mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx synced 2025-09-28 19:06:07 +08:00
Code Issues Releases Wiki Activity

start converting PackLinuxElf32x86 to ElfLinker

Browse Source
This commit is contained in:
John Reiser 2006-07-09 10:17:52 -07:00
parent 1a0a64e4de
commit c5b3107f83
5 changed files with 2811 additions and 806 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/linker.cpp
View File

@ -504,8 +504,8 @@ void ElfLinker::init(const void *pdata, int plen, int)
void ElfLinker::setLoaderAlignOffset(int phase)
{
// FIXME: do not use this yet
assert(phase & 0);
//assert(phase & 0);
printf("\nFIXME: ElfLinker::setLoaderAlignOffset %d\n", phase);
}
int ElfLinker::addSection(const char *sname)

8
src/stub/Makefile
View File

@ -462,9 +462,11 @@ tc.i386-linux.elf.objdump = $(call tc,m-objdump)
tc.i386-linux.elf.objstrip = $(call tc,objcopy) -R .comment -R .note
i386-linux.elf-entry.h : $(srcdir)/src/$$T.asm
$(call tc,pp-nasm) $< -o tmp/$T.tmp1
$(call tc,app-nasm) tmp/$T.tmp1 tmp/$T.tmp2
$(call tc,nasm) -f bin -l tmp/$T.bin.lst tmp/$T.tmp2 -o tmp/$T.bin
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.bin
$(call tc,m-objcopy) --strip-unneeded tmp/$T.bin
$(call tc,m-objcopy) -R .text -R .data -R .bss tmp/$T.bin
$(call tc,m-objcopy) -R .note -R .comment tmp/$T.bin
$(call tc,m-objdump) -trwh tmp/$T.bin >> tmp/$T.bin
$(call tc,bin2h) --ident=linux_i386elf_loader tmp/$T.bin $@
i386-linux.elf-fold.h : tmp/$$T.o tmp/i386-linux.elf-main.o $(srcdir)/src/$$T.lds

3198
src/stub/i386-linux.elf-entry.h
View File

File diff suppressed because it is too large Load Diff

193
src/stub/src/arch/i386/nrv2b_d32_2.ash Normal file
View File

@ -0,0 +1,193 @@
/*
; n2b_d32.ash -- ucl_nrv2b_decompress_le32 in 32-bit assembly
;
; This file is part of the UCL data compression library.
;
; Copyright (C) 1996-2006 Markus Franz Xaver Johannes Oberhumer
; All Rights Reserved.
;
; The UCL library is free software; you can redistribute it and/or
; modify it under the terms of the GNU General Public License as
; published by the Free Software Foundation; either version 2 of
; the License, or (at your option) any later version.
;
; The UCL library is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with the UCL library; see the file COPYING.
; If not, write to the Free Software Foundation, Inc.,
; 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
;
; Markus F.X.J. Oberhumer
; <markus@oberhumer.com>
; http://www.oberhumer.com/opensource/ucl/
;
; ------------- DECOMPRESSION -------------
; Input:
; esi - source
; edi - dest
; ebp - -1
; cld
; Output:
; eax - 0
; ecx - 0
*/
// CPU 386
.macro getbit_n2b one
.ifc \one, 1
add ebx, ebx
jnz 1f
.endif
mov ebx, [esi]
sub esi, -4
adc ebx, ebx
1:
.endm
#undef getbit
#define getbit getbit_n2b
section N2BSMA10
jmps dcl1_n2b
decompr_literals_n2b:
movsb
section N2BFAS10
jmps dcl1_n2b
.balign 8
section N2BFAS11
decompr_literalb_n2b:
mov al, [esi]
inc esi
mov [edi], al
inc edi
section N2BDEC10
decompr_loop_n2b:
add ebx, ebx
jnz dcl2_n2b
dcl1_n2b:
getbit 32
dcl2_n2b:
section N2BSMA20
jcs decompr_literals_n2b
xor eax, eax
inc eax
section N2BFAS20
#ifndef UPX102
mov al, [edi] // force data cache allocate (PentiumPlain or MMX)
#endif
jcs decompr_literalb_n2b
mov eax, 1
section N2BDEC20
loop1_n2b:
getbit 1
adc eax, eax
section N2BSMA30
getbit 1
jncs loop1_n2b
section N2BFAS30
add ebx, ebx
jncs loop1_n2b
jnzs loopend1_n2b
getbit 32
jncs loop1_n2b
loopend1_n2b:
section N2BDEC30
xor ecx, ecx
sub eax, 3
jcs decompr_ebpeax_n2b
shl eax, 8
mov al, [esi]
inc esi
xor eax, -1
jzs decompr_end_n2b
mov ebp, eax
decompr_ebpeax_n2b:
getbit 1
adc ecx, ecx
getbit 1
adc ecx, ecx
jnz decompr_got_mlen_n2b
inc ecx
loop2_n2b:
getbit 1
adc ecx, ecx
section N2BSMA40
getbit 1
jncs loop2_n2b
section N2BFAS40
add ebx, ebx
jnc loop2_n2b
jnz loopend2_n2b
getbit 32
jncs loop2_n2b
loopend2_n2b:
section N2BDUMM1
section N2BSMA50
inc ecx
inc ecx
section N2BFAS50
add ecx, 2
section N2BDEC50
decompr_got_mlen_n2b:
cmp ebp, -0xd00
adc ecx, 1
section N2BSMA60
#ifndef UPX102
push esi
#else
mov edx, esi
#endif
lea esi, [edi+ebp]
rep
movsb
#ifndef UPX102
pop esi
#else
mov esi, edx
#endif
jmp decompr_loop_n2b
section N2BFAS60
lea edx, [edi+ebp]
cmp ebp, -4
#ifndef UPX102
mov al, [edi+ecx] // force data cache allocate (PentiumPlain or MMX)
#endif
jbes decompr_copy4_n2b
loop3_n2b:
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnzs loop3_n2b
jmp decompr_loop_n2b
section N2BFAS61
.balign 4
decompr_copy4_n2b:
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
jas decompr_copy4_n2b
add edi, ecx
jmp decompr_loop_n2b
section N2BDEC60
decompr_end_n2b:
section NRV2BEND
// vi:ts=8:et

214
src/stub/src/i386-linux.elf-entry.asm
View File

@ -1,3 +1,4 @@
/*
; l_lx_elf86.asm -- Linux program entry point & decompressor (Elf binary)
;
; This file is part of the UPX executable compressor.
@ -28,24 +29,20 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
BITS 32
SECTION .text
CPU 386
%define jmps jmp short
%define jmpn jmp near
#include "arch/i386/macros2.ash"
; /*************************************************************************
; // program entry point
; // see glibc/sysdeps/i386/elf/start.S
; **************************************************************************/
GLOBAL _start
;__LEXEC000__
.globl _start
section LEXEC000
_start:
;;;; int3
int3
/*
;; How to debug this code: Uncomment the 'int3' breakpoint instruction above.
;; Build the stubs and upx. Compress a testcase, such as a copy of /bin/date.
;; Invoke gdb, and give a 'run' command. Define a single-step macro such as
@ -62,51 +59,52 @@ _start:
;; end
;; Step through the code; remember that <Enter> repeats the previous command.
;;
call main ; push address of decompress subroutine
*/
call main // push address of decompress subroutine
decompress:
; /*************************************************************************
; // C callable decompressor
; **************************************************************************/
//
// C callable decompressor
//
; /* Offsets to parameters, allowing for {push + pusha + call} */
%define O_INP (4+ 8*4 +1*4)
%define O_INS (4+ 8*4 +2*4)
%define O_OUTP (4+ 8*4 +3*4)
%define O_OUTS (4+ 8*4 +4*4)
%define O_PARAM (4+ 8*4 +5*4)
/* Offsets to parameters, allowing for {push + pusha + call} */
#define O_INP (4+ 8*4 +1*4)
#define O_INS (4+ 8*4 +2*4)
#define O_OUTP (4+ 8*4 +3*4)
#define O_OUTS (4+ 8*4 +4*4)
#define O_PARAM (4+ 8*4 +5*4)
%define INP dword [esp+O_INP]
%define INS dword [esp+O_INS]
%define OUTP dword [esp+O_OUTP]
%define OUTS dword [esp+O_OUTS]
%define PARM dword [esp+O_PARAM]
#define INP dword [esp+O_INP]
#define INS dword [esp+O_INS]
#define OUTP dword [esp+O_OUTP]
#define OUTS dword [esp+O_OUTS]
#define PARM dword [esp+O_PARAM]
;__LEXEC009__
;; empty section for commonality with l_lx_exec86.asm
;__LEXEC010__
section LEXEC009
//; empty section for commonality with l_lx_exec86.asm
section LEXEC010
pusha
push byte '?' ; cto8 (sign extension does not matter)
; cld
push /*byte*/ '?' // cto8 (sign extension does not matter)
// cld
mov esi, INP
mov edi, OUTP
or ebp, byte -1
;;; align 8
// align 8
%include "arch/i386/nrv2b_d32.ash"
%include "arch/i386/nrv2d_d32.ash"
%include "arch/i386/nrv2e_d32.ash"
%include "arch/i386/lzma_d.ash"
%include "arch/i386/macros.ash"
#include "arch/i386/nrv2b_d32_2.ash"
//#include "arch/i386/nrv2d_d32.ash"
#include "arch/i386/nrv2e_d32_2.ash"
//#include "arch/i386/lzma_d.ash"
//#include "arch/i386/macros.ash"
cjt32 0
;__LEXEC015__
; eax is 0 from decompressor code
;xor eax, eax ; return code
section LEXEC015
// eax is 0 from decompressor code
//xor eax, eax ; return code
; check compressed size
// check compressed size
mov edx, INP
add edx, INS
cmp esi, edx
@ -114,12 +112,12 @@ decompress:
dec eax
.ok:
; write back the uncompressed size
// write back the uncompressed size
sub edi, OUTP
mov edx, OUTS
mov [edx], edi
pop edx ; cto8
pop edx // cto8
mov [7*4 + esp], eax
popa
@ -127,107 +125,103 @@ decompress:
ctojr32
ckt32 edi, dl
;__LEXEC017__
section LEXEC017
popa
ret
;__LEXEC020__
section LEXEC020
%define PAGE_SIZE ( 1<<12)
#define PAGE_SIZE ( 1<<12)
%define MAP_FIXED 0x10
%define MAP_PRIVATE 0x02
%define MAP_ANONYMOUS 0x20
%define PROT_READ 1
%define PROT_WRITE 2
%define PROT_EXEC 4
%define __NR_mmap 90
%define szElf32_Ehdr 0x34
%define p_memsz 5*4
#define MAP_FIXED 0x10
#define MAP_PRIVATE 0x02
#define MAP_ANONYMOUS 0x20
#define PROT_READ 1
#define PROT_WRITE 2
#define PROT_EXEC 4
#define __NR_mmap 90
#define szElf32_Ehdr 0x34
#define p_memsz 5*4
%define __NR_write 4
%define __NR_exit 1
#define __NR_write 4
#define __NR_exit 1
msg_SELinux:
push byte L71 - L70
pop edx ; length
push /*byte*/ L71 - L70
pop edx // length
call L71
L70:
db "PROT_EXEC|PROT_WRITE failed.",10
.ascii "PROT_EXEC|PROT_WRITE failed.\n"
L71:
pop ecx ; message text
push byte 2 ; fd stderr
pop ecx // message text
push /*byte*/ 2 // fd stderr
pop ebx
push byte __NR_write
push /*byte*/ __NR_write
pop eax
int 0x80
die:
mov bl, byte 127 ; only low 7 bits matter!
push byte __NR_exit
pop eax ; write to stderr could fail, leaving eax as -EBADF etc.
mov bl, /*byte*/ 127 // only low 7 bits matter!
push /*byte*/ __NR_exit
pop eax // write to stderr could fail, leaving eax as -EBADF etc.
int 0x80
; Decompress the rest of this loader, and jump to it
// Decompress the rest of this loader, and jump to it
unfold:
pop esi ; &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_data...}
pop esi // &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_data...}
lea eax, [ebp - (4+ decompress - _start)] ; 4: sizeof(int)
sub eax, [eax] ; %eax= &Elf32_Ehdr of this program
mov edx, eax ; %edx= &Elf32_Ehdr of this program
lea eax, [ebp - (4+ decompress - _start)] // 4: sizeof(int)
sub eax, [eax] // %eax= &Elf32_Ehdr of this program
mov edx, eax // %edx= &Elf32_Ehdr of this program
; Linux requires PF_W in order to create .bss (implied by .p_filesz!=.p_memsz),
; but strict SELinux (or PaX, grSecurity) forbids PF_W with PF_X.
; So first PT_LOAD must be PF_R|PF_X only, and .p_memsz==.p_filesz.
; So we must round up here, instead of pre-rounding .p_memsz.
add eax, [p_memsz + szElf32_Ehdr + eax] ; address after .text
// Linux requires PF_W in order to create .bss (implied by .p_filesz!=.p_memsz),
// but strict SELinux (or PaX, grSecurity) forbids PF_W with PF_X.
// So first PT_LOAD must be PF_R|PF_X only, and .p_memsz==.p_filesz.
// So we must round up here, instead of pre-rounding .p_memsz.
add eax, [p_memsz + szElf32_Ehdr + eax] // address after .text
add eax, PAGE_SIZE -1
and eax, -PAGE_SIZE
and eax, 0-PAGE_SIZE
push eax ; destination for 'ret'
push eax // destination for 'ret'
; mmap a page to hold the decompressed fold_elf86
xor ecx, ecx ; %ecx= 0
; MAP_ANONYMOUS ==>offset is ignored, so do not push!
; push ecx ; offset
push byte -1 ; *BSD demands -1==fd for mmap(,,,MAP_ANON,,)
push byte MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
mov ch, PAGE_SIZE >> 8 ; %ecx= PAGE_SIZE
push byte PROT_READ | PROT_WRITE | PROT_EXEC
push ecx ; length
push eax ; destination
mov ebx, esp ; address of parameter vector for __NR_mmap
push byte __NR_mmap
// mmap a page to hold the decompressed fold_elf86
xor ecx, ecx // %ecx= 0
// MAP_ANONYMOUS ==>offset is ignored, so do not push!
// push ecx ; offset
push /*byte*/ -1 // *BSD demands -1==fd for mmap(,,,MAP_ANON,,)
push /*byte*/ MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
mov ch, PAGE_SIZE >> 8 // %ecx= PAGE_SIZE
push /*byte*/ PROT_READ | PROT_WRITE | PROT_EXEC
push ecx // length
push eax // destination
mov ebx, esp // address of parameter vector for __NR_mmap
push /*byte*/ __NR_mmap
pop eax
int 0x80 ; changes only %eax; %edx is live
int 0x80 // changes only %eax; %edx is live
test eax,eax
js msg_SELinux
xchg eax, edx ; %edx= page after .text; %eax= &Elf32_Ehdr of this program
xchg eax, ebx ; %ebx= &Elf32_Ehdr of this program
xchg eax, edx // %edx= page after .text; %eax= &Elf32_Ehdr of this program
xchg eax, ebx // %ebx= &Elf32_Ehdr of this program
cld
lodsd
push eax ; sz_uncompressed (maximum dstlen for lzma)
mov ecx,esp ; save &dstlen
push eax ; space for 5th param
push ecx ; &dstlen
push edx ; &dst
push eax // sz_uncompressed (maximum dstlen for lzma)
mov ecx,esp // save &dstlen
push eax // space for 5th param
push ecx // &dstlen
push edx // &dst
lodsd
push eax ; sz_compressed (srclen)
lodsd ; last 4 bytes of b_info
push eax // sz_compressed (srclen)
lodsd // last 4 bytes of b_info
mov [4*3 + esp],eax
push esi ; &compressed_data
call ebp ; decompress(&src, srclen, &dst, &dstlen, b_info.misc)
add esp, byte (5+1 + 6-1)*4 ; (5+1) args to decompress, (6-1) args to mmap
ret ; &destination
push esi // &compressed_data
call ebp // decompress(&src, srclen, &dst, &dstlen, b_info.misc)
add esp, /*byte*/ (5+1 + 6-1)*4 // (5+1) args to decompress, (6-1) args to mmap
ret // &destination
main:
pop ebp ; &decompress
pop ebp // &decompress
call unfold
; compressed fold_elf86 follows
// compressed fold_elf86 follows
eof:
; __XTHEENDX__
section .data
dd -1
dw eof
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap