mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx synced 2025-09-28 19:06:07 +08:00
Code Issues Releases Wiki Activity

merge

Browse Source
This commit is contained in:
László Molnár 2006-07-10 13:30:04 +02:00
commit aa656c74d5
13 changed files with 7047 additions and 1675 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
src/linker.cpp
View File

@ -504,8 +504,8 @@ void ElfLinker::init(const void *pdata, int plen, int)
void ElfLinker::setLoaderAlignOffset(int phase)
{
// FIXME: do not use this yet
assert(phase & 0);
//assert(phase & 0);
printf("\nFIXME: ElfLinker::setLoaderAlignOffset %d\n", phase);
}
int ElfLinker::addSection(const char *sname)
@ -675,6 +675,16 @@ void ElfLinkerX86::align(unsigned len)
alignWithByte(len, 0x90);
}
void ElfLinkerAMD64::align(unsigned len)
{
alignWithByte(len, 0x90);
}
void ElfLinkerPpc32::align(unsigned len)
{
alignWithByte(len, 0);
}
void ElfLinkerX86::relocate1(Relocation *rel, upx_byte *location,
unsigned value, const char *type)
{
@ -698,6 +708,54 @@ void ElfLinkerX86::relocate1(Relocation *rel, upx_byte *location,
super::relocate1(rel, location, value, type);
}
void ElfLinkerAMD64::relocate1(Relocation *rel, upx_byte *location,
unsigned value, const char *type)
{
if (strncmp(type, "R_X86_64_", 9))
return super::relocate1(rel, location, value, type);
type += 9;
if (strncmp(type, "PC", 2) == 0)
{
value -= rel->section->offset + rel->offset;
type += 2;
}
if (strcmp(type, "8") == 0)
*location += value;
else if (strcmp(type, "16") == 0)
set_le16(location, get_le16(location) + value);
else if (strcmp(type, "32") == 0)
set_le32(location, get_le32(location) + value);
else
super::relocate1(rel, location, value, type);
}
void ElfLinkerPpc32::relocate1(Relocation *rel, upx_byte *location,
unsigned value, const char *type)
{
if (strncmp(type, "R_PPC_", 6))
return super::relocate1(rel, location, value, type);
type += 6;
if (strncmp(type, "REL", 3) == 0)
{
value -= rel->section->offset + rel->offset;
type += 3;
}
// FIXME: more relocs
if (strcmp(type, "8") == 0)
*location += value;
else if (strcmp(type, "16") == 0)
set_le16(location, get_le16(location) + value);
else if (strcmp(type, "32") == 0)
set_le32(location, get_le32(location) + value);
else
super::relocate1(rel, location, value, type);
}
void ElfLinkerArmLE::relocate1(Relocation *rel, upx_byte *location,
unsigned value, const char *type)
{

20
src/linker.h
View File

@ -258,6 +258,26 @@ protected:
unsigned value, const char *type);
};
class ElfLinkerAMD64 : public ElfLinker
{
typedef ElfLinker super;
protected:
virtual void align(unsigned len);
virtual void relocate1(Relocation *, upx_byte *location,
unsigned value, const char *type);
};
class ElfLinkerPpc32 : public ElfLinker
{
typedef ElfLinker super;
protected:
virtual void align(unsigned len);
virtual void relocate1(Relocation *, upx_byte *location,
unsigned value, const char *type);
};
class ElfLinkerArmLE : public ElfLinker
{
typedef ElfLinker super;

46
src/p_lx_elf.cpp
View File

@ -148,11 +148,26 @@ PackLinuxElf::PackLinuxElf(InputFile *f)
sz_phdrs(0), sz_elf_hdrs(0),
e_machine(0), ei_class(0), ei_data(0), ei_osabi(0)
{
delete[] file_image;
}
PackLinuxElf::~PackLinuxElf()
{
delete[] file_image;
}
Linker *PackLinuxElf::newLinker() const
{
return new ElfLinker;
}
void
PackLinuxElf::addStubEntrySections(
upx_byte const *const proto,
unsigned const szproto
)
{
linker->addSection("ELFMAINX", proto, szproto);
addLoader("ELFMAINX", NULL);
}
PackLinuxElf32::PackLinuxElf32(InputFile *f)
@ -176,6 +191,11 @@ PackLinuxElf64::~PackLinuxElf64()
delete[] phdri;
}
Linker* PackLinuxElf64amd::newLinker() const
{
return new ElfLinkerAMD64;
}
int const *
PackLinuxElf::getCompressionMethods(int method, int level) const
{
@ -282,6 +302,11 @@ PackLinuxElf32ppc::~PackLinuxElf32ppc()
{
}
Linker* PackLinuxElf32ppc::newLinker() const
{
return new ElfLinkerPpc32;
}
PackLinuxElf64amd::PackLinuxElf64amd(InputFile *f)
: super(f)
{
@ -361,7 +386,7 @@ PackLinuxElf32x86::buildLinuxLoader(
// This adds the definition to the "library", to be used later.
linker->addSection("FOLDEXEC", cprLoader, sizeof(h) + sz_cpr);
delete [] cprLoader;
// FIXME: memory leak delete [] cprLoader;
int const n_mru = ft->n_mru; // FIXME: belongs to filter? packerf?
@ -448,7 +473,9 @@ PackLinuxElf32x86::buildLinuxLoader(
// PackHeader and overlay_offset at the end of the output file,
// after the compressed data.
return getLoaderSize();
unsigned const lsize = getLoaderSize();
linker->relocate();
return lsize;
}
int
@ -502,11 +529,11 @@ PackLinuxElf32::buildLinuxLoader(
//int const GAP = 128; // must match stub/l_mac_ppc.S
//segcmdo.vmsize += sz_unc - sz_cpr + GAP + 64;
linker->addSection("ELFMAINX", proto, szproto);
addStubEntrySections(proto, szproto);
addLoader("ELFMAINX", NULL);
addLoader("FOLDEXEC", NULL);
freezeLoader();
linker->relocate();
return getLoaderSize();
}
@ -558,11 +585,11 @@ PackLinuxElf64::buildLinuxLoader(
linker->addSection("FOLDEXEC", cprLoader, sizeof(h) + sz_cpr);
delete [] cprLoader;
linker->addSection("ELFMAINX", proto, szproto);
addStubEntrySections(proto, szproto);
addLoader("ELFMAINX", NULL);
addLoader("FOLDEXEC", NULL);
freezeLoader();
linker->relocate();
return getLoaderSize();
}
@ -1986,6 +2013,11 @@ PackLinuxElf32x86::~PackLinuxElf32x86()
{
}
Linker* PackLinuxElf32x86::newLinker() const
{
return new ElfLinkerX86;
}
PackBSDElf32x86::PackBSDElf32x86(InputFile *f) : super(f)
{
e_machine = Elf32_Ehdr::EM_386;

5
src/p_lx_elf.h
View File

@ -54,11 +54,13 @@ protected:
//virtual void pack3(OutputFile *, Filter &) = 0; // append loader
virtual void pack4(OutputFile *, Filter &) = 0; // append pack header
virtual Linker* newLinker() const;
virtual void generateElfHdr(
OutputFile *,
void const *proto,
unsigned const brka
) = 0;
virtual void addStubEntrySections(upx_byte const *, unsigned);
virtual void unpack(OutputFile *fo) = 0;
protected:
@ -285,6 +287,7 @@ protected:
virtual void pack3(OutputFile *, Filter &); // append loader
virtual const int *getCompressionMethods(int method, int level) const;
virtual int buildLoader(const Filter *);
virtual Linker* newLinker() const;
};
/*************************************************************************
@ -304,6 +307,7 @@ protected:
virtual void pack1(OutputFile *, Filter &); // generate executable header
virtual const int *getCompressionMethods(int method, int level) const;
virtual int buildLoader(const Filter *);
virtual Linker* newLinker() const;
};
/*************************************************************************
@ -326,6 +330,7 @@ protected:
virtual void pack1(OutputFile *, Filter &); // generate executable header
virtual int buildLoader(const Filter *);
virtual Linker* newLinker() const;
virtual int buildLinuxLoader(
upx_byte const *const proto, // assembly-only sections
unsigned const szproto,

26
src/stub/Makefile
View File

@ -185,10 +185,12 @@ tc.amd64-linux.elf.objcopy = $(call tc,m-objcopy)
tc.amd64-linux.elf.objdump = $(call tc,m-objdump)
tc.amd64-linux.elf.objstrip = $(call tc,objcopy) -R .comment -R .note
amd64-linux.elf-entry.h : $(srcdir)/src/$$T.S
$(call tc,gcc) -c $< -o tmp/$T.o
$(call tc,objstrip) tmp/$T.o
$(call tc,ld) --oformat binary tmp/$T.o -o tmp/$T.bin
amd64-linux.elf-entry.h: $(srcdir)/src/$$T.asm
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.bin
$(call tc,m-objcopy) --strip-unneeded tmp/$T.bin
$(call tc,m-objcopy) -R .text -R .data -R .bss tmp/$T.bin
$(call tc,m-objcopy) -R .note -R .comment tmp/$T.bin
$(call tc,m-objdump) -trwh tmp/$T.bin >> tmp/$T.bin
$(call tc,bin2h) --ident=linux_elf64amd_loader tmp/$T.bin $@
amd64-linux.elf-fold.h : tmp/$$T.o tmp/amd64-linux.elf-main.o $(srcdir)/src/$$T.lds
@ -332,9 +334,11 @@ tc.i386-bsd.elf.objdump = $(call tc,m-objdump)
tc.i386-bsd.elf.objstrip = $(call tc,objcopy) -R .comment -R .note
i386-bsd.elf-entry.h : $(srcdir)/src/$$T.asm
$(call tc,pp-nasm) $< -o tmp/$T.tmp1
$(call tc,app-nasm) tmp/$T.tmp1 tmp/$T.tmp2
$(call tc,nasm) -f bin -l tmp/$T.bin.lst tmp/$T.tmp2 -o tmp/$T.bin
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.bin
$(call tc,m-objcopy) --strip-unneeded tmp/$T.bin
$(call tc,m-objcopy) -R .text -R .data -R .bss tmp/$T.bin
$(call tc,m-objcopy) -R .note -R .comment tmp/$T.bin
$(call tc,m-objdump) -trwh tmp/$T.bin >> tmp/$T.bin
$(call tc,bin2h) --ident=bsd_i386elf_loader tmp/$T.bin $@
i386-bsd.elf-fold.h : tmp/$$T.o tmp/i386-bsd.elf-main.o $(srcdir)/src/$$T.lds
@ -459,9 +463,11 @@ tc.i386-linux.elf.objdump = $(call tc,m-objdump)
tc.i386-linux.elf.objstrip = $(call tc,objcopy) -R .comment -R .note
i386-linux.elf-entry.h : $(srcdir)/src/$$T.asm
$(call tc,pp-nasm) $< -o tmp/$T.tmp1
$(call tc,app-nasm) tmp/$T.tmp1 tmp/$T.tmp2
$(call tc,nasm) -f bin -l tmp/$T.bin.lst tmp/$T.tmp2 -o tmp/$T.bin
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.bin
$(call tc,m-objcopy) --strip-unneeded tmp/$T.bin
$(call tc,m-objcopy) -R .text -R .data -R .bss tmp/$T.bin
$(call tc,m-objcopy) -R .note -R .comment tmp/$T.bin
$(call tc,m-objdump) -trwh tmp/$T.bin >> tmp/$T.bin
$(call tc,bin2h) --ident=linux_i386elf_loader tmp/$T.bin $@
i386-linux.elf-fold.h : tmp/$$T.o tmp/i386-linux.elf-main.o $(srcdir)/src/$$T.lds

246
src/stub/amd64-linux.elf-entry.h
View File

@ -1,4 +1,4 @@
/* amd64-linux.elf-entry.h -- created from amd64-linux.elf-entry.bin, 701 (0x2bd) bytes
/* amd64-linux.elf-entry.h -- created from amd64-linux.elf-entry.bin, 3066 (0xbfa) bytes
This file is part of the UPX executable compressor.
@ -27,53 +27,201 @@
*/
#define LINUX_ELF64AMD_LOADER_SIZE 701
#define LINUX_ELF64AMD_LOADER_ADLER32 0xf7af3eba
#define LINUX_ELF64AMD_LOADER_CRC32 0x8ec9e668
#define LINUX_ELF64AMD_LOADER_SIZE 3066
#define LINUX_ELF64AMD_LOADER_ADLER32 0x7a3e6996
#define LINUX_ELF64AMD_LOADER_CRC32 0x5bbfae22
unsigned char linux_elf64amd_loader[701] = {
232,178, 2, 0, 0, 85, 83, 81, 82, 72, 1,254, 86, 72,137,254, /* 0x 0 */
72,137,215, 49,219, 49,201, 72,131,205,255,232,129, 1, 0, 0, /* 0x 10 */
1,219,116, 2,243,195,139, 30, 72,131,238,252, 17,219,138, 22, /* 0x 20 */
243,195, 72,141, 4, 47,131,249, 5,138, 16,118, 33, 72,131,253, /* 0x 30 */
252,119, 27,131,233, 4,139, 16, 72,131,192, 4,131,233, 4,137, /* 0x 40 */
23, 72,141,127, 4,115,239,131,193, 4,138, 16,116, 16, 72,255, /* 0x 50 */
192,136, 23,131,233, 1,138, 16, 72,141,127, 1,117,240,243,195, /* 0x 60 */
72,255,198,136, 23, 72,255,199,138, 22, 1,219,117, 10,139, 30, /* 0x 70 */
72,131,238,252, 17,219,138, 22,114,230,141, 65, 1,235, 7,255, /* 0x 80 */
200, 65,255,211, 17,192, 65,255,211, 17,192, 1,219,117, 10,139, /* 0x 90 */
30, 72,131,238,252, 17,219,138, 22,115,228,131,232, 3,114, 29, /* 0x a0 */
193,224, 8, 15,182,210, 9,208, 72,255,198,131,240,255, 15,132, /* 0x b0 */
244, 0, 0, 0,209,248, 72, 99,232,114, 56,235, 14, 1,219,117, /* 0x c0 */
8,139, 30, 72,131,238,252, 17,219,114, 40,255,193, 1,219,117, /* 0x d0 */
8,139, 30, 72,131,238,252, 17,219,114, 24, 65,255,211, 17,201, /* 0x e0 */
1,219,117, 8,139, 30, 72,131,238,252, 17,219,115,237,131,193, /* 0x f0 */
2,235, 5, 65,255,211, 17,201, 72,129,253, 0,251,255,255,131, /* 0x 100 */
209, 2,232, 27,255,255,255,233, 92,255,255,255,102,102,102,144, /* 0x 110 */
72,255,198,136, 23, 72,255,199,138, 22, 1,219,117, 10,139, 30, /* 0x 120 */
72,131,238,252, 17,219,138, 22,114,230,141, 65, 1, 65,255,211, /* 0x 130 */
17,192, 1,219,117, 10,139, 30, 72,131,238,252, 17,219,138, 22, /* 0x 140 */
115,235,131,232, 3,114, 19,193,224, 8, 15,182,210, 9,208, 72, /* 0x 150 */
255,198,131,240,255,116, 81, 72, 99,232,141, 65, 1, 65,255,211, /* 0x 160 */
17,201, 65,255,211, 17,201,117, 24,137,193,131,192, 2, 65,255, /* 0x 170 */
211, 17,201, 1,219,117, 8,139, 30, 72,131,238,252, 17,219,115, /* 0x 180 */
237, 72,129,253, 0,243,255,255, 17,193,232,147,254,255,255,235, /* 0x 190 */
135,252, 65, 91, 65,131,248, 8, 15,132,202,254,255,255, 65,131, /* 0x 1a0 */
248, 2, 15,132,112,255,255,255, 89, 72,137,240, 72, 41,200, 90, /* 0x 1b0 */
72, 41,215, 89,137, 57, 91, 93,195, 10, 36, 73,100, 58, 32, 85, /* 0x 1c0 */
80, 88, 32, 40, 67, 41, 32, 49, 57, 57, 54, 45, 50, 48, 48, 54, /* 0x 1d0 */
32,116,104,101, 32, 85, 80, 88, 32, 84,101, 97,109, 46, 32, 65, /* 0x 1e0 */
108,108, 32, 82,105,103,104,116,115, 32, 82,101,115,101,114,118, /* 0x 1f0 */
101,100, 46, 32,104,116,116,112, 58, 47, 47,117,112,120, 46,115, /* 0x 200 */
102, 46,110,101,116, 32, 36, 10, 0,104, 30, 0, 0, 0, 90,232, /* 0x 210 */
30, 0, 0, 0, 80, 82, 79, 84, 95, 69, 88, 69, 67,124, 80, 82, /* 0x 220 */
79, 84, 95, 87, 82, 73, 84, 69, 32,102, 97,105,108,101,100, 46, /* 0x 230 */
10, 0, 94,106, 2, 95,106, 1, 88, 15, 5,106,127, 95,106, 60, /* 0x 240 */
88, 15, 5, 91,191, 65, 68, 82, 77,106, 7, 90,190, 76, 69, 78, /* 0x 250 */
77,106, 50, 65, 90, 69, 41,192,106, 9, 88, 15, 5, 57,199,117, /* 0x 260 */
168,104, 74, 77, 80, 85,104, 65, 68, 82, 85,190, 65, 68, 82, 67, /* 0x 270 */
104, 76, 69, 78, 85,185, 67, 78, 84, 67,104, 65, 68, 82, 88,104, /* 0x 280 */
76, 69, 78, 88,137,250, 41,242, 1,213, 1,211,252,243, 72,165, /* 0x 290 */
151,137,222, 80,146,173, 80, 72,137,225,173,151,173, 68, 15,182, /* 0x 2a0 */
192,135,254,255,213, 89,195, 93,232,150,255,255,255 /* 0x 2b0 */
unsigned char linux_elf64amd_loader[3066] = {
127, 69, 76, 70, 2, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 0 */
1, 0, 62, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 10 */
0, 0, 0, 0, 0, 0, 0, 0, 40, 3, 0, 0, 0, 0, 0, 0, /* 0x 20 */
0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 64, 0, 6, 0, 3, 0, /* 0x 30 */
232,178, 2, 0, 0, 85, 83, 81, 82, 72, 1,254, 86, 72,137,254, /* 0x 40 */
72,137,215, 49,219, 49,201, 72,131,205,255,232,129, 1, 0, 0, /* 0x 50 */
1,219,116, 2,243,195,139, 30, 72,131,238,252, 17,219,138, 22, /* 0x 60 */
243,195, 72,141, 4, 47,131,249, 5,138, 16,118, 33, 72,131,253, /* 0x 70 */
252,119, 27,131,233, 4,139, 16, 72,131,192, 4,131,233, 4,137, /* 0x 80 */
23, 72,141,127, 4,115,239,131,193, 4,138, 16,116, 16, 72,255, /* 0x 90 */
192,136, 23,131,233, 1,138, 16, 72,141,127, 1,117,240,243,195, /* 0x a0 */
72,255,198,136, 23, 72,255,199,138, 22, 1,219,117, 10,139, 30, /* 0x b0 */
72,131,238,252, 17,219,138, 22,114,230,141, 65, 1,235, 7,255, /* 0x c0 */
200, 65,255,211, 17,192, 65,255,211, 17,192, 1,219,117, 10,139, /* 0x d0 */
30, 72,131,238,252, 17,219,138, 22,115,228,131,232, 3,114, 29, /* 0x e0 */
193,224, 8, 15,182,210, 9,208, 72,255,198,131,240,255, 15,132, /* 0x f0 */
244, 0, 0, 0,209,248, 72, 99,232,114, 56,235, 14, 1,219,117, /* 0x 100 */
8,139, 30, 72,131,238,252, 17,219,114, 40,255,193, 1,219,117, /* 0x 110 */
8,139, 30, 72,131,238,252, 17,219,114, 24, 65,255,211, 17,201, /* 0x 120 */
1,219,117, 8,139, 30, 72,131,238,252, 17,219,115,237,131,193, /* 0x 130 */
2,235, 5, 65,255,211, 17,201, 72,129,253, 0,251,255,255,131, /* 0x 140 */
209, 2,232, 27,255,255,255,233, 92,255,255,255, 0, 0, 0, 0, /* 0x 150 */
72,255,198,136, 23, 72,255,199,138, 22, 1,219,117, 10,139, 30, /* 0x 160 */
72,131,238,252, 17,219,138, 22,114,230,141, 65, 1, 65,255,211, /* 0x 170 */
17,192, 1,219,117, 10,139, 30, 72,131,238,252, 17,219,138, 22, /* 0x 180 */
115,235,131,232, 3,114, 19,193,224, 8, 15,182,210, 9,208, 72, /* 0x 190 */
255,198,131,240,255,116, 81, 72, 99,232,141, 65, 1, 65,255,211, /* 0x 1a0 */
17,201, 65,255,211, 17,201,117, 24,137,193,131,192, 2, 65,255, /* 0x 1b0 */
211, 17,201, 1,219,117, 8,139, 30, 72,131,238,252, 17,219,115, /* 0x 1c0 */
237, 72,129,253, 0,243,255,255, 17,193,232,147,254,255,255,235, /* 0x 1d0 */
135,252, 65, 91, 65,131,248, 8, 15,132,202,254,255,255, 65,131, /* 0x 1e0 */
248, 2, 15,132,112,255,255,255, 89, 72,137,240, 72, 41,200, 90, /* 0x 1f0 */
72, 41,215, 89,137, 57, 91, 93,195, 10, 36, 73,100, 58, 32, 85, /* 0x 200 */
80, 88, 32, 40, 67, 41, 32, 49, 57, 57, 54, 45, 50, 48, 48, 54, /* 0x 210 */
32,116,104,101, 32, 85, 80, 88, 32, 84,101, 97,109, 46, 32, 65, /* 0x 220 */
108,108, 32, 82,105,103,104,116,115, 32, 82,101,115,101,114,118, /* 0x 230 */
101,100, 46, 32,104,116,116,112, 58, 47, 47,117,112,120, 46,115, /* 0x 240 */
102, 46,110,101,116, 32, 36, 10, 0,104, 30, 0, 0, 0, 90,232, /* 0x 250 */
30, 0, 0, 0, 80, 82, 79, 84, 95, 69, 88, 69, 67,124, 80, 82, /* 0x 260 */
79, 84, 95, 87, 82, 73, 84, 69, 32,102, 97,105,108,101,100, 46, /* 0x 270 */
10, 0, 94,106, 2, 95,106, 1, 88, 15, 5,106,127, 95,106, 60, /* 0x 280 */
88, 15, 5, 91,191, 0, 0, 0, 0,106, 7, 90,190, 0, 0, 0, /* 0x 290 */
0,106, 50, 65, 90, 69, 41,192,106, 9, 88, 15, 5, 57,199,117, /* 0x 2a0 */
168,104, 0, 0, 0, 0,104, 0, 0, 0, 0,190, 0, 0, 0, 0, /* 0x 2b0 */
104, 0, 0, 0, 0,185, 0, 0, 0, 0,104, 0, 0, 0, 0,104, /* 0x 2c0 */
0, 0, 0, 0,137,250, 41,242, 1,213, 1,211,252,243, 72,165, /* 0x 2d0 */
151,137,222, 80,146,173, 80, 72,137,225,173,151,173, 68, 15,182, /* 0x 2e0 */
192,135,254,255,213, 89,195, 93,232,150,255,255,255, 0, 46,115, /* 0x 2f0 */
121,109,116, 97, 98, 0, 46,115,116,114,116, 97, 98, 0, 46,115, /* 0x 300 */
104,115,116,114,116, 97, 98, 0, 46,114,101,108, 97, 76, 69, 88, /* 0x 310 */
69, 67, 48, 48, 48, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 320 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 330 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 340 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 350 */
0, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 1, 0, 0, 0, /* 0x 360 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 370 */
64, 0, 0, 0, 0, 0, 0, 0,189, 2, 0, 0, 0, 0, 0, 0, /* 0x 380 */
0, 0, 0, 0, 0, 0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 0, /* 0x 390 */
0, 0, 0, 0, 0, 0, 0, 0, 27, 0, 0, 0, 4, 0, 0, 0, /* 0x 3a0 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 3b0 */
0, 6, 0, 0, 0, 0, 0, 0,216, 0, 0, 0, 0, 0, 0, 0, /* 0x 3c0 */
4, 0, 0, 0, 1, 0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 0, /* 0x 3d0 */
24, 0, 0, 0, 0, 0, 0, 0, 17, 0, 0, 0, 3, 0, 0, 0, /* 0x 3e0 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 3f0 */
253, 2, 0, 0, 0, 0, 0, 0, 41, 0, 0, 0, 0, 0, 0, 0, /* 0x 400 */
0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, /* 0x 410 */
0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 2, 0, 0, 0, /* 0x 420 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 430 */
168, 4, 0, 0, 0, 0, 0, 0, 32, 1, 0, 0, 0, 0, 0, 0, /* 0x 440 */
5, 0, 0, 0, 2, 0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 0, /* 0x 450 */
24, 0, 0, 0, 0, 0, 0, 0, 9, 0, 0, 0, 3, 0, 0, 0, /* 0x 460 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 470 */
200, 5, 0, 0, 0, 0, 0, 0, 53, 0, 0, 0, 0, 0, 0, 0, /* 0x 480 */
0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, /* 0x 490 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 4a0 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 4b0 */
0, 0, 0, 0, 3, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 4c0 */
0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 16, 0, 1, 0, /* 0x 4d0 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 4e0 */
8, 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 4f0 */
0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 16, 0, 0, 0, /* 0x 500 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 510 */
18, 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 520 */
0, 0, 0, 0, 0, 0, 0, 0, 23, 0, 0, 0, 16, 0, 0, 0, /* 0x 530 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 540 */
28, 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 550 */
0, 0, 0, 0, 0, 0, 0, 0, 33, 0, 0, 0, 16, 0, 0, 0, /* 0x 560 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 570 */
38, 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 580 */
0, 0, 0, 0, 0, 0, 0, 0, 43, 0, 0, 0, 16, 0, 0, 0, /* 0x 590 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 5a0 */
48, 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 5b0 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 95,115,116, 97,114,116, 0, /* 0x 5c0 */
65, 68, 82, 77, 0, 76, 69, 78, 77, 0, 74, 77, 80, 85, 0, 65, /* 0x 5d0 */
68, 82, 85, 0, 65, 68, 82, 67, 0, 76, 69, 78, 85, 0, 67, 78, /* 0x 5e0 */
84, 67, 0, 65, 68, 82, 88, 0, 76, 69, 78, 88, 0, 0, 0, 0, /* 0x 5f0 */
85, 2, 0, 0, 0, 0, 0, 0, 10, 0, 0, 0, 3, 0, 0, 0, /* 0x 600 */
0, 0, 0, 0, 0, 0, 0, 0, 93, 2, 0, 0, 0, 0, 0, 0, /* 0x 610 */
10, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 620 */
114, 2, 0, 0, 0, 0, 0, 0, 10, 0, 0, 0, 5, 0, 0, 0, /* 0x 630 */
0, 0, 0, 0, 0, 0, 0, 0,119, 2, 0, 0, 0, 0, 0, 0, /* 0x 640 */
10, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 650 */
124, 2, 0, 0, 0, 0, 0, 0, 10, 0, 0, 0, 7, 0, 0, 0, /* 0x 660 */
0, 0, 0, 0, 0, 0, 0, 0,129, 2, 0, 0, 0, 0, 0, 0, /* 0x 670 */
10, 0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 680 */
134, 2, 0, 0, 0, 0, 0, 0, 10, 0, 0, 0, 9, 0, 0, 0, /* 0x 690 */
0, 0, 0, 0, 0, 0, 0, 0,139, 2, 0, 0, 0, 0, 0, 0, /* 0x 6a0 */
10, 0, 0, 0, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 6b0 */
144, 2, 0, 0, 0, 0, 0, 0, 10, 0, 0, 0, 11, 0, 0, 0, /* 0x 6c0 */
0, 0, 0, 0, 0, 0, 0, 0, 10,116,109,112, 47, 97,109,100, /* 0x 6d0 */
54, 52, 45,108,105,110,117,120, 46,101,108,102, 45,101,110,116, /* 0x 6e0 */
114,121, 46, 98,105,110, 58, 32, 32, 32, 32, 32,102,105,108,101, /* 0x 6f0 */
32,102,111,114,109, 97,116, 32,101,108,102, 54, 52, 45,120, 56, /* 0x 700 */
54, 45, 54, 52, 10, 10, 83,101, 99,116,105,111,110,115, 58, 10, /* 0x 710 */
73,100,120, 32, 78, 97,109,101, 32, 32, 32, 32, 32, 32, 32, 32, /* 0x 720 */
32, 32, 83,105,122,101, 32, 32, 32, 32, 32, 32, 86, 77, 65, 32, /* 0x 730 */
32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 76, 77, /* 0x 740 */
65, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, /* 0x 750 */
70,105,108,101, 32,111,102,102, 32, 32, 65,108,103,110, 32, 32, /* 0x 760 */
70,108, 97,103,115, 10, 32, 32, 48, 32, 76, 69, 88, 69, 67, 48, /* 0x 770 */
48, 48, 32, 32, 32, 32, 32, 32, 48, 48, 48, 48, 48, 50, 98,100, /* 0x 780 */
32, 32, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 790 */
48, 48, 32, 32, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 7a0 */
48, 48, 48, 48, 32, 32, 48, 48, 48, 48, 48, 48, 52, 48, 32, 32, /* 0x 7b0 */
50, 42, 42, 51, 32, 32, 67, 79, 78, 84, 69, 78, 84, 83, 44, 32, /* 0x 7c0 */
82, 69, 76, 79, 67, 44, 32, 82, 69, 65, 68, 79, 78, 76, 89, 10, /* 0x 7d0 */
83, 89, 77, 66, 79, 76, 32, 84, 65, 66, 76, 69, 58, 10, 48, 48, /* 0x 7e0 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 32,108, /* 0x 7f0 */
32, 32, 32, 32,100, 32, 32, 76, 69, 88, 69, 67, 48, 48, 48, 9, /* 0x 800 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 810 */
32, 76, 69, 88, 69, 67, 48, 48, 48, 10, 48, 48, 48, 48, 48, 48, /* 0x 820 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 32,103, 32, 32, 32, 32, /* 0x 830 */
32, 32, 32, 76, 69, 88, 69, 67, 48, 48, 48, 9, 48, 48, 48, 48, /* 0x 840 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 32, 95,115,116, /* 0x 850 */
97,114,116, 10, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 860 */
48, 48, 48, 48, 32, 32, 32, 32, 32, 32, 32, 32, 32, 42, 85, 78, /* 0x 870 */
68, 42, 9, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 880 */
48, 48, 48, 32, 65, 68, 82, 77, 10, 48, 48, 48, 48, 48, 48, 48, /* 0x 890 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 32, 32, 32, 32, 32, 32, 32, /* 0x 8a0 */
32, 32, 42, 85, 78, 68, 42, 9, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 8b0 */
48, 48, 48, 48, 48, 48, 48, 48, 32, 76, 69, 78, 77, 10, 48, 48, /* 0x 8c0 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 32, 32, /* 0x 8d0 */
32, 32, 32, 32, 32, 32, 32, 42, 85, 78, 68, 42, 9, 48, 48, 48, /* 0x 8e0 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 32, 74, 77, /* 0x 8f0 */
80, 85, 10, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 900 */
48, 48, 48, 32, 32, 32, 32, 32, 32, 32, 32, 32, 42, 85, 78, 68, /* 0x 910 */
42, 9, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 920 */
48, 48, 32, 65, 68, 82, 85, 10, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 930 */
48, 48, 48, 48, 48, 48, 48, 48, 32, 32, 32, 32, 32, 32, 32, 32, /* 0x 940 */
32, 42, 85, 78, 68, 42, 9, 48, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 950 */
48, 48, 48, 48, 48, 48, 48, 32, 65, 68, 82, 67, 10, 48, 48, 48, /* 0x 960 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 32, 32, 32, /* 0x 970 */
32, 32, 32, 32, 32, 32, 42, 85, 78, 68, 42, 9, 48, 48, 48, 48, /* 0x 980 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 32, 76, 69, 78, /* 0x 990 */
85, 10, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 9a0 */
48, 48, 32, 32, 32, 32, 32, 32, 32, 32, 32, 42, 85, 78, 68, 42, /* 0x 9b0 */
9, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 9c0 */
48, 32, 67, 78, 84, 67, 10, 48, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 9d0 */
48, 48, 48, 48, 48, 48, 48, 32, 32, 32, 32, 32, 32, 32, 32, 32, /* 0x 9e0 */
42, 85, 78, 68, 42, 9, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x 9f0 */
48, 48, 48, 48, 48, 48, 32, 65, 68, 82, 88, 10, 48, 48, 48, 48, /* 0x a00 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 32, 32, 32, 32, /* 0x a10 */
32, 32, 32, 32, 32, 42, 85, 78, 68, 42, 9, 48, 48, 48, 48, 48, /* 0x a20 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 32, 76, 69, 78, 88, /* 0x a30 */
10, 10, 10, 82, 69, 76, 79, 67, 65, 84, 73, 79, 78, 32, 82, 69, /* 0x a40 */
67, 79, 82, 68, 83, 32, 70, 79, 82, 32, 91, 76, 69, 88, 69, 67, /* 0x a50 */
48, 48, 48, 93, 58, 10, 79, 70, 70, 83, 69, 84, 32, 32, 32, 32, /* 0x a60 */
32, 32, 32, 32, 32, 32, 32, 84, 89, 80, 69, 32, 32, 32, 32, 32, /* 0x a70 */
32, 32, 32, 32, 32, 32, 32, 32, 32, 86, 65, 76, 85, 69, 32, 10, /* 0x a80 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 50, 53, 53, /* 0x a90 */
32, 82, 95, 88, 56, 54, 95, 54, 52, 95, 51, 50, 32, 32, 32, 32, /* 0x aa0 */
32, 32, 32, 65, 68, 82, 77, 10, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x ab0 */
48, 48, 48, 48, 48, 50, 53,100, 32, 82, 95, 88, 56, 54, 95, 54, /* 0x ac0 */
52, 95, 51, 50, 32, 32, 32, 32, 32, 32, 32, 76, 69, 78, 77, 10, /* 0x ad0 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 50, 55, 50, /* 0x ae0 */
32, 82, 95, 88, 56, 54, 95, 54, 52, 95, 51, 50, 32, 32, 32, 32, /* 0x af0 */
32, 32, 32, 74, 77, 80, 85, 10, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x b00 */
48, 48, 48, 48, 48, 50, 55, 55, 32, 82, 95, 88, 56, 54, 95, 54, /* 0x b10 */
52, 95, 51, 50, 32, 32, 32, 32, 32, 32, 32, 65, 68, 82, 85, 10, /* 0x b20 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 50, 55, 99, /* 0x b30 */
32, 82, 95, 88, 56, 54, 95, 54, 52, 95, 51, 50, 32, 32, 32, 32, /* 0x b40 */
32, 32, 32, 65, 68, 82, 67, 10, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x b50 */
48, 48, 48, 48, 48, 50, 56, 49, 32, 82, 95, 88, 56, 54, 95, 54, /* 0x b60 */
52, 95, 51, 50, 32, 32, 32, 32, 32, 32, 32, 76, 69, 78, 85, 10, /* 0x b70 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 50, 56, 54, /* 0x b80 */
32, 82, 95, 88, 56, 54, 95, 54, 52, 95, 51, 50, 32, 32, 32, 32, /* 0x b90 */
32, 32, 32, 67, 78, 84, 67, 10, 48, 48, 48, 48, 48, 48, 48, 48, /* 0x ba0 */
48, 48, 48, 48, 48, 50, 56, 98, 32, 82, 95, 88, 56, 54, 95, 54, /* 0x bb0 */
52, 95, 51, 50, 32, 32, 32, 32, 32, 32, 32, 65, 68, 82, 88, 10, /* 0x bc0 */
48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 50, 57, 48, /* 0x bd0 */
32, 82, 95, 88, 56, 54, 95, 54, 52, 95, 51, 50, 32, 32, 32, 32, /* 0x be0 */
32, 32, 32, 76, 69, 78, 88, 10, 10, 10 /* 0x bf0 */
};

3606
src/stub/i386-bsd.elf-entry.h
View File

File diff suppressed because it is too large Load Diff

3606
src/stub/i386-linux.elf-entry.h
View File

File diff suppressed because it is too large Load Diff

273
src/stub/src/amd64-linux.elf-entry.asm Normal file
View File

@ -0,0 +1,273 @@
/* l_lx_elf64amd.asm -- Linux program entry point & decompressor (Elf binary)
*
* This file is part of the UPX executable compressor.
*
* Copyright (C) 1996-2006 Markus Franz Xaver Johannes Oberhumer
* Copyright (C) 1996-2006 Laszlo Molnar
* Copyright (C) 2000-2006 John F. Reiser
* All Rights Reserved.
*
* UPX and the UCL library are free software; you can redistribute them
* and/or modify them under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of
* the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; see the file COPYING.
* If not, write to the Free Software Foundation, Inc.,
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Markus F.X.J. Oberhumer Laszlo Molnar
* <mfx@users.sourceforge.net> <ml1050@users.sourceforge.net>
*
* John F. Reiser
* <jreiser@users.sourceforge.net>
*/
//#include "arch/i386/macros2.ash"
#include "arch/amd64/regs.h"
sz_l_info= 12
l_lsize= 8
sz_p_info= 12
sz_b_info= 12
sz_unc= 0
sz_cpr= 4
b_method= 8
PROT_READ= 1
PROT_WRITE= 2
PROT_EXEC= 4
MAP_PRIVATE= 2
MAP_FIXED= 0x10
MAP_ANONYMOUS= 0x20
SYS_mmap= 9 // 64-bit mode only!
PAGE_SHIFT= 12
PAGE_MASK= (~0<<PAGE_SHIFT)
PAGE_SIZE= -PAGE_MASK
M_NRV2B_LE32=2 // ../conf.h
M_NRV2E_LE32=8
.section LEXEC000
_start: .globl _start
call main // push &decompress
/* Returns 0 on success; non-zero on failure. */
decompress: // (uchar const *src, size_t lsrc, uchar *dst, u32 &ldst, uint method)
/* Arguments according to calling convention */
#define src %arg1
#define lsrc %arg2
#define dst %arg3
#define ldst %arg4 /* Out: actually a reference: &len_dst */
#define meth %arg5l
/* Working registers */
#define off %eax /* XXX: 2GB */
#define len %ecx /* XXX: 2GB */
#define lenq %rcx
#define bits %ebx
#define disp %rbp
push %rbp; push %rbx // C callable
push ldst
push dst
addq src,lsrc; push lsrc // &input_eof
movq src,%rsi // hardware src for movsb, lodsb
movq dst,%rdi // hardware dst for movsb
xor bits,bits // empty; force refill
xor len,len // create loop invariant
orq $(~0),disp // -1: initial displacement
call setup // push &getbit [TUNED]
ra_setup:
/* AMD64 branch prediction is much worse if there are more than 3 branches
per 16-byte block. The jnextb would suffer unless inlined. getnextb is OK
using closed subroutine to save space, and should be OK on cycles because
CALL+RET should be predicted. getnextb could partially expand, using closed
subroutine only for refill.
*/
/* jump on next bit {0,1} with prediction {y==>likely, n==>unlikely} */
/* Prediction omitted for now. */
/* On refill: prefetch next byte, for latency reduction on literals and offsets. */
#define jnextb0np jnextb0yp
#define jnextb0yp GETBITp; jnc
#define jnextb1np jnextb1yp
#define jnextb1yp GETBITp; jc
#define GETBITp \
addl bits,bits; jnz 0f; \
movl (%rsi),bits; subq $-4,%rsi; \
adcl bits,bits; movb (%rsi),%dl; \
0:
/* Same, but without prefetch (not useful for length of match.) */
#define jnextb0n jnextb0y
#define jnextb0y GETBIT; jnc
#define jnextb1n jnextb1y
#define jnextb1y GETBIT; jc
#define GETBIT \
addl bits,bits; jnz 0f; \
movl (%rsi),bits; subq $-4,%rsi; \
adcl bits,bits; \
0:
/* rotate next bit into bottom bit of reg */
#define getnextbp(reg) call *%r11; adcl reg,reg
#define getnextb(reg) getnextbp(reg)
.p2align 3
getbit:
addl bits,bits; jz refill // Carry= next bit
rep; ret
refill:
movl (%rsi),bits; subq $-4,%rsi // next 32 bits; set Carry
adcl bits,bits // LSB= 1 (CarryIn); CarryOut= next bit
movb (%rsi),%dl // speculate: literal, or bottom 8 bits of offset
rep; ret
copy: // In: len, %rdi, disp; Out: 0==len, %rdi, disp; trashes %rax, %rdx
leaq (%rdi,disp),%rax; cmpl $5,len // <=3 is forced
movb (%rax),%dl; jbe copy1 // <=5 for better branch predict
cmpq $-4,disp; ja copy1 // 4-byte chunks would overlap
subl $4,len // adjust for termination cases
copy4:
movl (%rax),%edx; addq $4, %rax; subl $4,len
movl %edx,(%rdi); leaq 4(%rdi),%rdi; jnc copy4
addl $4,len; movb (%rax),%dl; jz copy0
copy1:
incq %rax; movb %dl,(%rdi); subl $1,len
movb (%rax),%dl
leaq 1(%rdi),%rdi; jnz copy1
copy0:
rep; ret
#include "arch/amd64/nrv2e_d.S"
#include "arch/amd64/nrv2b_d.S"
setup:
cld
pop %r11 // addq $ getbit - ra_setup,%r11 # &getbit
cmpl $ M_NRV2E_LE32,meth; je top_n2e
cmpl $ M_NRV2B_LE32,meth; je top_n2b
eof:
pop %rcx // &input_eof
movq %rsi,%rax; subq %rcx,%rax // src -= eof; // return 0: good; else: bad
pop %rdx; subq %rdx,%rdi // dst -= original dst
pop %rcx; movl %edi,(%rcx) // actual length used at dst XXX: 4GB
pop %rbx; pop %rbp
ret
/* Temporary until we get the buildLoader stuff working ... */
.ascii "\n$Id: UPX (C) 1996-2006 the UPX Team. "
.asciz "All Rights Reserved. http://upx.sf.net $\n"
/* These from /usr/include/asm-x86_64/unistd.h */
__NR_write = 1
__NR_exit = 60
msg_SELinux:
push $ L71 - L70; pop %arg3 // length
call L71
L70:
.asciz "PROT_EXEC|PROT_WRITE failed.\n"
L71:
pop %arg2 // message text
push $2; pop %arg1 // fd stderr
push $ __NR_write; pop %rax
syscall
die:
push $127; pop %arg1
push $ __NR_exit; pop %rax
syscall
/* Decompress the rest of this loader, and jump to it.
Map a page to hold the decompressed bytes. Logically this could
be done by setting .p_memsz for our first PT_LOAD. But as of 2005-11-09,
linux 2.6.14 only does ".bss expansion" on the PT_LOAD that describes the
highest address. [I regard this as a bug, and it makes the kernel's
fs/binfmt_elf.c complicated, buggy, and insecure.] For us, that is the 2nd
PT_LOAD, which is the only way that linux allows to set the brk() for the
uncompressed program. [This is a significant kernel misfeature.]
*/
unfold:
pop %rbx // &b_info
/* Get some pages. If small, then get 1 page located just after the end
of the first PT_LOAD of the compressed program. This will still be below
all of the uncompressed program. If large (>=3MB compressed), then get enough
to duplicate the entire compressed PT_LOAD, plus 1 page, located just after
the brk() of the _un_compressed program. The address and length are pre-
calculated by PackLinuxElf64amd::pack3(), and patched in at compress time.
*/
movl $ ADRM,%edi // XXX: 4GB
push $ PROT_READ | PROT_WRITE | PROT_EXEC; pop %arg3
movl $ LENM,%esi // XXX: 4GB
push $ MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS; pop %sys4
subl %arg5l,%arg5l //; subl %arg6l,%arg6l // MAP_ANON ==> ignore offset
push $ SYS_mmap; pop %rax
syscall // %rax= result; trashes %rcx,%r11 only
cmpl %eax,%edi; jne msg_SELinux // XXX: 4GB
/* Load the addresses and lengths that ::pack3() patched in.
XXX: 2GB Note that PUSH $imm32 sign-extends to 64 bits.
XXX: 4GB Note that MOVL $imm32,reg zero-extends to 64-bits.
(Use an temporary register to obtain 4GB range on PUSH constant.)
*/
push $ JMPU // for unmap in fold
push $ ADRU // for unmap in fold
movl $ ADRC,%esi
push $ LENU // for unmap in fold
movl $ CNTC,%ecx
push $ ADRX //# for upx_main
push $ LENX // for upx_main
/* Move and relocate if compressed overlaps uncompressed.
Move by 0 when total compressed executable is < 3MB.
*/
movl %edi,%edx // ADRM
subl %esi,%edx // (ADRM - ADRC) == relocation amount
addl %edx,%ebp // update &decompress
addl %edx,%ebx // update &b_info
cld
rep; movsq
xchgl %eax,%edi
/* Decompress the folded part of this stub, then execute it. */
movl %ebx,%esi // %arg2l= &b_info (relocated)
push %rax // ret_addr after decompression
xchgl %eax,%arg3l // %arg3= dst for unfolding XXX: 4GB
lodsl; push %rax // allocate slot on stack
movq %rsp,%arg4 // &len_dst ==> &do_not_care
lodsl; xchgl %eax,%arg1l // sz_cpr XXX: 4GB
lodsl; movzbl %al,%arg5l // b_method
xchg %arg1l,%arg2l // XXX: 4GB
call *%rbp // decompress
pop %rcx // discard len_dst
ret
main:
// int3 # uncomment for debugging
pop %rbp // &decompress
call unfold // push &b_info
/* { b_info={sz_unc, sz_cpr, {4 char}}, folded_loader...} */
/*__XTHEENDX__*/
/*
vi:ts=8:et:nowrap
*/

193
src/stub/src/arch/i386/nrv2b_d32_2.ash Normal file
View File

@ -0,0 +1,193 @@
/*
; n2b_d32.ash -- ucl_nrv2b_decompress_le32 in 32-bit assembly
;
; This file is part of the UCL data compression library.
;
; Copyright (C) 1996-2006 Markus Franz Xaver Johannes Oberhumer
; All Rights Reserved.
;
; The UCL library is free software; you can redistribute it and/or
; modify it under the terms of the GNU General Public License as
; published by the Free Software Foundation; either version 2 of
; the License, or (at your option) any later version.
;
; The UCL library is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with the UCL library; see the file COPYING.
; If not, write to the Free Software Foundation, Inc.,
; 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
;
; Markus F.X.J. Oberhumer
; <markus@oberhumer.com>
; http://www.oberhumer.com/opensource/ucl/
;
; ------------- DECOMPRESSION -------------
; Input:
; esi - source
; edi - dest
; ebp - -1
; cld
; Output:
; eax - 0
; ecx - 0
*/
// CPU 386
.macro getbit_n2b one
.ifc \one, 1
add ebx, ebx
jnz 1f
.endif
mov ebx, [esi]
sub esi, -4
adc ebx, ebx
1:
.endm
#undef getbit
#define getbit getbit_n2b
section N2BSMA10
jmps dcl1_n2b
decompr_literals_n2b:
movsb
section N2BFAS10
jmps dcl1_n2b
.balign 8
section N2BFAS11
decompr_literalb_n2b:
mov al, [esi]
inc esi
mov [edi], al
inc edi
section N2BDEC10
decompr_loop_n2b:
add ebx, ebx
jnz dcl2_n2b
dcl1_n2b:
getbit 32
dcl2_n2b:
section N2BSMA20
jcs decompr_literals_n2b
xor eax, eax
inc eax
section N2BFAS20
#ifndef UPX102
mov al, [edi] // force data cache allocate (PentiumPlain or MMX)
#endif
jcs decompr_literalb_n2b
mov eax, 1
section N2BDEC20
loop1_n2b:
getbit 1
adc eax, eax
section N2BSMA30
getbit 1
jncs loop1_n2b
section N2BFAS30
add ebx, ebx
jncs loop1_n2b
jnzs loopend1_n2b
getbit 32
jncs loop1_n2b
loopend1_n2b:
section N2BDEC30
xor ecx, ecx
sub eax, 3
jcs decompr_ebpeax_n2b
shl eax, 8
mov al, [esi]
inc esi
xor eax, -1
jzs decompr_end_n2b
mov ebp, eax
decompr_ebpeax_n2b:
getbit 1
adc ecx, ecx
getbit 1
adc ecx, ecx
jnz decompr_got_mlen_n2b
inc ecx
loop2_n2b:
getbit 1
adc ecx, ecx
section N2BSMA40
getbit 1
jncs loop2_n2b
section N2BFAS40
add ebx, ebx
jnc loop2_n2b
jnz loopend2_n2b
getbit 32
jncs loop2_n2b
loopend2_n2b:
section N2BDUMM1
section N2BSMA50
inc ecx
inc ecx
section N2BFAS50
add ecx, 2
section N2BDEC50
decompr_got_mlen_n2b:
cmp ebp, -0xd00
adc ecx, 1
section N2BSMA60
#ifndef UPX102
push esi
#else
mov edx, esi
#endif
lea esi, [edi+ebp]
rep
movsb
#ifndef UPX102
pop esi
#else
mov esi, edx
#endif
jmp decompr_loop_n2b
section N2BFAS60
lea edx, [edi+ebp]
cmp ebp, -4
#ifndef UPX102
mov al, [edi+ecx] // force data cache allocate (PentiumPlain or MMX)
#endif
jbes decompr_copy4_n2b
loop3_n2b:
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnzs loop3_n2b
jmp decompr_loop_n2b
section N2BFAS61
.balign 4
decompr_copy4_n2b:
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
jas decompr_copy4_n2b
add edi, ecx
jmp decompr_loop_n2b
section N2BDEC60
decompr_end_n2b:
section NRV2BEND
// vi:ts=8:et

201
src/stub/src/arch/i386/nrv2d_d32_2.ash Normal file
View File

@ -0,0 +1,201 @@
/*
; n2d_d32.ash -- ucl_nrv2d_decompress_le32 in 32-bit assembly
;
; This file is part of the UCL data compression library.
;
; Copyright (C) 1996-2006 Markus Franz Xaver Johannes Oberhumer
; All Rights Reserved.
;
; The UCL library is free software; you can redistribute it and/or
; modify it under the terms of the GNU General Public License as
; published by the Free Software Foundation; either version 2 of
; the License, or (at your option) any later version.
;
; The UCL library is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with the UCL library; see the file COPYING.
; If not, write to the Free Software Foundation, Inc.,
; 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
;
; Markus F.X.J. Oberhumer
; <markus@oberhumer.com>
; http://www.oberhumer.com/opensource/ucl/
;
; ------------- DECOMPRESSION -------------
; Input:
; esi - source
; edi - dest
; ebp - -1
; cld
; Output:
; eax - 0
; ecx - 0
*/
// CPU 386
.macro getbit_n2d one
.ifc \one, 1
add ebx, ebx
jnz 1f
.endif
mov ebx, [esi]
sub esi, -4
adc ebx, ebx
1:
.endm
#undef getbit
#define getbit getbit_n2d
section N2DSMA10
jmps dcl1_n2d
decompr_literals_n2d:
movsb
section N2DFAS10
jmps dcl1_n2d
.balign 8
section N2DFAS11
decompr_literalb_n2d:
mov al, [esi]
inc esi
mov [edi], al
inc edi
section N2DDEC10
decompr_loop_n2d:
add ebx, ebx
jnz dcl2_n2d
dcl1_n2d:
getbit 32
dcl2_n2d:
section N2DSMA20
jc decompr_literals_n2d
xor eax, eax
inc eax
section N2DFAS20
#ifndef UPX102
mov al, [edi] // force data cache allocate (PentiumPlain or MMX)
#endif
jc decompr_literalb_n2d
mov eax, 1
section N2DDEC20
loop1_n2d:
getbit 1
adc eax, eax
section N2DSMA30
getbit 1
jc loopend1_n2d
section N2DFAS30
add ebx, ebx
jnc loopcontinue1_n2d
jnz loopend1_n2d
getbit 32
jc loopend1_n2d
loopcontinue1_n2d:
section N2DDEC30
dec eax
getbit 1
adc eax, eax
jmps loop1_n2d
loopend1_n2d:
xor ecx, ecx
sub eax, 3
jb decompr_prev_dist_n2d
shl eax, 8
mov al, [esi]
inc esi
xor eax, -1
jz decompr_end_n2d
sar eax, 1 // shift low-bit into carry
mov ebp, eax
jmps decompr_ebpeax_n2d
decompr_prev_dist_n2d:
getbit 1
decompr_ebpeax_n2d:
adc ecx, ecx
getbit 1
adc ecx, ecx
jnz decompr_got_mlen_n2d
inc ecx
loop2_n2d:
getbit 1
adc ecx, ecx
section N2DSMA40
getbit 1
jnc loop2_n2d
section N2DFAS40
add ebx, ebx
jnc loop2_n2d
jnz loopend2_n2d
getbit 32
jnc loop2_n2d
loopend2_n2d:
section N2DDUMM1
section N2DSMA50
inc ecx
inc ecx
section N2DFAS50
add ecx, 2
section N2DDEC50
decompr_got_mlen_n2d:
cmp ebp, -0x500
adc ecx, 1
section N2DSMA60
#ifndef UPX102
push esi
#else
mov edx, esi
#endif
lea esi, [edi+ebp]
rep
movsb
#ifndef UPX102
pop esi
#else
mov esi, edx
#endif
jmp decompr_loop_n2d
section N2DFAS60
lea edx, [edi+ebp]
cmp ebp, -4
#ifndef UPX102
mov al, [edi+ecx] // force data cache allocate (PentiumPlain or MMX)
#endif
jbe decompr_copy4_n2d
loop3_n2d:
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz loop3_n2d
jmp decompr_loop_n2d
section N2DFAS61
.balign 4
decompr_copy4_n2d:
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja decompr_copy4_n2d
add edi, ecx
jmp decompr_loop_n2d
section N2DDEC60
decompr_end_n2d:
section NRV2DEND
// vi:ts=8:et

225
src/stub/src/i386-bsd.elf-entry.asm
View File

@ -1,3 +1,4 @@
/*
; i386-BSD.elf-entry.asm -- BSD program entry point & decompressor (Elf binary)
;
; This file is part of the UPX executable compressor.
@ -28,24 +29,22 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
// CPU 386
#include "arch/i386/macros2.ash"
BITS 32
SECTION .text
CPU 386
/*************************************************************************
// program entry point
// see glibc/sysdeps/i386/elf/start.S
**************************************************************************/
%define jmps jmp short
%define jmpn jmp near
; /*************************************************************************
; // program entry point
; // see glibc/sysdeps/i386/elf/start.S
; **************************************************************************/
GLOBAL _start
;__LEXEC000__
_start:
;;;; int3
section LEXEC000
_start: .globl _start
//// int3
/*
;; How to debug this code: Uncomment the 'int3' breakpoint instruction above.
;; Build the stubs and upx. Compress a testcase, such as a copy of /bin/date.
;; Invoke gdb, and give a 'run' command. Define a single-step macro such as
@ -62,7 +61,8 @@ _start:
;; end
;; Step through the code; remember that <Enter> repeats the previous command.
;;
call main ; push address of decompress subroutine
*/
call main // push address of decompress subroutine
decompress:
; /*************************************************************************
@ -70,43 +70,42 @@ decompress:
; **************************************************************************/
; /* Offsets to parameters, allowing for {push + pusha + call} */
%define O_INP (4+ 8*4 +1*4)
%define O_INS (4+ 8*4 +2*4)
%define O_OUTP (4+ 8*4 +3*4)
%define O_OUTS (4+ 8*4 +4*4)
%define O_PARAM (4+ 8*4 +5*4)
#define O_INP (4+ 8*4 +1*4)
#define O_INS (4+ 8*4 +2*4)
#define O_OUTP (4+ 8*4 +3*4)
#define O_OUTS (4+ 8*4 +4*4)
#define O_PARAM (4+ 8*4 +5*4)
%define INP dword [esp+O_INP]
%define INS dword [esp+O_INS]
%define OUTP dword [esp+O_OUTP]
%define OUTS dword [esp+O_OUTS]
%define PARM dword [esp+O_PARAM]
#define INP dword [esp+O_INP]
#define INS dword [esp+O_INS]
#define OUTP dword [esp+O_OUTP]
#define OUTS dword [esp+O_OUTS]
#define PARM dword [esp+O_PARAM]
;__LEXEC009__
;; empty section for commonality with l_lx_exec86.asm
;__LEXEC010__
section LEXEC009
// empty section for commonality with l_lx_exec86.asm
section LEXEC010
pusha
push byte '?' ; cto8 (sign extension does not matter)
; cld
push '?' // cto8 (sign extension does not matter)
// cld
mov esi, INP
mov edi, OUTP
or ebp, byte -1
;;; align 8
or ebp, -1
//// align 8
%include "arch/i386/nrv2b_d32.ash"
%include "arch/i386/nrv2d_d32.ash"
%include "arch/i386/nrv2e_d32.ash"
%include "arch/i386/lzma_d.ash"
%include "arch/i386/macros.ash"
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
//#include "arch/i386/lzma_d.ash" // FIXME
cjt32 0
;__LEXEC015__
; eax is 0 from decompressor code
;xor eax, eax ; return code
section LEXEC015
// eax is 0 from decompressor code
//xor eax, eax ; return code
; check compressed size
// check compressed size
mov edx, INP
add edx, INS
cmp esi, edx
@ -114,12 +113,12 @@ decompress:
dec eax
.ok:
; write back the uncompressed size
// write back the uncompressed size
sub edi, OUTP
mov edx, OUTS
mov [edx], edi
pop edx ; cto8
pop edx // cto8
mov [7*4 + esp], eax
popa
@ -127,109 +126,105 @@ decompress:
ctojr32
ckt32 edi, dl
;__LEXEC017__
section LEXEC017
popa
ret
;__LEXEC020__
section LEXEC020
%define PAGE_SIZE ( 1<<12)
#define PAGE_SIZE ( 1<<12)
%define MAP_FIXED 0x10
%define MAP_PRIVATE 0x02
%define MAP_ANONYMOUS 0x1000
%define PROT_READ 1
%define PROT_WRITE 2
%define PROT_EXEC 4
%define __NR_mmap 197
%define __NR_syscall 198
%define szElf32_Ehdr 0x34
%define p_memsz 5*4
#define MAP_FIXED 0x10
#define MAP_PRIVATE 0x02
#define MAP_ANONYMOUS 0x1000
#define PROT_READ 1
#define PROT_WRITE 2
#define PROT_EXEC 4
#define __NR_mmap 197
#define __NR_syscall 198
#define szElf32_Ehdr 0x34
#define p_memsz 5*4
%define __NR_write 4
%define __NR_exit 1
#define __NR_write 4
#define __NR_exit 1
fail_mmap:
push byte L71 - L70
push L71 - L70
call L71
L70:
db "PROT_EXEC|PROT_WRITE failed.",10
.ascii "PROT_EXEC|PROT_WRITE failed\n"
L71:
push byte 2 ; fd stderr
push eax ; fake ret.addr
push byte __NR_write
push 2 // fd stderr
push eax // fake ret.addr
push __NR_write
pop eax
int 0x80
die:
push byte 127 ; only low 7 bits matter!
push eax ; fake ret.addr
push byte __NR_exit
pop eax ; write to stderr could fail, leaving eax as -EBADF etc.
push 127 // only low 7 bits matter!
push eax // fake ret.addr
push __NR_exit
pop eax // write to stderr could fail, leaving eax as -EBADF etc.
int 0x80
; Decompress the rest of this loader, and jump to it
// Decompress the rest of this loader, and jump to it
unfold:
pop esi ; &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_data...}
pop esi // &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_data...}
lea eax, [ebp - (4+ decompress - _start)] ; 4: sizeof(int)
sub eax, [eax] ; %eax= &Elf32_Ehdr of this program
mov edx, eax ; %edx= &Elf32_Ehdr of this program
lea eax, [ebp - (4+ decompress - _start)] // 4: sizeof(int)
sub eax, [eax] // %eax= &Elf32_Ehdr of this program
mov edx, eax // %edx= &Elf32_Ehdr of this program
; Linux requires PF_W in order to create .bss (implied by .p_filesz!=.p_memsz),
; but strict SELinux (or PaX, grSecurity) forbids PF_W with PF_X.
; So first PT_LOAD must be PF_R|PF_X only, and .p_memsz==.p_filesz.
; So we must round up here, instead of pre-rounding .p_memsz.
add eax, [p_memsz + szElf32_Ehdr + eax] ; address after .text
// Linux requires PF_W in order to create .bss (implied by .p_filesz!=.p_memsz),
// but strict SELinux (or PaX, grSecurity) forbids PF_W with PF_X.
// So first PT_LOAD must be PF_R|PF_X only, and .p_memsz==.p_filesz.
// So we must round up here, instead of pre-rounding .p_memsz.
add eax, [p_memsz + szElf32_Ehdr + eax] // address after .text
add eax, PAGE_SIZE -1
and eax, -PAGE_SIZE
and eax, 0-PAGE_SIZE
push eax ; destination for 'ret'
push eax // destination for 'ret'
; mmap a page to hold the decompressed fold_elf86
xor ecx, ecx ; %ecx= 0
; MAP_ANONYMOUS ==>offset is ignored, so do not push!
push ecx ; pad (must be zero?)
push byte -1 ; *BSD demands -1==fd for mmap(,,,MAP_ANON,,)
push dword MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
mov ch, PAGE_SIZE >> 8 ; %ecx= PAGE_SIZE
push byte PROT_READ | PROT_WRITE | PROT_EXEC
push ecx ; length
push eax ; destination
xor eax,eax ; 0
push eax ; current thread
// mmap a page to hold the decompressed fold_elf86
xor ecx, ecx // %ecx= 0
// MAP_ANONYMOUS ==>offset is ignored, so do not push!
push ecx // pad (must be zero?)
push -1 // *BSD demands -1==fd for mmap(,,,MAP_ANON,,)
push MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
mov ch, PAGE_SIZE >> 8 // %ecx= PAGE_SIZE
push PROT_READ | PROT_WRITE | PROT_EXEC
push ecx // length
push eax // destination
xor eax,eax // 0
push eax // current thread
mov al, __NR_mmap
push eax ; __NR_mmap
push eax ; fake return address
push eax // __NR_mmap
push eax // fake return address
mov al, __NR_syscall
int 0x80 ; changes only %eax; %edx is live
int 0x80 // changes only %eax; %edx is live
jb fail_mmap
xchg eax, edx ; %edx= page after .text; %eax= &Elf32_Ehdr of this program
xchg eax, ebx ; %ebx= &Elf32_Ehdr of this program
xchg eax, edx // %edx= page after .text; %eax= &Elf32_Ehdr of this program
xchg eax, ebx // %ebx= &Elf32_Ehdr of this program
cld
lodsd
push eax ; sz_uncompressed (maximum dstlen for lzma)
mov ecx,esp ; save &dstlen
push eax ; space for 5th param
push ecx ; &dstlen
push edx ; &dst
push eax // sz_uncompressed (maximum dstlen for lzma)
mov ecx,esp // save &dstlen
push eax // space for 5th param
push ecx // &dstlen
push edx // &dst
lodsd
push eax ; sz_compressed (srclen)
lodsd ; last 4 bytes of b_info
push eax // sz_compressed (srclen)
lodsd // last 4 bytes of b_info
mov [4*3 + esp],eax
push esi ; &compressed_data
call ebp ; decompress(&src, srclen, &dst, &dstlen, b_info.misc)
add esp, byte (5+1 + 9)*4 ; (5+1) args to decompress, 9 "args" to mmap
ret ; &destination
push esi // &compressed_data
call ebp // decompress(&src, srclen, &dst, &dstlen, b_info.misc)
add esp, (5+1 + 9)*4 // (5+1) args to decompress, 9 "args" to mmap
ret // &destination
main:
pop ebp ; &decompress
pop ebp // &decompress
call unfold
; compressed fold_elf86 follows
// compressed fold_elf86 follows
eof:
; __XTHEENDX__
section .data
dd -1
dw eof
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

213
src/stub/src/i386-linux.elf-entry.asm
View File

@ -1,3 +1,4 @@
/*
; l_lx_elf86.asm -- Linux program entry point & decompressor (Elf binary)
;
; This file is part of the UPX executable compressor.
@ -28,24 +29,20 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
BITS 32
SECTION .text
CPU 386
%define jmps jmp short
%define jmpn jmp near
#include "arch/i386/macros2.ash"
; /*************************************************************************
; // program entry point
; // see glibc/sysdeps/i386/elf/start.S
; **************************************************************************/
GLOBAL _start
;__LEXEC000__
.globl _start
section LEXEC000
_start:
;;;; int3
//// int3
/*
;; How to debug this code: Uncomment the 'int3' breakpoint instruction above.
;; Build the stubs and upx. Compress a testcase, such as a copy of /bin/date.
;; Invoke gdb, and give a 'run' command. Define a single-step macro such as
@ -62,51 +59,51 @@ _start:
;; end
;; Step through the code; remember that <Enter> repeats the previous command.
;;
call main ; push address of decompress subroutine
*/
call main // push address of decompress subroutine
decompress:
; /*************************************************************************
; // C callable decompressor
; **************************************************************************/
//
// C callable decompressor
//
; /* Offsets to parameters, allowing for {push + pusha + call} */
%define O_INP (4+ 8*4 +1*4)
%define O_INS (4+ 8*4 +2*4)
%define O_OUTP (4+ 8*4 +3*4)
%define O_OUTS (4+ 8*4 +4*4)
%define O_PARAM (4+ 8*4 +5*4)
/* Offsets to parameters, allowing for {push + pusha + call} */
#define O_INP (4+ 8*4 +1*4)
#define O_INS (4+ 8*4 +2*4)
#define O_OUTP (4+ 8*4 +3*4)
#define O_OUTS (4+ 8*4 +4*4)
#define O_PARAM (4+ 8*4 +5*4)
%define INP dword [esp+O_INP]
%define INS dword [esp+O_INS]
%define OUTP dword [esp+O_OUTP]
%define OUTS dword [esp+O_OUTS]
%define PARM dword [esp+O_PARAM]
#define INP dword [esp+O_INP]
#define INS dword [esp+O_INS]
#define OUTP dword [esp+O_OUTP]
#define OUTS dword [esp+O_OUTS]
#define PARM dword [esp+O_PARAM]
;__LEXEC009__
;; empty section for commonality with l_lx_exec86.asm
;__LEXEC010__
section LEXEC009
//; empty section for commonality with l_lx_exec86.asm
section LEXEC010
pusha
push byte '?' ; cto8 (sign extension does not matter)
; cld
push /*byte*/ '?' // cto8 (sign extension does not matter)
// cld
mov esi, INP
mov edi, OUTP
or ebp, byte -1
;;; align 8
// align 8
%include "arch/i386/nrv2b_d32.ash"
%include "arch/i386/nrv2d_d32.ash"
%include "arch/i386/nrv2e_d32.ash"
%include "arch/i386/lzma_d.ash"
%include "arch/i386/macros.ash"
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
//#include "arch/i386/lzma_d_2.ash"
cjt32 0
;__LEXEC015__
; eax is 0 from decompressor code
;xor eax, eax ; return code
section LEXEC015
// eax is 0 from decompressor code
//xor eax, eax ; return code
; check compressed size
// check compressed size
mov edx, INP
add edx, INS
cmp esi, edx
@ -114,12 +111,12 @@ decompress:
dec eax
.ok:
; write back the uncompressed size
// write back the uncompressed size
sub edi, OUTP
mov edx, OUTS
mov [edx], edi
pop edx ; cto8
pop edx // cto8
mov [7*4 + esp], eax
popa
@ -127,107 +124,103 @@ decompress:
ctojr32
ckt32 edi, dl
;__LEXEC017__
section LEXEC017
popa
ret
;__LEXEC020__
section LEXEC020
%define PAGE_SIZE ( 1<<12)
#define PAGE_SIZE ( 1<<12)
%define MAP_FIXED 0x10
%define MAP_PRIVATE 0x02
%define MAP_ANONYMOUS 0x20
%define PROT_READ 1
%define PROT_WRITE 2
%define PROT_EXEC 4
%define __NR_mmap 90
%define szElf32_Ehdr 0x34
%define p_memsz 5*4
#define MAP_FIXED 0x10
#define MAP_PRIVATE 0x02
#define MAP_ANONYMOUS 0x20
#define PROT_READ 1
#define PROT_WRITE 2
#define PROT_EXEC 4
#define __NR_mmap 90
#define szElf32_Ehdr 0x34
#define p_memsz 5*4
%define __NR_write 4
%define __NR_exit 1
#define __NR_write 4
#define __NR_exit 1
msg_SELinux:
push byte L71 - L70
pop edx ; length
push /*byte*/ L71 - L70
pop edx // length
call L71
L70:
db "PROT_EXEC|PROT_WRITE failed.",10
.ascii "PROT_EXEC|PROT_WRITE failed.\n"
L71:
pop ecx ; message text
push byte 2 ; fd stderr
pop ecx // message text
push /*byte*/ 2 // fd stderr
pop ebx
push byte __NR_write
push /*byte*/ __NR_write
pop eax
int 0x80
die:
mov bl, byte 127 ; only low 7 bits matter!
push byte __NR_exit
pop eax ; write to stderr could fail, leaving eax as -EBADF etc.
mov bl, /*byte*/ 127 // only low 7 bits matter!
push /*byte*/ __NR_exit
pop eax // write to stderr could fail, leaving eax as -EBADF etc.
int 0x80
; Decompress the rest of this loader, and jump to it
// Decompress the rest of this loader, and jump to it
unfold:
pop esi ; &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_data...}
pop esi // &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_data...}
lea eax, [ebp - (4+ decompress - _start)] ; 4: sizeof(int)
sub eax, [eax] ; %eax= &Elf32_Ehdr of this program
mov edx, eax ; %edx= &Elf32_Ehdr of this program
lea eax, [ebp - (4+ decompress - _start)] // 4: sizeof(int)
sub eax, [eax] // %eax= &Elf32_Ehdr of this program
mov edx, eax // %edx= &Elf32_Ehdr of this program
; Linux requires PF_W in order to create .bss (implied by .p_filesz!=.p_memsz),
; but strict SELinux (or PaX, grSecurity) forbids PF_W with PF_X.
; So first PT_LOAD must be PF_R|PF_X only, and .p_memsz==.p_filesz.
; So we must round up here, instead of pre-rounding .p_memsz.
add eax, [p_memsz + szElf32_Ehdr + eax] ; address after .text
// Linux requires PF_W in order to create .bss (implied by .p_filesz!=.p_memsz),
// but strict SELinux (or PaX, grSecurity) forbids PF_W with PF_X.
// So first PT_LOAD must be PF_R|PF_X only, and .p_memsz==.p_filesz.
// So we must round up here, instead of pre-rounding .p_memsz.
add eax, [p_memsz + szElf32_Ehdr + eax] // address after .text
add eax, PAGE_SIZE -1
and eax, -PAGE_SIZE
and eax, 0-PAGE_SIZE
push eax ; destination for 'ret'
push eax // destination for 'ret'
; mmap a page to hold the decompressed fold_elf86
xor ecx, ecx ; %ecx= 0
; MAP_ANONYMOUS ==>offset is ignored, so do not push!
; push ecx ; offset
push byte -1 ; *BSD demands -1==fd for mmap(,,,MAP_ANON,,)
push byte MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
mov ch, PAGE_SIZE >> 8 ; %ecx= PAGE_SIZE
push byte PROT_READ | PROT_WRITE | PROT_EXEC
push ecx ; length
push eax ; destination
mov ebx, esp ; address of parameter vector for __NR_mmap
push byte __NR_mmap
// mmap a page to hold the decompressed fold_elf86
xor ecx, ecx // %ecx= 0
// MAP_ANONYMOUS ==>offset is ignored, so do not push!
// push ecx ; offset
push /*byte*/ -1 // *BSD demands -1==fd for mmap(,,,MAP_ANON,,)
push /*byte*/ MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
mov ch, PAGE_SIZE >> 8 // %ecx= PAGE_SIZE
push /*byte*/ PROT_READ | PROT_WRITE | PROT_EXEC
push ecx // length
push eax // destination
mov ebx, esp // address of parameter vector for __NR_mmap
push /*byte*/ __NR_mmap
pop eax
int 0x80 ; changes only %eax; %edx is live
int 0x80 // changes only %eax; %edx is live
test eax,eax
js msg_SELinux
xchg eax, edx ; %edx= page after .text; %eax= &Elf32_Ehdr of this program
xchg eax, ebx ; %ebx= &Elf32_Ehdr of this program
xchg eax, edx // %edx= page after .text; %eax= &Elf32_Ehdr of this program
xchg eax, ebx // %ebx= &Elf32_Ehdr of this program
cld
lodsd
push eax ; sz_uncompressed (maximum dstlen for lzma)
mov ecx,esp ; save &dstlen
push eax ; space for 5th param
push ecx ; &dstlen
push edx ; &dst
push eax // sz_uncompressed (maximum dstlen for lzma)
mov ecx,esp // save &dstlen
push eax // space for 5th param
push ecx // &dstlen
push edx // &dst
lodsd
push eax ; sz_compressed (srclen)
lodsd ; last 4 bytes of b_info
push eax // sz_compressed (srclen)
lodsd // last 4 bytes of b_info
mov [4*3 + esp],eax
push esi ; &compressed_data
call ebp ; decompress(&src, srclen, &dst, &dstlen, b_info.misc)
add esp, byte (5+1 + 6-1)*4 ; (5+1) args to decompress, (6-1) args to mmap
ret ; &destination
push esi // &compressed_data
call ebp // decompress(&src, srclen, &dst, &dstlen, b_info.misc)
add esp, /*byte*/ (5+1 + 6-1)*4 // (5+1) args to decompress, (6-1) args to mmap
ret // &destination
main:
pop ebp ; &decompress
pop ebp // &decompress
call unfold
; compressed fold_elf86 follows
// compressed fold_elf86 follows
eof:
; __XTHEENDX__
section .data
dd -1
dw eof
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap