mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx synced 2025-09-28 19:06:07 +08:00
Code Issues Releases Wiki Activity

win32/pe using nrv2e converted to ElfLinker

Browse Source
This commit is contained in:
László Molnár 2006-07-03 09:21:51 +02:00
parent ed9fd3f0e0
commit f0f465411f
5 changed files with 1667 additions and 856 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
src/p_w32pe.cpp
View File

@ -31,6 +31,7 @@
#include "filter.h"
#include "packer.h"
#include "p_w32pe.h"
#include "linker.h"
static const
#include "stub/i386-win32.pe.h"
@ -198,6 +199,12 @@ const int *PackW32Pe::getFilters() const
}
Linker* PackW32Pe::newLinker() const
{
return new ElfLinkerX86;
}
bool PackW32Pe::testUnpackVersion(int version) const
{
if (version != ph_version && ph_version != -1)
@ -259,6 +266,20 @@ int PackW32Pe::readFileHeader()
}
static bool defineFilterSymbols(Linker *linker, const Filter *ft)
{
if (ft->id == 0)
return false;
assert(ft->calls > 0);
linker->defineSymbol("filter_cto", ft->cto);
linker->defineSymbol("filter_length",
(ft->id & 0xf) % 3 == 0 ? ft->calls :
ft->lastcall - ft->calls * 4);
return true;
}
/*************************************************************************
// interval handling
**************************************************************************/
@ -1711,7 +1732,7 @@ int PackW32Pe::buildLoader(const Filter *ft)
addLoader("PEDEPHAK", NULL);
addLoader("PEMAIN20", NULL);
if (use_clear_dirty_stack)
addLoader(ih.entry ? "PEDOJUMP_CLEARSTACK" : "PERETURN_CLEARSTACK", NULL);
addLoader("CLEARSTACK", NULL);
addLoader("PEMAIN21", NULL);
addLoader(ih.entry ? "PEDOJUMP" : "PERETURN",
"IDENTSTR,UPX1HEAD",
@ -1930,11 +1951,6 @@ void PackW32Pe::pack(OutputFile *fo)
if (tlsindex && ((newvsize - ph.c_len - 1024 + oam1) &~ oam1) > tlsindex + 4)
tlsindex = 0;
const unsigned lsize = getLoaderSize();
MemBuffer loader(lsize);
memcpy(loader,getLoader(),lsize);
patchPackHeader(loader, lsize);
int identsize = 0;
const unsigned codesize = getLoaderSection("IDENTSTR",&identsize);
assert(identsize > 0);
@ -1970,11 +1986,7 @@ void PackW32Pe::pack(OutputFile *fo)
const unsigned myimport = ncsection + soresources - rvamin;
// patch loader
if (ih.entry)
{
unsigned jmp_pos = find_le32(loader,codesize + 4,get_le32("JMPO"));
patch_le32(loader,codesize + 4,"JMPO",ih.entry - upxsection - jmp_pos - 4);
}
linker->defineSymbol("original_entry", ih.entry);
if (use_dep_hack)
{
// This works around a "protection" introduced in MSVCRT80, which
@ -2003,70 +2015,58 @@ void PackW32Pe::pack(OutputFile *fo)
#else
// make sure we only touch the minimum number of pages
const unsigned addr = 0u - rvamin + swri;
patch_le32(loader, codesize, "SWRI", addr & 0xfff); // page offset
linker->defineSymbol("swri", addr & 0xfff); // page offset
// check whether osection[0].flags and osection[1].flags
// are on the same page
if ((addr & 0xfff) + 0x28 >= 0x1000)
patch_le32(loader, codesize, "IMGL", 0x2000); // two pages
else
patch_le32(loader, codesize, "IMGL", 0x1000); // one page
patch_le32(loader, codesize, "IMGB", addr &~ 0xfff); // page mask
linker->defineSymbol("vp_size", ((addr & 0xfff) + 0x28 >= 0x1000) ?
0x2000 : 0x1000); // 2 pages or 1 page
linker->defineSymbol("vp_base", addr &~ 0xfff); // page mask
#endif
patch_le32(loader, codesize, "VPRO", myimport + get_le32(oimpdlls + 16) + 8);
}
if (big_relocs & 6)
patch_le32(loader,codesize,"DELT", 0u - (unsigned) ih.imagebase - rvamin);
if (sorelocs && (soimport == 0 || soimport + cimports != crelocs))
patch_le32(loader,codesize,"BREL",crelocs);
if (soimport)
{
if (!isdll)
patch_le32(loader,codesize,"EXIT",myimport + get_le32(oimpdlls + 16) + 20);
patch_le32(loader,codesize,"GETP",myimport + get_le32(oimpdlls + 16) + 4);
if (kernel32ordinal)
patch_le32(loader,codesize,"K32O",myimport);
patch_le32(loader,codesize,"LOAD",myimport + get_le32(oimpdlls + 16));
patch_le32(loader,codesize,"IMPS",myimport);
patch_le32(loader,codesize,"BIMP",cimports);
linker->defineSymbol("VirtualProtect", myimport + get_le32(oimpdlls + 16) + 8);
}
linker->defineSymbol("reloc_delt", 0u - (unsigned) ih.imagebase - rvamin);
linker->defineSymbol("start_of_relocs", crelocs);
linker->defineSymbol("ExitProcess", myimport + get_le32(oimpdlls + 16) + 20);
linker->defineSymbol("GetProcAddress", myimport + get_le32(oimpdlls + 16) + 4);
linker->defineSymbol("kernel32_ordinals", myimport);
linker->defineSymbol("LoadLibraryA", myimport + get_le32(oimpdlls + 16));
linker->defineSymbol("start_of_imports", myimport);
linker->defineSymbol("compressed_imports", cimports);
#if 0
patch_le32(loader, codesize, "VALL", myimport + get_le32(oimpdlls + 16) + 12);
patch_le32(loader, codesize, "VFRE", myimport + get_le32(oimpdlls + 16) + 16);
#endif
if (patchFilter32(loader, codesize, &ft))
{
const unsigned texv = ih.codebase - rvamin;
if (texv)
patch_le32(loader, codesize, "TEXV", texv);
}
patchDecompressor(loader, codesize);
if (tlsindex)
{
// in case of overlapping decompression, this hack is needed,
// because windoze zeroes the word pointed by tlsindex before
// it starts programs
if (tlsindex + 4 > s1addr)
patch_le32(loader,codesize,"TLSV",get_le32(obuf + tlsindex - s1addr - ic));
else
patch_le32(loader,codesize,"TLSV",0); // bad guess
patch_le32(loader,codesize,"TLSA",tlsindex - rvamin);
}
if (icondir_count > 1)
{
if (icondir_count > 2)
patch_le16(loader,codesize,"DR",icondir_count - 1);
patch_le32(loader,codesize,"ICON",ncsection + icondir_offset - rvamin);
}
defineFilterSymbols(linker, &ft);
linker->defineSymbol("filter_buffer_start", ih.codebase - rvamin);
// FIXME patchDecompressor(loader, codesize);
// in case of overlapping decompression, this hack is needed,
// because windoze zeroes the word pointed by tlsindex before
// it starts programs
linker->defineSymbol("tls_value", (tlsindex + 4 > s1addr) ?
get_le32(obuf + tlsindex - s1addr - ic) : 0);
linker->defineSymbol("tls_address", tlsindex - rvamin);
linker->defineSymbol("icon_delta", icondir_count - 1);
linker->defineSymbol("icon_offset", ncsection + icondir_offset - rvamin);
const unsigned esi0 = s1addr + ic;
patch_le32(loader,codesize,"EDI0", 0u - esi0 + rvamin);
patch_le32(loader,codesize,"ESI0", esi0 + ih.imagebase);
ic = getLoaderSection("PEMAIN01") + 2 + upxsection;
linker->defineSymbol("start_of_uncompressed", 0u - esi0 + rvamin);
linker->defineSymbol("start_of_compressed", esi0 + ih.imagebase);
linker->defineSymbol(isdll ? "PEISDLL1" : "PEMAIN01", upxsection);
linker->relocate();
const unsigned lsize = getLoaderSize();
MemBuffer loader(lsize);
memcpy(loader,getLoader(),lsize);
patchPackHeader(loader, lsize);
Reloc rel(1024); // new relocations are put here
rel.add(ic,3);
rel.add(linker->getSymbolOffset("PEMAIN01") + 2, 3);
// new PE header
memcpy(&oh,&ih,sizeof(oh));

1
src/p_w32pe.h
View File

@ -68,6 +68,7 @@ protected:
virtual bool testUnpackVersion(int version) const;
virtual int buildLoader(const Filter *ft);
virtual Linker* newLinker() const;
unsigned pe_offset;
bool isrtm;

8
src/stub/Makefile
View File

@ -509,9 +509,11 @@ i386-linux.kernel%.h : $(srcdir)/src/$$T.asm
i386-win32.pe% : tc_list = arch-i386 default
i386-win32.pe.h : $(srcdir)/src/$$T.asm
$(call tc,pp-nasm) --MMD=$@ $< -o tmp/$T.tmp1
$(call tc,app-nasm) tmp/$T.tmp1 tmp/$T.tmp2
$(call tc,nasm) -f bin -l tmp/$T.bin.lst tmp/$T.tmp2 -o tmp/$T.bin
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.bin
$(call tc,m-objcopy) --strip-unneeded tmp/$T.bin
$(call tc,m-objcopy) -R .text -R .data -R .bss tmp/$T.bin
$(call tc,m-objcopy) -R .note -R .comment tmp/$T.bin
$(call tc,m-objdump) -trwh tmp/$T.bin >> tmp/$T.bin
$(call tc,bin2h) --ident=nrv_loader tmp/$T.bin $@

2102
src/stub/i386-win32.pe.h
View File

File diff suppressed because it is too large Load Diff

290
src/stub/src/i386-win32.pe.asm
View File

@ -1,3 +1,4 @@
/*
; l_w32pe.asm -- loader & decompressor for the w32/pe format
;
; This file is part of the UPX executable compressor.
@ -24,267 +25,230 @@
; Markus F.X.J. Oberhumer Laszlo Molnar
; <mfx@users.sourceforge.net> <ml1050@users.sourceforge.net>
;
*/
#define UPX102 1
#include "arch/i386/macros2.ash"
%define UPX102 1
%define jmps jmp short
%define jmpn jmp near
%define jnzn jnz near
%define jbn jb near
%include "arch/i386/macros.ash"
BITS 32
SECTION .text
ORG 0
CPU 386
; =============
; ============= ENTRY POINT
; =============
// =============
// ============= ENTRY POINT
// =============
%ifdef __PEISDLL1__
cmp byte [esp + 8], 1
jnzn reloc_end_jmp
%endif; __PEMAIN01__
pushad
mov esi, 'ESI0' ; relocated
lea edi, [esi + 'EDI0']
%ifdef __PEICONS1__
inc word [edi + 'ICON']
%else; __PEICONS2__
add word [edi + 'ICON'],'DR'
%endif; __PEICONSZ__
%ifdef __PETLSHAK__
mov dword [edi + 'TLSA'],'TLSV'
%endif; __PEMAIN02__
section PEISDLL1
cmpb [esp + 8], 1
jnz reloc_end_jmp
section PEMAIN01
pusha
mov esi, offset start_of_compressed // relocated
lea edi, [esi + start_of_uncompressed]
section PEICONS1
incw [edi + icon_offset]
section PEICONS2
addw [edi + icon_offset], offset icon_delta
section PETLSHAK
movw [edi + tls_address], offset tls_value
section PEMAIN02
push edi
mpass:
or ebp, byte -1
or ebp, -1
; =============
; ============= DECOMPRESSION
; =============
// =============
// ============= DECOMPRESSION
// =============
%include "arch/i386/nrv2b_d32.ash"
%include "arch/i386/nrv2d_d32.ash"
%include "arch/i386/nrv2e_d32.ash"
%include "arch/i386/lzma_d.ash"
//#include "arch/i386/nrv2b_d32.ash"
//#include "arch/i386/nrv2d_d32.ash"
//#include "arch/i386/nrv2e_d32.ash"
#include "arch/i386/nrv2e_d32_2.ash"
//#include "arch/i386/lzma_d.ash"
; =============
// =============
section PEMAIN10
pop esi // load vaddr
%ifdef __PEMULTIP__
lodsd
add edi, eax
jbn mpass
%endif; __PEMAIN10__
// =============
// ============= CALLTRICK
// =============
; =============
pop esi ; load vaddr
; =============
; ============= CALLTRICK
; =============
%ifdef __PECALLTR__
%ifdef __PECTTPOS__
lea edi, [esi + 'TEXV']
%else; __PECTTNUL__
section PECTTPOS
lea edi, [esi + filter_buffer_start]
section PECTTNUL
mov edi, esi
%endif; __PEDUMMY0__
// section PEDUMMY0
cjt32 esi
%endif; __PEDUMMY1__
; =============
; ============= IMPORTS
; =============
// =============
// ============= IMPORTS
// =============
%ifdef __PEIMPORT__
lea edi, [esi + 'BIMP']
section PEIMPORT
lea edi, [esi + compressed_imports]
next_dll:
mov eax, [edi]
or eax, eax
jz imports_done
mov ebx, [edi+4] ; iat
lea eax, [eax + esi + 'IMPS']
jzs imports_done
mov ebx, [edi+4] // iat
lea eax, [eax + esi + start_of_imports]
add ebx, esi
push eax
add edi, byte 8
call [esi + 'LOAD'] ; LoadLibraryA
add edi, 8
call [esi + LoadLibraryA]
xchg eax, ebp
next_func:
mov al, [edi]
inc edi
or al, al
jz next_dll
mov ecx, edi ; something > 0
%ifdef __PEIBYORD__
jns byname
%ifdef __PEK32ORD__
mov ecx, edi // something > 0
section PEIBYORD
jnss byname
section PEK32ORD
jpe not_kernel32
mov eax, [edi]
add edi, byte 4
mov eax, [eax + esi + 'K32O']
add edi, 4
mov eax, [eax + esi + kernel32_ordinals]
jmps next_imp
not_kernel32:
%endif; __PEIMORD1__
movzx eax, word [edi]
section PEIMORD1
movzxw eax, [edi]
inc edi
push eax
inc edi
db 0xb9 ; mov ecx,xxxx
.byte 0xb9 // mov ecx,xxxx
byname:
%endif; __PEIMPOR2__
section PEIMPOR2
push edi
dec eax
repne
scasb
push ebp
call [esi + 'GETP'] ; GetProcAddr
call [esi + GetProcAddress]
or eax, eax
jz imp_failed
next_imp:
mov [ebx], eax
add ebx, byte 4
add ebx, 4
jmps next_func
imp_failed:
%ifdef __PEIERDLL__
popad
section PEIERDLL
popa
xor eax, eax
retn 0x0c
%else; __PEIEREXE__
call [esi + 'EXIT'] ; ExitProcess
%endif; __PEIMDONE__
ret 0x0c
section PEIEREXE
call [esi + ExitProcess]
section PEIMDONE
imports_done:
%endif; __PEIMPOR9__
; =============
; ============= RELOCATION
; =============
// =============
// ============= RELOCATION
// =============
%ifdef __PERELOC1__
lea edi, [esi + 'BREL']
; __PERELOC2__
add edi, byte 4
; __PERELOC3__
section PERELOC1
lea edi, [esi + start_of_relocs]
section PERELOC2
add edi, 4
section PERELOC3
lea ebx, [esi - 4]
reloc32 edi, ebx, esi
%endif; __PERELOC9__
; =============
// =============
; FIXME: depends on that in PERELOC1 edi is set!!
%ifdef __PERLOHI0__
// FIXME: depends on that in PERELOC1 edi is set!!
section PERLOHI0
xchg edi, esi
lea ecx, [edi + 'DELT']
%endif; __PERLOHIZ__
lea ecx, [edi + reloc_delt]
%ifdef __PERELLO0__
db 0xA9
section PERELLO0
.byte 0xA9
rello0:
add [edi + eax], cx
lodsd
or eax, eax
jnz rello0
%endif; __PERELLOZ__
; =============
// =============
%ifdef __PERELHI0__
section PERELHI0
shr ecx, 16
db 0xA9
.byte 0xA9
relhi0:
add [edi + eax], cx
lodsd
or eax, eax
jnz relhi0
%endif; __PERELHIZ__
; =============
%ifdef __PEDEPHAK__
mov ebp, [esi + 'VPRO'] ; VirtualProtect
lea edi, [esi + 'IMGB']
mov ebx, 'IMGL' ; 0x1000 or 0x2000
// =============
section PEDEPHAK
mov ebp, [esi + VirtualProtect]
lea edi, [esi + vp_base]
mov ebx, offset vp_size // 0x1000 or 0x2000
push eax ; provide 4 bytes stack
push eax // provide 4 bytes stack
push esp ; &lpflOldProtect on stack
push byte 4 ; PAGE_READWRITE
push esp // &lpflOldProtect on stack
push 4 // PAGE_READWRITE
push ebx
push edi
call ebp
%if 0
#if 0
or eax, eax
jz pedep9 ; VirtualProtect failed
%endif
jz pedep9 // VirtualProtect failed
#endif
lea eax, [edi + 'SWRI']
and byte [eax], 0x7f ; marks UPX0 non writeable
and byte [eax + 0x28], 0x7f ; marks UPX1 non writeable
lea eax, [edi + swri]
andb [eax], 0x7f // marks UPX0 non writeable
andb [eax + 0x28], 0x7f // marks UPX1 non writeable
%if 0
#if 0
push esp
push byte 2 ; PAGE_READONLY
%else
push 2 // PAGE_READONLY
#else
pop eax
push eax
push esp
push eax ; restore protection
%endif
push eax // restore protection
#endif
push ebx
push edi
call ebp
pedep9:
pop eax ; restore stack
%endif; __PEDEPHAX__
pop eax // restore stack
; __PEMAIN20__
popad
section PEMAIN20
popa
; clear the dirty stack
%macro clearstack128 1
lea %1, [esp - 128]
%%clearst0:
push byte 0
cmp esp, %1
jnz %%clearst0
sub esp, byte -128
%endmacro
// clear the dirty stack
.macro clearstack128 tmp_reg
lea \tmp_reg, [esp - 128]
c1:
push 0
cmp esp, \tmp_reg
jnzs c1
sub esp, -128
.endm
%ifdef __PERETURN_CLEARSTACK__
section CLEARSTACK
clearstack128 eax
%endif; __PERETURN_CLEARSTACK9__
%ifdef __PEDOJUMP_CLEARSTACK__
clearstack128 eax
%endif; __PEDOJUMP_CLEARSTACK9__
; __PEMAIN21__
section PEMAIN21
reloc_end_jmp:
%ifdef __PERETURN__
section PERETURN
xor eax, eax
inc eax
retn 0x0C
%else; __PEDOJUMP__
jmpn .1+'JMPO'
.1:
%endif; __PEDUMMY3__
ret 0x0C
section PEDOJUMP
jmp original_entry
; =============
; ============= CUT HERE
; =============
// =============
// ============= CUT HERE
// =============
%include "include/header.ash"
#include "include/header2.ash"
eof:
; __PETHEEND__
section .data
dd -1
dw eof
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap