 32, 0, 2, 0, 0, 0, /* 0x 20 */ 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 16,192, 0, /* 0x 30 */ - 0, 16,192, 0,166, 6, 0, 0,168, 6, 0, 0, 5, 0, 0, 0, /* 0x 40 */ - 0, 16, 0, 0, 1, 0, 0, 0,166, 6, 0, 0, 0, 0, 0, 0, /* 0x 50 */ + 0, 16,192, 0,178, 6, 0, 0,180, 6, 0, 0, 5, 0, 0, 0, /* 0x 40 */ + 0, 16, 0, 0, 1, 0, 0, 0,178, 6, 0, 0, 0, 0, 0, 0, /* 0x 50 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 60 */ 0, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 70 */ - 41,201,186,120, 2, 0, 0,137,230,137,231,232,121, 0, 0, 0, /* 0x 80 */ + 41,201,186,120, 2, 0, 0,137,230,137,231,232,131, 0, 0, 0, /* 0x 80 */ 137,230,209,234, 25,192, 41,193,141, 36,196,133,210,117,243,137, /* 0x 90 */ -231,232, 99, 0, 0, 0,129,236, 0, 10, 0, 0, 83,139, 83, 72, /* 0x a0 */ +231,232,109, 0, 0, 0,129,236, 0, 10, 0, 0, 83,139, 83, 72, /* 0x a0 */ 141,148, 26,255, 31, 0, 0,129,226, 0,240,255,255, 82, 41,192, /* 0x b0 */ 102,131,123, 16, 3,117, 1,146, 80,139,115, 24,141,131,140, 0, /* 0x c0 */ 0, 0, 41,198,139, 24,139, 72, 4,131,193, 12,141, 84, 36, 12, /* 0x d0 */ - 96, 71,232,157, 4, 0, 0,131,196, 36, 89, 91,129,196, 0, 10, /* 0x e0 */ - 0, 0, 80, 79, 41,192, 60,175,175,117,252, 80, 80, 80, 80, 80, /* 0x f0 */ - 80, 80, 80, 41,217,176, 73,255, 39,173,171,133,192,117,250,173, /* 0x 100 */ -171,133,192,117,250, 87,173,171,131,248, 32,115, 3, 15,179,194, /* 0x 110 */ -133,192,173,171,117,240,131,239, 8, 1,201, 64,243,171, 72,171, /* 0x 120 */ -171, 95,195, 85,137,229, 49,192, 80,255,117, 28, 80,255,117, 24, /* 0x 130 */ -255,117, 20,255,117, 16,255,117, 12,255,117, 8, 80,176,197, 80, /* 0x 140 */ - 80,176,198,205,128,201,195,195,176, 1, 15,182,192,205,128,195, /* 0x 150 */ -176, 3,235,246,176, 4,235,242,176, 5,235,238,176, 6,235,234, /* 0x 160 */ -176, 73,235,230,176, 74,235,226, 85,137,229, 87, 86,137,206, 83, /* 0x 170 */ -137,195, 57, 8,139,120, 4,115, 7,106,127,232,200,255,255,255, /* 0x 180 */ -133,201,116, 8,138, 7, 71,136, 2, 66,226,248, 1,115, 4, 41, /* 0x 190 */ - 51,141,101,244, 91, 94, 95,201,195, 85,137,229, 87, 86,137,198, /* 0x 1a0 */ - 83,137,211,131,236, 24,139, 69, 8,139,125, 12,137, 69,220,131, /* 0x 1b0 */ - 58, 0, 15,132,182, 0, 0, 0,141, 85,228,185, 12, 0, 0, 0, /* 0x 1c0 */ -137,240,232,161,255,255,255,139, 69,228,139, 77,232,133,192,117, /* 0x 1d0 */ - 19,129,249, 85, 80, 88, 33,117, 15,131, 62, 0, 15,132,140, 0, /* 0x 1e0 */ - 0, 0,235, 4,133,201,117, 7,106,127,232, 89,255,255,255, 57, /* 0x 1f0 */ -193,119,245, 59, 3,119,241, 57,193,115, 86,137, 69,224,141, 69, /* 0x 200 */ -224,255,117,236, 80,255,115, 4, 81,255,118, 4,255, 85,220,131, /* 0x 210 */ -196, 20,133,192,117,210,139, 85,224, 59, 85,228,117,202,138, 69, /* 0x 220 */ -237,132,192,116, 34,133,255,116, 30,129,250, 0, 2, 0, 0,119, /* 0x 230 */ - 4, 57, 19,117, 18, 15,182,192, 80, 15,182, 69,238, 80, 82,255, /* 0x 240 */ -115, 4,255,215,131,196, 16,139, 69,232, 1, 70, 4, 41, 6,235, /* 0x 250 */ - 10,139, 83, 4,137,240,232, 13,255,255,255,139, 85,228,139, 3, /* 0x 260 */ - 1, 83, 4, 41,208,133,192,137, 3,233, 68,255,255,255,141,101, /* 0x 270 */ -244, 91, 94, 95,201,195,133,192, 83,137,211,116, 29,168, 1,117, /* 0x 280 */ - 25,139, 16, 57,218,116, 7, 74,117, 11,133,219,116, 7,137, 24, /* 0x 290 */ -137, 72, 4,235, 5,131,192, 8,235,231, 91,195, 85,137,229, 87, /* 0x 2a0 */ - 86, 83,131,236, 60,137, 85,224,137, 69,228,139, 85, 12,139, 69, /* 0x 2b0 */ - 8,199, 69,204,255,255,255,255,137, 85,216,139,125,224,139, 85, /* 0x 2c0 */ -224,137, 69,220,139, 69, 20, 3,127, 28,137, 69,212, 49,192,102, /* 0x 2d0 */ -131,122, 16, 2, 15,183, 74, 44,137,251, 15,148,192, 49,246,193, /* 0x 2e0 */ -224, 4,137,202, 5, 2, 16, 0, 0, 74,120, 30,131, 59, 1,117, /* 0x 2f0 */ - 20,139, 83, 8, 59, 85,204,115, 3,137, 85,204, 3, 83, 20, 57, /* 0x 300 */ -214,115, 2,137,214,131,195, 32,226,226,139, 93,204,106, 0,106, /* 0x 310 */ -255,129,227, 0,240,255,255, 80, 41,222,106, 0,129,198,255, 15, /* 0x 320 */ - 0, 0,129,230, 0,240,255,255, 86, 83,232,244,253,255,255,131, /* 0x 330 */ -196, 24,141, 52, 48, 41,216,137, 69,208,139, 69,224,137,117,240, /* 0x 340 */ -102,131,120, 44, 0,199, 69,200, 0, 0, 0, 0, 15,132,216, 1, /* 0x 350 */ - 0, 0,139, 7,131,248, 6,117, 24,139, 77,208,186, 3, 0, 0, /* 0x 360 */ - 0, 3, 79, 8,139, 69,216,232, 10,255,255,255,233,163, 1, 0, /* 0x 370 */ - 0, 72, 15,133,156, 1, 0, 0,139, 69,208,199, 69,196, 64, 98, /* 0x 380 */ - 81,115, 3, 71, 8,139, 87, 20,139, 79, 24, 1,194,137, 69,236, /* 0x 390 */ -137, 85,188,137,194,129,226,255, 15, 0, 0,131,225, 7, 41,208, /* 0x 3a0 */ -193,225, 2,137, 69,192,139, 71, 4,211,109,196, 41,208,131,101, /* 0x 3b0 */ -196, 7,131,125,220, 0,139, 79, 16, 80,139, 69,228,137, 77,232, /* 0x 3c0 */ -141, 52, 17,116, 3,131,200,255,131,125,220, 1, 80, 25,192, 37, /* 0x 3d0 */ - 0,240,255,255, 5, 18, 16, 0, 0,131,125,220, 0, 80,139, 69, /* 0x 3e0 */ -196,116, 3,131,200, 2,131,125,220, 0, 80,137,240,116, 3,141, /* 0x 3f0 */ - 70, 3, 80,255,117,192,232, 40,253,255,255,131,196, 24, 57, 69, /* 0x 400 */ -192, 15,133,185, 0, 0, 0,131,125,220, 0,116, 28,246, 69,196, /* 0x 410 */ - 4,139, 69,212,117, 2, 49,192, 80,139, 69,220,255,117,228,141, /* 0x 420 */ - 85,232,232,114,253,255,255, 88, 90,137,240,247,216, 37,255, 15, /* 0x 430 */ - 0, 0,246, 69,196, 2,137, 69,184,116, 20,139, 69,192, 1,240, /* 0x 440 */ -131,125,184, 0,116, 9,139, 77,184,198, 0, 0, 64,226,250,131, /* 0x 450 */ -125,220, 0,116,114,131, 63, 1,117, 83,246, 71, 24, 1,116, 77, /* 0x 460 */ -139, 87, 20,139, 95, 8,141, 12, 26, 3, 77,208, 59, 87, 16,117, /* 0x 470 */ - 14,137,200,247,216, 37,255, 15, 0, 0,131,248, 3,119, 14,107, /* 0x 480 */ - 69,208, 52,131,127, 4, 0,141, 76, 3, 12,117, 15,139, 1, 61, /* 0x 490 */ -205,128, 97,195,116, 6,199, 1,205,128, 97,195,133,201,116, 13, /* 0x 4a0 */ -139, 69,216, 49,210,131,224,254,232,201,253,255,255,255,117,196, /* 0x 4b0 */ - 86,255,117,192,232,171,252,255,255,131,196, 12,133,192,116, 7, /* 0x 4c0 */ -106,127,232,129,252,255,255,139, 85,184,139, 93,192,141, 4, 22, /* 0x 4d0 */ - 1,195, 59, 93,188,115, 33,106, 0,106,255,104, 18, 16, 0, 0, /* 0x 4e0 */ -255,117,196, 41, 93,188,255,117,188, 83,232, 52,252,255,255,131, /* 0x 4f0 */ -196, 24, 57,195,116, 30,235,200,131,125,220, 0,116, 22,141, 70, /* 0x 500 */ - 3, 37,255, 15, 0, 0,131,248, 3,119, 9, 80, 83,232, 78,252, /* 0x 510 */ -255,255, 89, 91,139, 85,224,131,199, 32,255, 69,200, 15,183, 66, /* 0x 520 */ - 44, 57, 69,200, 15,140, 40,254,255,255,131,125,220, 0,117, 15, /* 0x 530 */ -255,117,228,232, 36,252,255,255, 90,133,192,116, 21,235,129,139, /* 0x 540 */ - 69,224,102,131,120, 16, 3,116, 9,255,117,240,232,246,251,255, /* 0x 550 */ -255, 88,131,125, 16, 0,116, 8,139, 69,208,139, 85, 16,137, 2, /* 0x 560 */ -139, 85,224,139, 82, 24, 1, 85,208,139, 69,208,141,101,244, 91, /* 0x 570 */ - 94, 95,201,195, 85,137,229, 87, 86, 83,131,236, 16,139,125, 16, /* 0x 580 */ -106, 0,139, 69, 28,141, 87, 2,139,117, 8,137, 69,232,131,192, /* 0x 590 */ - 52,137, 69,228,139, 93, 32,137, 85,236,141, 69, 32,141, 85, 24, /* 0x 5a0 */ - 87,232,243,251,255,255,139, 69, 12,186, 5, 0, 0, 0, 41, 93, /* 0x 5b0 */ - 36,137, 69, 32,139, 69,232, 15,183, 72, 44,137,240,232,180,252, /* 0x 5c0 */ -255,255,139, 85,232,137,240, 15,183, 74, 42,186, 4, 0, 0, 0, /* 0x 5d0 */ -232,161,252,255,255,139, 69,228,139, 77, 40,186, 3, 0, 0, 0, /* 0x 5e0 */ - 3, 72, 8,137,240,131,193, 52,232,137,252,255,255,141, 69,240, /* 0x 5f0 */ -255,117,236, 80,139, 85,232,141, 69, 32, 86, 80,137,248,232,153, /* 0x 600 */ -252,255,255,186, 9, 0, 0, 0,137,193,137,195,137,240,232, 99, /* 0x 610 */ -252,255,255,139, 85,232,131,196, 24,102,139, 74, 44, 49,210,102, /* 0x 620 */ -133,201,116,104,139, 69,228,131, 56, 3,117, 84,106, 0,139, 85, /* 0x 630 */ -228,106, 0,139, 69,240, 3, 66, 8, 80,232, 25,251,255,255,131, /* 0x 640 */ -196, 12,133,192,137,195,120, 24,104, 0, 2, 0, 0,255,117,232, /* 0x 650 */ - 80,232,250,250,255,255,131,196, 12, 61, 0, 2, 0, 0,116, 7, /* 0x 660 */ -106,127,232,225,250,255,255,106, 0,139, 85,232,106, 0,137,216, /* 0x 670 */ -106, 0,106, 0,232, 35,252,255,255,131,196, 16,137,195,235, 12, /* 0x 680 */ - 66, 15,183,193,131, 69,228, 32, 57,194,124,152,141,101,244,137, /* 0x 690 */ -216, 91, 94, 95,201,195 /* 0x 6a0 */ + 96, 71,232,169, 4, 0, 0,131,196, 36, 89, 91,129,196, 0, 10, /* 0x e0 */ + 0, 0, 80,106, 0,137,229, 41,217, 41,192, 81, 83, 80, 79, 60, /* 0x f0 */ +175,175,117,252,255, 55, 49,255, 49,246, 49,210, 49,201, 49,219, /* 0x 100 */ +176, 73,195,173,171,133,192,117,250,173,171,133,192,117,250, 87, /* 0x 110 */ +173,171,131,248, 32,115, 3, 15,179,194,133,192,173,171,117,240, /* 0x 120 */ +131,239, 8, 1,201, 64,243,171, 72,171,171, 95,195, 85,137,229, /* 0x 130 */ + 49,192, 80,255,117, 28, 80,255,117, 24,255,117, 20,255,117, 16, /* 0x 140 */ +255,117, 12,255,117, 8, 80,176,197, 80, 80,176,198,205,128,201, /* 0x 150 */ +195,195,176, 1, 15,182,192,205,128,195,176, 3,235,246,176, 4, /* 0x 160 */ +235,242,176, 5,235,238,176, 6,235,234,176, 73,235,230,176, 74, /* 0x 170 */ +235,226, 0, 0, 85,137,229, 87, 86,137,206, 83,137,195, 57, 8, /* 0x 180 */ +139,120, 4,115, 7,106,127,232,198,255,255,255,133,201,116, 8, /* 0x 190 */ +138, 7, 71,136, 2, 66,226,248, 1,115, 4, 41, 51,141,101,244, /* 0x 1a0 */ + 91, 94, 95,201,195, 85,137,229, 87, 86,137,198, 83,137,211,131, /* 0x 1b0 */ +236, 24,139, 69, 8,139,125, 12,137, 69,220,131, 58, 0, 15,132, /* 0x 1c0 */ +182, 0, 0, 0,141, 85,228,185, 12, 0, 0, 0,137,240,232,161, /* 0x 1d0 */ +255,255,255,139, 69,228,139, 77,232,133,192,117, 19,129,249, 85, /* 0x 1e0 */ + 80, 88, 33,117, 15,131, 62, 0, 15,132,140, 0, 0, 0,235, 4, /* 0x 1f0 */ +133,201,117, 7,106,127,232, 87,255,255,255, 57,193,119,245, 59, /* 0x 200 */ + 3,119,241, 57,193,115, 86,137, 69,224,141, 69,224,255,117,236, /* 0x 210 */ + 80,255,115, 4, 81,255,118, 4,255, 85,220,131,196, 20,133,192, /* 0x 220 */ +117,210,139, 85,224, 59, 85,228,117,202,138, 69,237,132,192,116, /* 0x 230 */ + 34,133,255,116, 30,129,250, 0, 2, 0, 0,119, 4, 57, 19,117, /* 0x 240 */ + 18, 15,182,192, 80, 15,182, 69,238, 80, 82,255,115, 4,255,215, /* 0x 250 */ +131,196, 16,139, 69,232, 1, 70, 4, 41, 6,235, 10,139, 83, 4, /* 0x 260 */ +137,240,232, 13,255,255,255,139, 85,228,139, 3, 1, 83, 4, 41, /* 0x 270 */ +208,133,192,137, 3,233, 68,255,255,255,141,101,244, 91, 94, 95, /* 0x 280 */ +201,195,133,192, 83,137,211,116, 29,168, 1,117, 25,139, 16, 57, /* 0x 290 */ +218,116, 7, 74,117, 11,133,219,116, 7,137, 24,137, 72, 4,235, /* 0x 2a0 */ + 5,131,192, 8,235,231, 91,195, 85,137,229, 87, 86, 83,131,236, /* 0x 2b0 */ + 60,137, 85,224,137, 69,228,139, 85, 12,139, 69, 8,199, 69,204, /* 0x 2c0 */ +255,255,255,255,137, 85,216,139,125,224,139, 85,224,137, 69,220, /* 0x 2d0 */ +139, 69, 20, 3,127, 28,137, 69,212, 49,192,102,131,122, 16, 2, /* 0x 2e0 */ + 15,183, 74, 44,137,251, 15,148,192, 49,246,193,224, 4,137,202, /* 0x 2f0 */ + 5, 2, 16, 0, 0, 74,120, 30,131, 59, 1,117, 20,139, 83, 8, /* 0x 300 */ + 59, 85,204,115, 3,137, 85,204, 3, 83, 20, 57,214,115, 2,137, /* 0x 310 */ +214,131,195, 32,226,226,139, 93,204,106, 0,106,255,129,227, 0, /* 0x 320 */ +240,255,255, 80, 41,222,106, 0,129,198,255, 15, 0, 0,129,230, /* 0x 330 */ + 0,240,255,255, 86, 83,232,242,253,255,255,131,196, 24,141, 52, /* 0x 340 */ + 48, 41,216,137, 69,208,139, 69,224,137,117,240,102,131,120, 44, /* 0x 350 */ + 0,199, 69,200, 0, 0, 0, 0, 15,132,216, 1, 0, 0,139, 7, /* 0x 360 */ +131,248, 6,117, 24,139, 77,208,186, 3, 0, 0, 0, 3, 79, 8, /* 0x 370 */ +139, 69,216,232, 10,255,255,255,233,163, 1, 0, 0, 72, 15,133, /* 0x 380 */ +156, 1, 0, 0,139, 69,208,199, 69,196, 64, 98, 81,115, 3, 71, /* 0x 390 */ + 8,139, 87, 20,139, 79, 24, 1,194,137, 69,236,137, 85,188,137, /* 0x 3a0 */ +194,129,226,255, 15, 0, 0,131,225, 7, 41,208,193,225, 2,137, /* 0x 3b0 */ + 69,192,139, 71, 4,211,109,196, 41,208,131,101,196, 7,131,125, /* 0x 3c0 */ +220, 0,139, 79, 16, 80,139, 69,228,137, 77,232,141, 52, 17,116, /* 0x 3d0 */ + 3,131,200,255,131,125,220, 1, 80, 25,192, 37, 0,240,255,255, /* 0x 3e0 */ + 5, 18, 16, 0, 0,131,125,220, 0, 80,139, 69,196,116, 3,131, /* 0x 3f0 */ +200, 2,131,125,220, 0, 80,137,240,116, 3,141, 70, 3, 80,255, /* 0x 400 */ +117,192,232, 38,253,255,255,131,196, 24, 57, 69,192, 15,133,185, /* 0x 410 */ + 0, 0, 0,131,125,220, 0,116, 28,246, 69,196, 4,139, 69,212, /* 0x 420 */ +117, 2, 49,192, 80,139, 69,220,255,117,228,141, 85,232,232,114, /* 0x 430 */ +253,255,255, 88, 90,137,240,247,216, 37,255, 15, 0, 0,246, 69, /* 0x 440 */ +196, 2,137, 69,184,116, 20,139, 69,192, 1,240,131,125,184, 0, /* 0x 450 */ +116, 9,139, 77,184,198, 0, 0, 64,226,250,131,125,220, 0,116, /* 0x 460 */ +114,131, 63, 1,117, 83,246, 71, 24, 1,116, 77,139, 87, 20,139, /* 0x 470 */ + 95, 8,141, 12, 26, 3, 77,208, 59, 87, 16,117, 14,137,200,247, /* 0x 480 */ +216, 37,255, 15, 0, 0,131,248, 3,119, 14,107, 69,208, 52,131, /* 0x 490 */ +127, 4, 0,141, 76, 3, 12,117, 15,139, 1, 61,205,128,201,195, /* 0x 4a0 */ +116, 6,199, 1,205,128,201,195,133,201,116, 13,139, 69,216, 49, /* 0x 4b0 */ +210,131,224,254,232,201,253,255,255,255,117,196, 86,255,117,192, /* 0x 4c0 */ +232,169,252,255,255,131,196, 12,133,192,116, 7,106,127,232,127, /* 0x 4d0 */ +252,255,255,139, 85,184,139, 93,192,141, 4, 22, 1,195, 59, 93, /* 0x 4e0 */ +188,115, 33,106, 0,106,255,104, 18, 16, 0, 0,255,117,196, 41, /* 0x 4f0 */ + 93,188,255,117,188, 83,232, 50,252,255,255,131,196, 24, 57,195, /* 0x 500 */ +116, 30,235,200,131,125,220, 0,116, 22,141, 70, 3, 37,255, 15, /* 0x 510 */ + 0, 0,131,248, 3,119, 9, 80, 83,232, 76,252,255,255, 89, 91, /* 0x 520 */ +139, 85,224,131,199, 32,255, 69,200, 15,183, 66, 44, 57, 69,200, /* 0x 530 */ + 15,140, 40,254,255,255,131,125,220, 0,117, 15,255,117,228,232, /* 0x 540 */ + 34,252,255,255, 90,133,192,116, 21,235,129,139, 69,224,102,131, /* 0x 550 */ +120, 16, 3,116, 9,255,117,240,232,244,251,255,255, 88,131,125, /* 0x 560 */ + 16, 0,116, 8,139, 69,208,139, 85, 16,137, 2,139, 85,224,139, /* 0x 570 */ + 82, 24, 1, 85,208,139, 69,208,141,101,244, 91, 94, 95,201,195, /* 0x 580 */ + 85,137,229, 87, 86, 83,131,236, 16,139,125, 16,106, 0,139, 69, /* 0x 590 */ + 28,141, 87, 2,139,117, 8,137, 69,232,131,192, 52,137, 69,228, /* 0x 5a0 */ +139, 93, 32,137, 85,236,141, 69, 32,141, 85, 24, 87,232,243,251, /* 0x 5b0 */ +255,255,139, 69, 12,186, 5, 0, 0, 0, 41, 93, 36,137, 69, 32, /* 0x 5c0 */ +139, 69,232, 15,183, 72, 44,137,240,232,180,252,255,255,139, 85, /* 0x 5d0 */ +232,137,240, 15,183, 74, 42,186, 4, 0, 0, 0,232,161,252,255, /* 0x 5e0 */ +255,139, 69,228,139, 77, 40,186, 3, 0, 0, 0, 3, 72, 8,137, /* 0x 5f0 */ +240,131,193, 52,232,137,252,255,255,141, 69,240,255,117,236, 80, /* 0x 600 */ +139, 85,232,141, 69, 32, 86, 80,137,248,232,153,252,255,255,186, /* 0x 610 */ + 9, 0, 0, 0,137,193,137,195,137,240,232, 99,252,255,255,139, /* 0x 620 */ + 85,232,131,196, 24,102,139, 74, 44, 49,210,102,133,201,116,104, /* 0x 630 */ +139, 69,228,131, 56, 3,117, 84,106, 0,139, 85,228,106, 0,139, /* 0x 640 */ + 69,240, 3, 66, 8, 80,232, 23,251,255,255,131,196, 12,133,192, /* 0x 650 */ +137,195,120, 24,104, 0, 2, 0, 0,255,117,232, 80,232,248,250, /* 0x 660 */ +255,255,131,196, 12, 61, 0, 2, 0, 0,116, 7,106,127,232,223, /* 0x 670 */ +250,255,255,106, 0,139, 85,232,106, 0,137,216,106, 0,106, 0, /* 0x 680 */ +232, 35,252,255,255,131,196, 16,137,195,235, 12, 66, 15,183,193, /* 0x 690 */ +131, 69,228, 32, 57,194,124,152,141,101,244,137,216, 91, 94, 95, /* 0x 6a0 */ +201,195 /* 0x 6b0 */ }; diff --git a/src/stub/i386-openbsd.elf-fold.h b/src/stub/i386-openbsd.elf-fold.h new file mode 100644 index 00000000..8ae84d9b --- /dev/null +++ b/src/stub/i386-openbsd.elf-fold.h @@ -0,0 +1,142 @@ +/* i386-openbsd.elf-fold.h -- created from i386-openbsd.elf-fold.bin, 1708 (0x6ac) bytes + + This file is part of the UPX executable compressor. + + Copyright (C) 1996-2006 Markus Franz Xaver Johannes Oberhumer + Copyright (C) 1996-2006 Laszlo Molnar + Copyright (C) 2000-2006 John F. Reiser + All Rights Reserved. + + UPX and the UCL library are free software; you can redistribute them + and/or modify them under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of + the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. + If not, write to the Free Software Foundation, Inc., + 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + Markus F.X.J. Oberhumer Laszlo Molnar + + */ + + +#define OPENBSD_I386ELF_FOLD_SIZE 1708 +#define OPENBSD_I386ELF_FOLD_ADLER32 0xdb47f801 +#define OPENBSD_I386ELF_FOLD_CRC32 0x8617eefa + +unsigned char openbsd_i386elf_fold[1708] = { +127, 69, 76, 70, 1, 1, 1, 12, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 0 */ + 2, 0, 3, 0, 1, 0, 0, 0,128, 16,192, 0, 52, 0, 0, 0, /* 0x 10 */ + 0, 0, 0, 0, 0, 0, 0, 0, 52, 0, 32, 0, 2, 0, 0, 0, /* 0x 20 */ + 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 16,192, 0, /* 0x 30 */ + 0, 16,192, 0,172, 6, 0, 0,172, 6, 0, 0, 5, 0, 0, 0, /* 0x 40 */ + 0, 16, 0, 0, 1, 0, 0, 0,172, 6, 0, 0, 0, 0, 0, 0, /* 0x 50 */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 60 */ + 0, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 70 */ + 41,201,186,120, 2, 0, 0,137,230,137,231,232,131, 0, 0, 0, /* 0x 80 */ +137,230,209,234, 25,192, 41,193,141, 36,196,133,210,117,243,137, /* 0x 90 */ +231,232,109, 0, 0, 0,129,236, 0, 10, 0, 0, 83,139, 83, 72, /* 0x a0 */ +141,148, 26,255, 31, 0, 0,129,226, 0,240,255,255, 82, 41,192, /* 0x b0 */ +102,131,123, 16, 3,117, 1,146, 80,139,115, 24,141,131,196, 0, /* 0x c0 */ + 0, 0, 41,198,139, 24,139, 72, 4,131,193, 12,141, 84, 36, 12, /* 0x d0 */ + 96, 71,232,163, 4, 0, 0,131,196, 36, 89, 91,129,196, 0, 10, /* 0x e0 */ + 0, 0, 80,106, 0,137,229, 41,217, 41,192, 81, 83, 80, 79, 60, /* 0x f0 */ +175,175,117,252,255, 55, 49,255, 49,246, 49,210, 49,201, 49,219, /* 0x 100 */ +176, 73,195,173,171,133,192,117,250,173,171,133,192,117,250, 87, /* 0x 110 */ +173,171,131,248, 32,115, 3, 15,179,194,133,192,173,171,117,240, /* 0x 120 */ +131,239, 8, 1,201, 64,243,171, 72,171,171, 95,195, 85,137,229, /* 0x 130 */ + 49,192, 80,255,117, 28, 80,255,117, 24,255,117, 20,255,117, 16, /* 0x 140 */ +255,117, 12,255,117, 8, 80,176,197, 80, 80,176,198,205,128,201, /* 0x 150 */ +195,195,176, 1, 15,182,192,205,128,195,176, 3,235,246,176, 4, /* 0x 160 */ +235,242,176, 5,235,238,176, 6,235,234,176, 73,235,230,176, 74, /* 0x 170 */ +235,226, 0, 0, 85,137,229, 87, 86,137,206, 83,137,195, 57, 8, /* 0x 180 */ +139,120, 4,115, 7,106,127,232,198,255,255,255,133,201,116, 8, /* 0x 190 */ +138, 7, 71,136, 2, 66,226,248, 1,115, 4, 41, 51,141,101,244, /* 0x 1a0 */ + 91, 94, 95,201,195, 85,137,229, 87, 86,137,198, 83,137,211,131, /* 0x 1b0 */ +236, 24,139, 69, 8,139,125, 12,137, 69,220,131, 58, 0, 15,132, /* 0x 1c0 */ +182, 0, 0, 0,141, 85,228,185, 12, 0, 0, 0,137,240,232,161, /* 0x 1d0 */ +255,255,255,139, 69,228,139, 77,232,133,192,117, 19,129,249, 85, /* 0x 1e0 */ + 80, 88, 33,117, 15,131, 62, 0, 15,132,140, 0, 0, 0,235, 4, /* 0x 1f0 */ +133,201,117, 7,106,127,232, 87,255,255,255, 57,193,119,245, 59, /* 0x 200 */ + 3,119,241, 57,193,115, 86,137, 69,224,141, 69,224,255,117,236, /* 0x 210 */ + 80,255,115, 4, 81,255,118, 4,255, 85,220,131,196, 20,133,192, /* 0x 220 */ +117,210,139, 85,224, 59, 85,228,117,202,138, 69,237,132,192,116, /* 0x 230 */ + 34,133,255,116, 30,129,250, 0, 2, 0, 0,119, 4, 57, 19,117, /* 0x 240 */ + 18, 15,182,192, 80, 15,182, 69,238, 80, 82,255,115, 4,255,215, /* 0x 250 */ +131,196, 16,139, 69,232, 1, 70, 4, 41, 6,235, 10,139, 83, 4, /* 0x 260 */ +137,240,232, 13,255,255,255,139, 85,228,139, 3, 1, 83, 4, 41, /* 0x 270 */ +208,133,192,137, 3,233, 68,255,255,255,141,101,244, 91, 94, 95, /* 0x 280 */ +201,195,133,192, 83,137,211,116, 29,168, 1,117, 25,139, 16, 57, /* 0x 290 */ +218,116, 7, 74,117, 11,133,219,116, 7,137, 24,137, 72, 4,235, /* 0x 2a0 */ + 5,131,192, 8,235,231, 91,195, 85,137,229, 87, 86, 83,131,236, /* 0x 2b0 */ + 56,137, 85,224,139, 85, 12,137, 69,228,139,125,224,199, 69,208, /* 0x 2c0 */ + 0, 0, 0, 0,137, 85,216,139, 85,224,139, 69, 8, 3,127, 28, /* 0x 2d0 */ +102,131,122, 16, 2,137, 69,220,139, 69, 20,137, 69,212,116, 99, /* 0x 2e0 */ +139, 69,224,131,203,255, 49,246,137,250, 15,183, 72, 44,137,200, /* 0x 2f0 */ + 72,120, 28,131, 58, 1,117, 18,139, 66, 8, 57,216,115, 2,137, /* 0x 300 */ +195, 3, 66, 20, 57,198,115, 2,137,198,131,194, 32,226,228,106, /* 0x 310 */ + 0,129,227, 0,240,255,255,106,255, 41,222,104, 2, 16, 0, 0, /* 0x 320 */ +129,198,255, 15, 0, 0,106, 0,129,230, 0,240,255,255, 86, 83, /* 0x 330 */ +232,248,253,255,255,131,196, 24,141, 52, 48, 41,216,137, 69,208, /* 0x 340 */ +137,117,240,139, 85,224,199, 69,204, 0, 0, 0, 0,102,131,122, /* 0x 350 */ + 44, 0, 15,132,216, 1, 0, 0,139, 7,131,248, 6,117, 24,139, /* 0x 360 */ + 77,208,186, 3, 0, 0, 0, 3, 79, 8,139, 69,216,232, 16,255, /* 0x 370 */ +255,255,233,163, 1, 0, 0, 72, 15,133,156, 1, 0, 0,139, 69, /* 0x 380 */ +208,199, 69,200, 64, 98, 81,115, 3, 71, 8,139, 87, 20,139, 79, /* 0x 390 */ + 24, 1,194,137, 69,236,137, 85,192,137,194,129,226,255, 15, 0, /* 0x 3a0 */ + 0,131,225, 7, 41,208,193,225, 2,137, 69,196,139, 71, 4,211, /* 0x 3b0 */ +109,200, 41,208,131,101,200, 7,131,125,220, 0,139, 79, 16, 80, /* 0x 3c0 */ +139, 69,228,137, 77,232,141, 52, 17,116, 3,131,200,255,131,125, /* 0x 3d0 */ +220, 1, 80, 25,192, 37, 0,240,255,255, 5, 18, 16, 0, 0,131, /* 0x 3e0 */ +125,220, 0, 80,139, 69,200,116, 3,131,200, 2,131,125,220, 0, /* 0x 3f0 */ + 80,137,240,116, 3,141, 70, 3, 80,255,117,196,232, 44,253,255, /* 0x 400 */ +255,131,196, 24, 57, 69,196, 15,133,185, 0, 0, 0,131,125,220, /* 0x 410 */ + 0,116, 28,246, 69,200, 4,139, 69,212,117, 2, 49,192, 80,139, /* 0x 420 */ + 69,220,255,117,228,141, 85,232,232,120,253,255,255, 88, 90,137, /* 0x 430 */ +240,247,216, 37,255, 15, 0, 0,246, 69,200, 2,137, 69,188,116, /* 0x 440 */ + 20,139, 69,196, 1,240,131,125,188, 0,116, 9,139, 77,188,198, /* 0x 450 */ + 0, 0, 64,226,250,131,125,220, 0,116,114,131, 63, 1,117, 83, /* 0x 460 */ +246, 71, 24, 1,116, 77,139, 87, 20,139, 95, 8,141, 12, 26, 3, /* 0x 470 */ + 77,208, 59, 87, 16,117, 14,137,200,247,216, 37,255, 15, 0, 0, /* 0x 480 */ +131,248, 3,119, 14,107, 69,208, 52,131,127, 4, 0,141, 76, 3, /* 0x 490 */ + 12,117, 15,139, 1, 61,205,128,201,195,116, 6,199, 1,205,128, /* 0x 4a0 */ +201,195,133,201,116, 13,139, 69,216, 49,210,131,224,254,232,207, /* 0x 4b0 */ +253,255,255,255,117,200, 86,255,117,196,232,175,252,255,255,131, /* 0x 4c0 */ +196, 12,133,192,116, 7,106,127,232,133,252,255,255,139, 85,188, /* 0x 4d0 */ +139, 93,196,141, 4, 22, 1,195, 59, 93,192,115, 33,106, 0,106, /* 0x 4e0 */ +255,104, 18, 16, 0, 0,255,117,200, 41, 93,192,255,117,192, 83, /* 0x 4f0 */ +232, 56,252,255,255,131,196, 24, 57,195,116, 30,235,200,131,125, /* 0x 500 */ +220, 0,116, 22,141, 70, 3, 37,255, 15, 0, 0,131,248, 3,119, /* 0x 510 */ + 9, 80, 83,232, 82,252,255,255, 89, 91,139, 85,224,131,199, 32, /* 0x 520 */ +255, 69,204, 15,183, 66, 44, 57, 69,204, 15,140, 40,254,255,255, /* 0x 530 */ +131,125,220, 0,117, 15,255,117,228,232, 40,252,255,255, 90,133, /* 0x 540 */ +192,116, 21,235,129,139, 69,224,102,131,120, 16, 3,116, 9,255, /* 0x 550 */ +117,240,232,250,251,255,255, 88,131,125, 16, 0,116, 8,139, 69, /* 0x 560 */ +208,139, 85, 16,137, 2,139, 85,224,139, 82, 24, 1, 85,208,139, /* 0x 570 */ + 69,208,141,101,244, 91, 94, 95,201,195, 85,137,229, 87, 86, 83, /* 0x 580 */ +131,236, 16,139,125, 16,106, 0,139, 69, 28,141, 87, 2,139,117, /* 0x 590 */ + 8,137, 69,232,131,192, 52,137, 69,228,139, 93, 32,137, 85,236, /* 0x 5a0 */ +141, 69, 32,141, 85, 24, 87,232,249,251,255,255,139, 69, 12,186, /* 0x 5b0 */ + 5, 0, 0, 0, 41, 93, 36,137, 69, 32,139, 69,232, 15,183, 72, /* 0x 5c0 */ + 44,137,240,232,186,252,255,255,139, 85,232,137,240, 15,183, 74, /* 0x 5d0 */ + 42,186, 4, 0, 0, 0,232,167,252,255,255,139, 69,228,139, 77, /* 0x 5e0 */ + 40,186, 3, 0, 0, 0, 3, 72, 8,137,240,131,193, 52,232,143, /* 0x 5f0 */ +252,255,255,141, 69,240,255,117,236, 80,139, 85,232,141, 69, 32, /* 0x 600 */ + 86, 80,137,248,232,159,252,255,255,186, 9, 0, 0, 0,137,193, /* 0x 610 */ +137,195,137,240,232,105,252,255,255,139, 85,232,131,196, 24,102, /* 0x 620 */ +139, 74, 44, 49,210,102,133,201,116,104,139, 69,228,131, 56, 3, /* 0x 630 */ +117, 84,106, 0,139, 85,228,106, 0,139, 69,240, 3, 66, 8, 80, /* 0x 640 */ +232, 29,251,255,255,131,196, 12,133,192,137,195,120, 24,104, 0, /* 0x 650 */ + 2, 0, 0,255,117,232, 80,232,254,250,255,255,131,196, 12, 61, /* 0x 660 */ + 0, 2, 0, 0,116, 7,106,127,232,229,250,255,255,106, 0,139, /* 0x 670 */ + 85,232,106, 0,137,216,106, 0,106, 0,232, 41,252,255,255,131, /* 0x 680 */ +196, 16,137,195,235, 12, 66, 15,183,193,131, 69,228, 32, 57,194, /* 0x 690 */ +124,152,141,101,244,137,216, 91, 94, 95,201,195 /* 0x 6a0 */ +}; diff --git a/src/stub/src/i386-bsd.elf-fold.asm b/src/stub/src/i386-bsd.elf-fold.asm index 09fcacb2..2e151ae3 100644 --- a/src/stub/src/i386-bsd.elf-fold.asm +++ b/src/stub/src/i386-bsd.elf-fold.asm @@ -1,4 +1,4 @@ -; fold_elf86.asm -- linkage to C code to process Elf binary +; i386-bsd.elf-fold.asm -- linkage to C code to process Elf binary ; ; This file is part of the UPX executable compressor. ; @@ -128,29 +128,33 @@ EXTERN upx_main pop ecx ; end of unmap region pop ebx ; start of unmap region (&Elf32_Ehdr of this stub) add esp, dword MAX_ELF_HDR + OVERHEAD ; un-alloca - push eax ; save entry address + + push eax ; save entry address as ret.addr + push byte 0 ; 'leave' uses this to clear ebp + mov ebp,esp ; frame + + sub ecx, ebx + sub eax,eax ; 0, also AT_NULL + push ecx ; length to unmap + push ebx ; start of unmap region (&Elf32_Ehdr of this stub) + push eax ; fake ret.addr dec edi ; auxv table - sub eax,eax ; 0, also AT_NULL db 0x3c ; "cmpb al, byte ..." like "jmp 1+L60" but 1 byte shorter L60: scasd ; a_un.a_val etc. scasd ; a_type jne L60 ; not AT_NULL ; edi now points at [AT_NULL]a_un.a_ptr which contains result of make_hatch() + push dword [edi] ; &escape hatch - push eax - push eax - push eax - push eax - push eax - push eax - push eax - push eax ; 32 bytes of zeroes now on stack, ready for 'popa' - - sub ecx, ebx ; length to unmap + xor edi,edi + xor esi,esi + xor edx,edx + xor ecx,ecx + xor ebx,ebx mov al, __NR_munmap ; eax was 0 from L60 - jmp [edi] ; unmap ourselves via escape hatch, then goto entry + ret ; goto escape hatch: int 0x80; leave; ret ; called twice: ; 1st with esi==edi, ecx=0, edx= bitmap of slots needed: just update edx. diff --git a/src/stub/src/i386-bsd.elf-main.c b/src/stub/src/i386-bsd.elf-main.c index f36a545b..7981ee4a 100644 --- a/src/stub/src/i386-bsd.elf-main.c +++ b/src/stub/src/i386-bsd.elf-main.c @@ -281,7 +281,7 @@ make_hatch_x86(Elf32_Phdr const *const phdr, unsigned const reloc) || ( (hatch = (void *)(&((Elf32_Ehdr *)phdr->p_vaddr + reloc)->e_ident[12])), (phdr->p_offset==0) ) ) { // Omitting 'const' saves repeated literal in gcc. - unsigned /*const*/ escape = 0xc36180cd; // "int $0x80; popa; ret" + unsigned /*const*/ escape = 0xc3c980cd; // "int $0x80; leave; ret" // Don't store into read-only page if value is already there. if (* (volatile unsigned*) hatch != escape) { * hatch = escape; diff --git a/src/stub/src/i386-openbsd.elf-fold.asm b/src/stub/src/i386-openbsd.elf-fold.asm index 306d59ba..37197406 100644 --- a/src/stub/src/i386-openbsd.elf-fold.asm +++ b/src/stub/src/i386-openbsd.elf-fold.asm @@ -129,29 +129,33 @@ EXTERN upx_main pop ecx ; end of unmap region pop ebx ; start of unmap region (&Elf32_Ehdr of this stub) add esp, dword MAX_ELF_HDR + OVERHEAD ; un-alloca - push eax ; save entry address + + push eax ; save entry address as ret.addr + push byte 0 ; 'leave' uses this to clear ebp + mov ebp,esp ; frame + + sub ecx, ebx + sub eax,eax ; 0, also AT_NULL + push ecx ; length to unmap + push ebx ; start of unmap region (&Elf32_Ehdr of this stub) + push eax ; fake ret.addr dec edi ; auxv table - sub eax,eax ; 0, also AT_NULL db 0x3c ; "cmpb al, byte ..." like "jmp 1+L60" but 1 byte shorter L60: scasd ; a_un.a_val etc. scasd ; a_type jne L60 ; not AT_NULL ; edi now points at [AT_NULL]a_un.a_ptr which contains result of make_hatch() + push dword [edi] ; &escape hatch - push eax - push eax - push eax - push eax - push eax - push eax - push eax - push eax ; 32 bytes of zeroes now on stack, ready for 'popa' - - sub ecx, ebx ; length to unmap + xor edi,edi + xor esi,esi + xor edx,edx + xor ecx,ecx + xor ebx,ebx mov al, __NR_munmap ; eax was 0 from L60 - jmp [edi] ; unmap ourselves via escape hatch, then goto entry + ret ; goto escape hatch: int 0x80; leave; ret ; called twice: ; 1st with esi==edi, ecx=0, edx= bitmap of slots needed: just update edx. diff --git a/src/stub/src/i386-openbsd.elf-main.c b/src/stub/src/i386-openbsd.elf-main.c index 4b837d8d..119577fd 100644 --- a/src/stub/src/i386-openbsd.elf-main.c +++ b/src/stub/src/i386-openbsd.elf-main.c @@ -281,7 +281,7 @@ make_hatch_x86(Elf32_Phdr const *const phdr, unsigned const reloc) || ( (hatch = (void *)(&((Elf32_Ehdr *)phdr->p_vaddr + reloc)->e_ident[12])), (phdr->p_offset==0) ) ) { // Omitting 'const' saves repeated literal in gcc. - unsigned /*const*/ escape = 0xc36180cd; // "int $0x80; popa; ret" + unsigned /*const*/ escape = 0xc3c980cd; // "int $0x80; leave; ret" // Don't store into read-only page if value is already there. if (* (volatile unsigned*) hatch != escape) { * hatch = escape;