PackVmlinuzI386 detects non-relocated kernel

2025-09-28 19:06:07 +08:00 · 2008-01-08 09:03:21 -08:00 · 2008-01-08 09:03:21 -08:00 · d9073e4a17
commit d9073e4a17
parent de1c1d7cc2
1 changed files with 16 additions and 3 deletions
--- a/src/p_vmlinz.cpp
+++ b/src/p_vmlinz.cpp
@ -137,9 +137,22 @@ int PackVmlinuzI386::decompressKernel()
    char const *p = (char const *)&obuf[setup_size];
    for (int j= 0; j < 0x200; ++j, ++p) {
        if (0==memcmp("\xE8\x00\x00\x00\x00\x5D", p, 6)) {
-            /* "call 1f; 1f: pop %ebp"  determines actual execution address; */
-            /* linux-2.6.21 (spring 2007) and later; upx stub needs work. */
-            throwCantPack("Relocatable kernel is not yet supported");
+            // "call 1f; 1f: pop %ebp"  determines actual execution address.
+            // linux-2.6.21 (spring 2007) and later; upx stub needs work
+            // unless LOAD_PHYSICAL_ADDR is known.
+            // Allowed code is:  linux-2.6.23/arch/x86/head_32.S  2008-01-01
+            //      call 1f
+            //  1:  popl %ebp
+            //      subl $1b, %ebp  # 32-bit immediate
+            //      movl $LOAD_PHYSICAL_ADDR, %ebx
+            //
+            if (0==memcmp("\x81\xed", 6+  p, 2)      // subl $imm.w,%ebp
+            &&  0==memcmp("\xbb",     12+ p, 1) ) {  // movl $...,%ebx
+                physical_start = get_le32(13+ p);
+            }
+            else {
+                throwCantPack("Relocatable kernel is not yet supported");
+            }
        }
        // Find "ljmp $__BOOT_CS,$__PHYSICAL_START" if any.
        if (0==memcmp("\xEA\x00\x00", p, 3) && 0==(0xf & p[3]) && 0==p[4]) {