jory/upx
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

i386 conversion stub conversion; nrv2b_d32_2.ash etc.

Browse Source
This commit is contained in:
John Reiser 2006-07-12 11:15:14 -07:00
parent e39b7ffe30
commit 0b8825fecb
41 changed files with 32992 additions and 11048 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

156
src/linker.cpp
View File

@ -346,6 +346,42 @@ unsigned char *SimpleLinker::getLoader(int *llen)
}
/*************************************************************************
//
**************************************************************************/
ElfLinker::Section::Section(const char *n, const void *i, unsigned s) :
name(strdup(n)), output(NULL), size(s), offset(0), next(NULL)
{
assert(name);
input = malloc(s + 1);
assert(input);
memcpy(input, i, s);
}
ElfLinker::Section::~Section()
{
free(name);
free(input);
}
ElfLinker::Symbol::Symbol(const char *n, Section *s, unsigned o) :
name(strdup(n)), section(s), offset(o)
{
assert(name);
}
ElfLinker::Symbol::~Symbol()
{
free(name);
}
ElfLinker::Relocation::Relocation(Section *s, unsigned o, const char *t,
Symbol *v, unsigned a) :
section(s), offset(o), type(t), value(v), add(a)
{}
void ElfLinker::preprocessSections(char *start, const char *end)
{
nsections = 0;
@ -390,10 +426,9 @@ void ElfLinker::preprocessSymbols(char *start, const char *end)
char *s = strstr(start, symbol);
s[strlen(symbol)] = 0;
assert(nsymbols < TABLESIZE(symbols));
if (strcmp(section, "*UND*") == 0)
offset = 0xdeaddead;
symbols[nsymbols++] = Symbol(s, findSection(section), offset);
addSymbol(s, section, offset);
//printf("symbol %s preprocessed o=%x\n", s, offset);
}
@ -433,9 +468,7 @@ void ElfLinker::preprocessRelocations(char *start, const char *end)
sscanf(p + 3, "%x", &add);
}
assert(nrelocations < TABLESIZE(relocations));
relocations[nrelocations++] = Relocation(section, offset, t,
findSymbol(symbol), add);
addRelocation(section->name, offset, t, symbol, add);
//printf("relocation %s %x preprocessed\n", section->name, offset);
}
@ -447,8 +480,8 @@ void ElfLinker::preprocessRelocations(char *start, const char *end)
ElfLinker::Section *ElfLinker::findSection(const char *name)
{
for (unsigned ic = 0; ic < nsections; ic++)
if (strcmp(sections[ic].name, name) == 0)
return sections + ic;
if (strcmp(sections[ic]->name, name) == 0)
return sections[ic];
printf("unknown section %s\n", name);
abort();
@ -458,21 +491,54 @@ ElfLinker::Section *ElfLinker::findSection(const char *name)
ElfLinker::Symbol *ElfLinker::findSymbol(const char *name)
{
for (unsigned ic = 0; ic < nsymbols; ic++)
if (strcmp(symbols[ic].name, name) == 0)
return symbols + ic;
if (strcmp(symbols[ic]->name, name) == 0)
return symbols[ic];
printf("unknown symbol %s\n", name);
abort();
return NULL;
}
ElfLinker::ElfLinker() : input(NULL), output(NULL), head(NULL), tail(NULL)
void ElfLinker::addSymbol(const char *name, const char *section,
unsigned offset)
{
symbols = static_cast<Symbol **>(realloc(symbols, (nsymbols + 1)
* sizeof(Symbol *)));
assert(symbols);
symbols[nsymbols++] = new Symbol(name, findSection(section), offset);
}
void ElfLinker::addRelocation(const char *section, unsigned off,
const char *type, const char *symbol,
unsigned add)
{
relocations = static_cast<Relocation **>(realloc(relocations,
(nrelocations + 1)
* sizeof(Relocation *)));
assert(relocations);
relocations[nrelocations++] = new Relocation(findSection(section), off,
type, findSymbol(symbol), add);
}
ElfLinker::ElfLinker() : input(NULL), output(NULL), head(NULL), tail(NULL),
sections(NULL), symbols(NULL), relocations(NULL)
{}
ElfLinker::~ElfLinker()
{
delete [] input;
delete [] output;
unsigned ic;
for (ic = 0; ic < nsections; ic++)
delete sections[ic];
free(sections);
for (ic = 0; ic < nsymbols; ic++)
delete symbols[ic];
free(symbols);
for (ic = 0; ic < nrelocations; ic++)
delete relocations[ic];
free(relocations);
}
void ElfLinker::init(const void *pdata, int plen, int)
@ -504,8 +570,8 @@ void ElfLinker::init(const void *pdata, int plen, int)
void ElfLinker::setLoaderAlignOffset(int phase)
{
// FIXME: do not use this yet
assert(phase & 0);
//assert(phase & 0);
printf("\nFIXME: ElfLinker::setLoaderAlignOffset %d\n", phase);
}
int ElfLinker::addSection(const char *sname)
@ -562,8 +628,10 @@ int ElfLinker::addSection(const char *sname)
void ElfLinker::addSection(const char *sname, const void *sdata, int slen)
{
assert(!frozen);
assert(nsections < TABLESIZE(sections));
sections[nsections++] = Section(sname, sdata, slen);
sections = static_cast<Section **>(realloc(sections, (nsections + 1)
* sizeof(Section *)));
assert(sections);
sections[nsections++] = new Section(sname, sdata, slen);
}
void ElfLinker::freeze()
@ -598,7 +666,7 @@ void ElfLinker::relocate()
for (unsigned ic = 0; ic < nrelocations; ic++)
{
Relocation *rel = relocations + ic;
Relocation *rel = relocations[ic];
if (rel->section->output == NULL)
continue;
if (rel->value->section->output == NULL)
@ -675,6 +743,16 @@ void ElfLinkerX86::align(unsigned len)
alignWithByte(len, 0x90);
}
void ElfLinkerAMD64::align(unsigned len)
{
alignWithByte(len, 0x90);
}
void ElfLinkerPpc32::align(unsigned len)
{
alignWithByte(len, 0);
}
void ElfLinkerX86::relocate1(Relocation *rel, upx_byte *location,
unsigned value, const char *type)
{
@ -698,6 +776,54 @@ void ElfLinkerX86::relocate1(Relocation *rel, upx_byte *location,
super::relocate1(rel, location, value, type);
}
void ElfLinkerAMD64::relocate1(Relocation *rel, upx_byte *location,
unsigned value, const char *type)
{
if (strncmp(type, "R_X86_64_", 9))
return super::relocate1(rel, location, value, type);
type += 9;
if (strncmp(type, "PC", 2) == 0)
{
value -= rel->section->offset + rel->offset;
type += 2;
}
if (strcmp(type, "8") == 0)
*location += value;
else if (strcmp(type, "16") == 0)
set_le16(location, get_le16(location) + value);
else if (strcmp(type, "32") == 0)
set_le32(location, get_le32(location) + value);
else
super::relocate1(rel, location, value, type);
}
void ElfLinkerPpc32::relocate1(Relocation *rel, upx_byte *location,
unsigned value, const char *type)
{
if (strncmp(type, "R_PPC_", 6))
return super::relocate1(rel, location, value, type);
type += 6;
if (strncmp(type, "REL", 3) == 0)
{
value -= rel->section->offset + rel->offset;
type += 3;
}
// FIXME: more relocs
if (strcmp(type, "8") == 0)
*location += value;
else if (strcmp(type, "16") == 0)
set_le16(location, get_le16(location) + value);
else if (strcmp(type, "32") == 0)
set_le32(location, get_le32(location) + value);
else
super::relocate1(rel, location, value, type);
}
void ElfLinkerArmLE::relocate1(Relocation *rel, upx_byte *location,
unsigned value, const char *type)
{

116
src/linker.h
View File

@ -151,52 +151,18 @@ typedef TSimpleLinker<NBELE::BEPolicy> SimpleBELinker;
typedef TSimpleLinker<NBELE::LEPolicy> SimpleLELinker;
class ElfLinker : public Linker
/*************************************************************************
// ElfLinker
**************************************************************************/
class ElfLinker : public Linker, private nocopy
{
typedef Linker super;
protected:
struct Section
{
const char *name;
const void *input;
upx_byte *output;
unsigned size;
unsigned offset;
Section *next;
Section(){}
Section(const char *n, const void *i, unsigned s) :
name(n), input(i), output(NULL), size(s), offset(0), next(NULL)
{}
};
struct Symbol
{
const char *name;
Section *section;
unsigned offset;
Symbol(){}
Symbol(const char *n, Section *s, unsigned o) :
name(n), section(s), offset(o)
{}
};
struct Relocation
{
Section *section;
unsigned offset;
const char *type;
Symbol *value;
unsigned add; // used in .rela relocations
Relocation(){}
Relocation(Section *s, unsigned o, const char *t,
Symbol *v, unsigned a) :
section(s), offset(o), type(t), value(v), add(a)
{}
};
struct Section;
struct Symbol;
struct Relocation;
upx_byte *input;
int inputlen;
@ -206,9 +172,9 @@ protected:
Section *head;
Section *tail;
Section sections[550];
Symbol symbols[1000];
Relocation relocations[2000];
Section **sections;
Symbol **symbols;
Relocation **relocations;
unsigned nsections;
unsigned nsymbols;
@ -220,6 +186,10 @@ protected:
Section *findSection(const char *name);
Symbol *findSymbol(const char *name);
void addSymbol(const char *name, const char *section, unsigned offset);
void addRelocation(const char *section, unsigned off, const char *type,
const char *symbol, unsigned add);
public:
ElfLinker();
@ -248,6 +218,42 @@ protected:
unsigned value, const char *type);
};
struct ElfLinker::Section : private nocopy
{
char *name;
void *input;
upx_byte *output;
unsigned size;
unsigned offset;
Section *next;
Section(const char *n, const void *i, unsigned s);
~Section();
};
struct ElfLinker::Symbol : private nocopy
{
char *name;
Section *section;
unsigned offset;
Symbol(const char *n, Section *s, unsigned o);
~Symbol();
};
struct ElfLinker::Relocation : private nocopy
{
Section *section;
unsigned offset;
const char *type;
Symbol *value;
unsigned add; // used in .rela relocations
Relocation(Section *s, unsigned o, const char *t,
Symbol *v, unsigned a);
};
class ElfLinkerX86 : public ElfLinker
{
typedef ElfLinker super;
@ -258,6 +264,26 @@ protected:
unsigned value, const char *type);
};
class ElfLinkerAMD64 : public ElfLinker
{
typedef ElfLinker super;
protected:
virtual void align(unsigned len);
virtual void relocate1(Relocation *, upx_byte *location,
unsigned value, const char *type);
};
class ElfLinkerPpc32 : public ElfLinker
{
typedef ElfLinker super;
protected:
virtual void align(unsigned len);
virtual void relocate1(Relocation *, upx_byte *location,
unsigned value, const char *type);
};
class ElfLinkerArmLE : public ElfLinker
{
typedef ElfLinker super;

48
src/p_lx_elf.cpp
View File

@ -148,11 +148,26 @@ PackLinuxElf::PackLinuxElf(InputFile *f)
sz_phdrs(0), sz_elf_hdrs(0),
e_machine(0), ei_class(0), ei_data(0), ei_osabi(0)
{
delete[] file_image;
}
PackLinuxElf::~PackLinuxElf()
{
delete[] file_image;
}
Linker *PackLinuxElf::newLinker() const
{
return new ElfLinker;
}
void
PackLinuxElf::addStubEntrySections(
upx_byte const *const proto,
unsigned const szproto
)
{
linker->addSection("ELFMAINX", proto, szproto);
addLoader("ELFMAINX", NULL);
}
PackLinuxElf32::PackLinuxElf32(InputFile *f)
@ -176,6 +191,11 @@ PackLinuxElf64::~PackLinuxElf64()
delete[] phdri;
}
Linker* PackLinuxElf64amd::newLinker() const
{
return new ElfLinkerAMD64;
}
int const *
PackLinuxElf::getCompressionMethods(int method, int level) const
{
@ -361,7 +381,7 @@ PackLinuxElf32x86::buildLinuxLoader(
// This adds the definition to the "library", to be used later.
linker->addSection("FOLDEXEC", cprLoader, sizeof(h) + sz_cpr);
delete [] cprLoader;
// FIXME: memory leak delete [] cprLoader;
int const n_mru = ft->n_mru; // FIXME: belongs to filter? packerf?
@ -448,7 +468,9 @@ PackLinuxElf32x86::buildLinuxLoader(
// PackHeader and overlay_offset at the end of the output file,
// after the compressed data.
return getLoaderSize();
unsigned const lsize = getLoaderSize();
linker->relocate();
return lsize;
}
int
@ -502,9 +524,8 @@ PackLinuxElf32::buildLinuxLoader(
//int const GAP = 128; // must match stub/l_mac_ppc.S
//segcmdo.vmsize += sz_unc - sz_cpr + GAP + 64;
linker->addSection("ELFMAINX", proto, szproto);
addStubEntrySections(proto, szproto);
addLoader("ELFMAINX", NULL);
addLoader("FOLDEXEC", NULL);
freezeLoader();
return getLoaderSize();
@ -558,14 +579,22 @@ PackLinuxElf64::buildLinuxLoader(
linker->addSection("FOLDEXEC", cprLoader, sizeof(h) + sz_cpr);
delete [] cprLoader;
linker->addSection("ELFMAINX", proto, szproto);
addStubEntrySections(proto, szproto);
addLoader("ELFMAINX", NULL);
addLoader("FOLDEXEC", NULL);
freezeLoader();
return getLoaderSize();
}
void
PackLinuxElf64amd::addStubEntrySections(
upx_byte const *const /*proto*/,
unsigned const /*szproto*/
)
{
// FIXME
}
static const
#include "stub/i386-linux.elf-entry.h"
static const
@ -1986,6 +2015,11 @@ PackLinuxElf32x86::~PackLinuxElf32x86()
{
}
Linker* PackLinuxElf32x86::newLinker() const
{
return new ElfLinkerX86;
}
PackBSDElf32x86::PackBSDElf32x86(InputFile *f) : super(f)
{
e_machine = Elf32_Ehdr::EM_386;

5
src/p_lx_elf.h
View File

@ -54,11 +54,13 @@ protected:
//virtual void pack3(OutputFile *, Filter &) = 0; // append loader
virtual void pack4(OutputFile *, Filter &) = 0; // append pack header
virtual Linker* newLinker() const;
virtual void generateElfHdr(
OutputFile *,
void const *proto,
unsigned const brka
) = 0;
virtual void addStubEntrySections(upx_byte const *, unsigned);
virtual void unpack(OutputFile *fo) = 0;
protected:
@ -285,6 +287,8 @@ protected:
virtual void pack3(OutputFile *, Filter &); // append loader
virtual const int *getCompressionMethods(int method, int level) const;
virtual int buildLoader(const Filter *);
virtual Linker* newLinker() const;
virtual void addStubEntrySections(upx_byte const *, unsigned);
};
/*************************************************************************
@ -326,6 +330,7 @@ protected:
virtual void pack1(OutputFile *, Filter &); // generate executable header
virtual int buildLoader(const Filter *);
virtual Linker* newLinker() const;
virtual int buildLinuxLoader(
upx_byte const *const proto, // assembly-only sections
unsigned const szproto,

54
src/stub/Makefile
View File

@ -332,9 +332,11 @@ tc.i386-bsd.elf.objdump = $(call tc,m-objdump)
tc.i386-bsd.elf.objstrip = $(call tc,objcopy) -R .comment -R .note
i386-bsd.elf-entry.h : $(srcdir)/src/$$T.asm
$(call tc,pp-nasm) $< -o tmp/$T.tmp1
$(call tc,app-nasm) tmp/$T.tmp1 tmp/$T.tmp2
$(call tc,nasm) -f bin -l tmp/$T.bin.lst tmp/$T.tmp2 -o tmp/$T.bin
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.bin
$(call tc,m-objcopy) --strip-unneeded tmp/$T.bin
$(call tc,m-objcopy) -R .text -R .data -R .bss tmp/$T.bin
$(call tc,m-objcopy) -R .note -R .comment tmp/$T.bin
$(call tc,m-objdump) -trwh tmp/$T.bin >> tmp/$T.bin
$(call tc,bin2h) --ident=bsd_i386elf_loader tmp/$T.bin $@
i386-bsd.elf-fold.h : tmp/$$T.o tmp/i386-bsd.elf-main.o $(srcdir)/src/$$T.lds
@ -345,10 +347,10 @@ i386-bsd.elf-fold.h : tmp/$$T.o tmp/i386-bsd.elf-main.o $(srcdir)/src/$$T.lds
$(call tc,bin2h) --ident=bsd_i386elf_fold tmp/$T.bin $@
tmp/i386-bsd.elf-fold.o : $(srcdir)/src/$$T.asm
$(call tc,nasm) -f elf -l $@.lst $< -o $@
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.o
$(call tc,objstrip) $@
tmp/i386-bsd.elf-main.o : $(srcdir)/src/$$T.c
tmp/i386-bsd.elf-main.o : $(srcdir)/src/$$T.c
$(call tc,gcc) -c $< -o $@
$(call tc,objstrip) $@
@ -380,7 +382,7 @@ i386-openbsd.elf-fold.h : tmp/$$T.o tmp/i386-openbsd.elf-main.o $(srcdir)/src/i3
$(call tc,bin2h) --ident=openbsd_i386elf_fold tmp/$T.bin $@
tmp/i386-openbsd.elf-fold.o : $(srcdir)/src/$$T.asm
$(call tc,nasm) -f elf -l $@.lst $< -o $@
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.o
$(call tc,objstrip) $@
tmp/i386-openbsd.elf-main.o : $(srcdir)/src/$$T.c
@ -459,9 +461,11 @@ tc.i386-linux.elf.objdump = $(call tc,m-objdump)
tc.i386-linux.elf.objstrip = $(call tc,objcopy) -R .comment -R .note
i386-linux.elf-entry.h : $(srcdir)/src/$$T.asm
$(call tc,pp-nasm) $< -o tmp/$T.tmp1
$(call tc,app-nasm) tmp/$T.tmp1 tmp/$T.tmp2
$(call tc,nasm) -f bin -l tmp/$T.bin.lst tmp/$T.tmp2 -o tmp/$T.bin
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.bin
$(call tc,m-objcopy) --strip-unneeded tmp/$T.bin
$(call tc,m-objcopy) -R .text -R .data -R .bss tmp/$T.bin
$(call tc,m-objcopy) -R .note -R .comment tmp/$T.bin
$(call tc,m-objdump) -trwh tmp/$T.bin >> tmp/$T.bin
$(call tc,bin2h) --ident=linux_i386elf_loader tmp/$T.bin $@
i386-linux.elf-fold.h : tmp/$$T.o tmp/i386-linux.elf-main.o $(srcdir)/src/$$T.lds
@ -472,7 +476,7 @@ i386-linux.elf-fold.h : tmp/$$T.o tmp/i386-linux.elf-main.o $(srcdir)/src/$$T.ld
$(call tc,bin2h) --ident=linux_i386elf_fold tmp/$T.bin $@
tmp/i386-linux.elf-fold.o : $(srcdir)/src/$$T.asm
$(call tc,nasm) -f elf -l $@.lst $< -o $@
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.o
$(call tc,objstrip) $@
tmp/i386-linux.elf-main.o : $(srcdir)/src/$$T.c
@ -487,9 +491,11 @@ tmp/i386-linux.elf-main.o : $(srcdir)/src/$$T.c
# note: tc_list settings are inherited from i386-linux.elf
i386-linux.elf.execve-entry.h : $(srcdir)/src/$$T.asm
$(call tc,pp-nasm) --MMD=$@ $< -o tmp/$T.tmp1
$(call tc,app-nasm) tmp/$T.tmp1 tmp/$T.tmp2
$(call tc,nasm) -f bin -l tmp/$T.bin.lst tmp/$T.tmp2 -o tmp/$T.bin
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.bin
$(call tc,m-objcopy) --strip-unneeded tmp/$T.bin
$(call tc,m-objcopy) -R .text -R .data -R .bss tmp/$T.bin
$(call tc,m-objcopy) -R .note -R .comment tmp/$T.bin
$(call tc,m-objdump) -trwh tmp/$T.bin >> tmp/$T.bin
$(call tc,bin2h) --ident=linux_i386exec_loader tmp/$T.bin $@
i386-linux.elf.execve-fold.h : tmp/$$T.o tmp/i386-linux.elf.execve-main.o tmp/i386-linux.elf.execve-upx_itoa.o $(srcdir)/src/$$T.lds
@ -500,7 +506,7 @@ i386-linux.elf.execve-fold.h : tmp/$$T.o tmp/i386-linux.elf.execve-main.o tmp/i3
$(call tc,bin2h) --ident=linux_i386exec_fold tmp/$T.bin $@
tmp/i386-linux.elf.execve-fold.o : $(srcdir)/src/$$T.asm
$(call tc,nasm) -f elf -l $@.lst $< -o $@
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.o
$(call tc,objstrip) $@
tmp/i386-linux.elf.execve-main.o : $(srcdir)/src/$$T.c
@ -519,9 +525,11 @@ tmp/i386-linux.elf.execve-upx_itoa.o: $(srcdir)/src/$$T.asm
# note: tc_list settings are inherited from i386-linux.elf
i386-linux.elf.interp-entry.h : $(srcdir)/src/$$T.asm
$(call tc,pp-nasm) --MMD=$@ $< -o tmp/$T.tmp1
$(call tc,app-nasm) tmp/$T.tmp1 tmp/$T.tmp2
$(call tc,nasm) -f bin -l tmp/$T.bin.lst tmp/$T.tmp2 -o tmp/$T.bin
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.bin
$(call tc,m-objcopy) --strip-unneeded tmp/$T.bin
$(call tc,m-objcopy) -R .text -R .data -R .bss tmp/$T.bin
$(call tc,m-objcopy) -R .note -R .comment tmp/$T.bin
$(call tc,m-objdump) -trwh tmp/$T.bin >> tmp/$T.bin
$(call tc,bin2h) --ident=linux_i386pti_loader tmp/$T.bin $@
i386-linux.elf.interp-fold.h : tmp/$$T.o tmp/i386-linux.elf.interp-main.o $(srcdir)/src/$$T.lds
@ -532,7 +540,7 @@ i386-linux.elf.interp-fold.h : tmp/$$T.o tmp/i386-linux.elf.interp-main.o $(srcd
$(call tc,bin2h) --ident=linux_i386pti_fold tmp/$T.bin $@
tmp/i386-linux.elf.interp-fold.o : $(srcdir)/src/$$T.asm
$(call tc,nasm) -f elf -l $@.lst $< -o $@
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.o
$(call tc,objstrip) $@
tmp/i386-linux.elf.interp-main.o : $(srcdir)/src/$$T.c
@ -547,9 +555,11 @@ tmp/i386-linux.elf.interp-main.o : $(srcdir)/src/$$T.c
# note: tc_list settings are inherited from i386-linux.elf
i386-linux.elf.shell-entry.h : $(srcdir)/src/$$T.asm
$(call tc,pp-nasm) --MMD=$@ $< -o tmp/$T.tmp1
$(call tc,app-nasm) tmp/$T.tmp1 tmp/$T.tmp2
$(call tc,nasm) -f bin -l tmp/$T.bin.lst tmp/$T.tmp2 -o tmp/$T.bin
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.bin
$(call tc,m-objcopy) --strip-unneeded tmp/$T.bin
$(call tc,m-objcopy) -R .text -R .data -R .bss tmp/$T.bin
$(call tc,m-objcopy) -R .note -R .comment tmp/$T.bin
$(call tc,m-objdump) -trwh tmp/$T.bin >> tmp/$T.bin
$(call tc,bin2h) --ident=linux_i386sh_loader tmp/$T.bin $@
i386-linux.elf.shell-fold.h : tmp/$$T.o tmp/i386-linux.elf.shell-main.o $(srcdir)/src/$$T.lds
@ -560,7 +570,7 @@ i386-linux.elf.shell-fold.h : tmp/$$T.o tmp/i386-linux.elf.shell-main.o $(srcdir
$(call tc,bin2h) --ident=linux_i386sh_fold tmp/$T.bin $@
tmp/i386-linux.elf.shell-fold.o : $(srcdir)/src/$$T.asm
$(call tc,nasm) -f elf -l $@.lst $< -o $@
$(call tc,gcc) -c -x assembler-with-cpp $< -o tmp/$T.o
$(call tc,objstrip) $@
tmp/i386-linux.elf.shell-main.o : $(srcdir)/src/$$T.c

4046
src/stub/i386-bsd.elf-entry.h
View File

File diff suppressed because it is too large Load Diff

3052
src/stub/i386-dos32.djgpp2.h
View File

File diff suppressed because it is too large Load Diff

3172
src/stub/i386-dos32.tmt.h
View File

File diff suppressed because it is too large Load Diff

3266
src/stub/i386-dos32.watcom.le.h
View File

File diff suppressed because it is too large Load Diff

4047
src/stub/i386-linux.elf-entry.h
View File

File diff suppressed because it is too large Load Diff

4068
src/stub/i386-linux.elf.execve-entry.h
View File

File diff suppressed because it is too large Load Diff

4833
src/stub/i386-linux.elf.interp-entry.h
View File

File diff suppressed because it is too large Load Diff

193
src/stub/i386-linux.elf.interp-fold.h
View File

@ -1,4 +1,4 @@
/* i386-linux.elf.interp-fold.h -- created from i386-linux.elf.interp-fold.bin, 1531 (0x5fb) bytes
/* i386-linux.elf.interp-fold.h -- created from i386-linux.elf.interp-fold.bin, 1519 (0x5ef) bytes
This file is part of the UPX executable compressor.
@ -27,105 +27,104 @@
*/
#define LINUX_I386PTI_FOLD_SIZE 1531
#define LINUX_I386PTI_FOLD_ADLER32 0x54fe990e
#define LINUX_I386PTI_FOLD_CRC32 0xa290f522
#define LINUX_I386PTI_FOLD_SIZE 1519
#define LINUX_I386PTI_FOLD_ADLER32 0xe82498de
#define LINUX_I386PTI_FOLD_CRC32 0xd7e223de
unsigned char linux_i386pti_fold[1531] = {
unsigned char linux_i386pti_fold[1519] = {
127, 69, 76, 70, 1, 1, 1, 0, 76,105,110,117,120, 0, 0, 0, /* 0x 0 */
2, 0, 3, 0, 1, 0, 0, 0,128, 0, 1, 0, 52, 0, 0, 0, /* 0x 10 */
2, 0, 3, 0, 1, 0, 0, 0,116, 0, 1, 0, 52, 0, 0, 0, /* 0x 10 */
0, 0, 0, 0, 0, 0, 0, 0, 52, 0, 32, 0, 2, 0, 0, 0, /* 0x 20 */
0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, /* 0x 30 */
0, 0, 1, 0,251, 5, 0, 0,252, 5, 0, 0, 5, 0, 0, 0, /* 0x 40 */
0, 16, 0, 0, 1, 0, 0, 0,251, 5, 0, 0, 0, 0, 0, 0, /* 0x 50 */
0, 0, 1, 0,239, 5, 0, 0,240, 5, 0, 0, 5, 0, 0, 0, /* 0x 40 */
0, 16, 0, 0, 1, 0, 0, 0,239, 5, 0, 0, 0, 0, 0, 0, /* 0x 50 */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 60 */
0, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 70 */
93, 89, 88,141,124,132, 4, 80, 41,192,175,117,253,175,137,254, /* 0x 80 */
139, 6,131,248, 3,116, 8,131,198, 8,131,248, 0,117,241,139, /* 0x 90 */
94, 4, 83,129,236, 0, 10, 0, 0,137,226, 81,141, 67, 88,139, /* 0x a0 */
115, 24, 41,198,139, 24,139, 72, 4,131,193, 12, 96,232, 62, 4, /* 0x b0 */
0, 0,129,196, 36, 10, 0, 0, 91, 80,139, 75, 20,139, 91, 8, /* 0x c0 */
184, 91, 0, 0, 0,205,128, 41,192, 41,201, 41,210, 41,219, 41, /* 0x d0 */
237, 41,246, 41,255,195, 83,141, 92, 36, 8,106, 90, 88,205,128, /* 0x e0 */
91,195, 0, 0, 87, 86,137,206, 83,137,195, 57, 8,139,120, 4, /* 0x f0 */
115, 10,106,127, 91,106, 1, 88,205,128,235,254,133,201,116, 8, /* 0x 100 */
138, 7, 71,136, 2, 66,226,248, 1,115, 4, 41, 51, 91, 94, 95, /* 0x 110 */
195, 85,137,229, 87, 86,137,198, 83,137,211,131,236, 20,139,125, /* 0x 120 */
12,131, 58, 0, 15,132,185, 0, 0, 0,141, 85,228,185, 12, 0, /* 0x 130 */
0, 0,137,240,232,171,255,255,255,139, 69,228,139, 77,232,133, /* 0x 140 */
192,117, 19,129,249, 85, 80, 88, 33,117, 15,131, 62, 0, 15,132, /* 0x 150 */
143, 0, 0, 0,235, 4,133,201,117, 10,106,127, 91,106, 1, 88, /* 0x 160 */
205,128,235,254, 57,193,119,242, 59, 3,119,238, 57,193,115, 86, /* 0x 170 */
137, 69,224, 15,182, 69,236, 80,255, 85, 8, 90,141, 85,224,255, /* 0x 180 */
117,236, 82,255,115, 4,255,117,232,255,118, 4,255, 16,131,196, /* 0x 190 */
20,133,192,117,197,139, 69,228, 57, 69,224,117,189,138, 69,237, /* 0x 1a0 */
132,192,116, 24, 15,182,192, 80,255,215, 15,182, 85,238,137, 20, /* 0x 1b0 */
36,255,117,224,255,115, 4,255, 16,131,196, 12,139, 69,232, 1, /* 0x 1c0 */
70, 4, 41, 6,235, 10,139, 83, 4,137,240,232, 20,255,255,255, /* 0x 1d0 */
139, 85,228,139, 3, 1, 83, 4, 41,208,133,192,137, 3,233, 65, /* 0x 1e0 */
255,255,255,141,101,244, 91, 94, 95,201,195,133,210,137,209,116, /* 0x 1f0 */
6,198, 0, 0, 64,226,250,195,133,192, 83,137,211,116, 29,168, /* 0x 200 */
1,117, 25,139, 16, 57,218,116, 7, 74,117, 11,133,219,116, 7, /* 0x 210 */
137, 24,137, 72, 4,235, 5,131,192, 8,235,231, 91,195, 85,137, /* 0x 220 */
229, 87, 86, 83,131,236, 84,137, 69,228,139, 69, 8,137, 85,224, /* 0x 230 */
139, 77, 16,137, 69,220, 3, 64, 28,139, 93,220,137, 77,212,139, /* 0x 240 */
85, 12,137, 69,208, 49,192,102,131,123, 16, 3,137, 85,216, 15, /* 0x 250 */
183, 75, 44,139, 85,208, 15,149,192,131,206,255,193,224, 4,131, /* 0x 260 */
192, 34, 49,219,137, 69,184,137,200, 49,255, 72,120, 31,131, 58, /* 0x 270 */
1,117, 21,139, 66, 8, 57,240,115, 5,137,198,139,122, 16, 3, /* 0x 280 */
66, 20, 57,195,115, 2,137,195,131,194, 32,226,225,137,240,129, /* 0x 290 */
230, 0,240,255,255,106, 0, 41,243,106, 0, 37,255, 15, 0, 0, /* 0x 2a0 */
137,117,188,141,179,255, 15, 0, 0,255,117,184,129,230, 0,240, /* 0x 2b0 */
255,255,106, 7, 86,255,117,188,141,188, 7,255, 15, 0, 0,232, /* 0x 2c0 */
18,254,255,255,129,231, 0,240,255,255,137,194,137,195, 1,242, /* 0x 2d0 */
41,254,131,196, 24,137, 69,172,137, 85,240, 1,251,137,241,106, /* 0x 2e0 */
91, 88,205,128,139, 69,220,199, 69,196, 0, 0, 0, 0,139, 93, /* 0x 2f0 */
172, 43, 93,188,102,131,120, 44, 0,137, 93,204, 15,132,180, 1, /* 0x 300 */
0, 0,139, 85,208,139, 2,131,248, 6,117, 24,139, 77,204, 3, /* 0x 310 */
74, 8,186, 3, 0, 0, 0,139, 69,212,232,217,254,255,255,233, /* 0x 320 */
123, 1, 0, 0, 72, 15,133,116, 1, 0, 0,139, 93,208,199, 69, /* 0x 330 */
192, 64, 98, 81,115,139, 75, 24,139, 67, 8,131,225, 7,139, 83, /* 0x 340 */
16,193,225, 2,137, 69,236,211,109,192,137,193, 3, 75, 20,137, /* 0x 350 */
195,129,227,255, 15, 0, 0,137, 85,232,141, 60, 26,139, 85,204, /* 0x 360 */
41,216,131,101,192, 7, 1,209,141, 52, 16,137, 77,176,139, 77, /* 0x 370 */
208,139, 65, 4, 41,216,131,125,216, 1, 80,255,117,228, 25,192, /* 0x 380 */
131,224,224,131,192, 50,131,125,216, 0, 80,137,248,106, 3,116, /* 0x 390 */
3,141, 71, 3, 80, 86,232, 59,253,255,255,131,196, 24, 57,198, /* 0x 3a0 */
15,133,170, 0, 0, 0,131,125,216, 0,116, 19,255,117,224,255, /* 0x 3b0 */
117,228,139, 69,216,141, 85,232,232, 84,253,255,255, 89, 88,137, /* 0x 3c0 */
218,137,251,137,240,247,219,232, 31,254,255,255,129,227,255, 15, /* 0x 3d0 */
0, 0,141, 4, 62,137,218,137, 93,180,232, 12,254,255,255,131, /* 0x 3e0 */
125,216, 0,116, 91,139, 69,208,131, 56, 1,117, 83,246, 64, 24, /* 0x 3f0 */
1,116, 77,139, 93,208,137,194,139, 64, 20, 59, 67, 16,139, 82, /* 0x 400 */
8,141, 12, 16,117, 14,137,200,247,216, 37,255, 15, 0, 0,131, /* 0x 410 */
248, 3,119, 12,139, 69,208,141, 74, 12,131,120, 4, 0,117, 15, /* 0x 420 */
139, 1, 61,205,128, 97,195,116, 6,199, 1,205,128, 97,195,133, /* 0x 430 */
201,116, 13,139, 69,212, 49,210,131,224,254,232,184,253,255,255, /* 0x 440 */
137,243,137,249,139, 85,192,106,125, 88,205,128,133,192,116, 10, /* 0x 450 */
106,127, 91,106, 1, 88,205,128,235,254,139, 85,180,141, 4, 23, /* 0x 460 */
141, 28, 6, 59, 93,176,115, 30,106, 0,106, 0,106, 50,255,117, /* 0x 470 */
192, 41, 93,176,255,117,176, 83,232, 89,252,255,255,131,196, 24, /* 0x 480 */
57,195,116, 27,235,202,131,125,216, 0,116, 19,141, 79, 3,129, /* 0x 490 */
225,255, 15, 0, 0,131,249, 3,119, 5,106, 91, 88,205,128,139, /* 0x 4a0 */
77,220,255, 69,196, 15,183, 65, 44,131, 69,208, 32, 57, 69,196, /* 0x 4b0 */
15,140, 76,254,255,255,131,125,216, 0,117, 14,139, 93,228,106, /* 0x 4c0 */
6, 88,205,128,133,192,116, 20,235,134,139, 69,220,102,131,120, /* 0x 4d0 */
16, 3,116, 8,139, 93,240,106, 45, 88,205,128,139, 85,220,139, /* 0x 4e0 */
82, 24, 1, 85,204,139, 69,204,141,101,244, 91, 94, 95,201,195, /* 0x 4f0 */
85,137,229, 87, 86, 83,131,236, 16,141, 85, 24,139,125, 20,255, /* 0x 500 */
117, 40,141, 71, 52,139, 93, 8,255,117, 16,137, 69,240,139,117, /* 0x 510 */
32,141, 69, 32,232,248,251,255,255,139, 85,240,139, 69, 12,139, /* 0x 520 */
74, 8,186, 3, 0, 0, 0,137, 69, 32,137,216,131,193, 52, 41, /* 0x 530 */
117, 36,232,193,252,255,255, 15,183, 79, 42,137,216,186, 4, 0, /* 0x 540 */
0, 0,232,177,252,255,255, 15,183, 79, 44,137,216,186, 5, 0, /* 0x 550 */
0, 0,232,161,252,255,255,139, 79, 24,137,216,186, 9, 0, 0, /* 0x 560 */
0,232,146,252,255,255,141, 69, 32, 83,139, 85, 40, 80,139, 69, /* 0x 570 */
16, 87,232,167,252,255,255,102,139, 79, 44,131,196, 20, 49,210, /* 0x 580 */
102,133,201,137,195,116, 90,139, 69,240,131, 56, 3,117, 70, 49, /* 0x 590 */
201,139, 88, 8,137,202,106, 5, 88,205,128,133,192,137,198,120, /* 0x 5a0 */
21,186, 0, 2, 0, 0,137,195,137,249,106, 3, 88,205,128, 61, /* 0x 5b0 */
0, 2, 0, 0,116, 10,106,127, 91,106, 1, 88,205,128,235,254, /* 0x 5c0 */
106, 0, 49,210,106, 0,137,240, 87,232, 80,252,255,255,131,196, /* 0x 5d0 */
12,137,195,235, 12, 66, 15,183,193,131, 69,240, 32, 57,194,124, /* 0x 5e0 */
166,141,101,244,137,216, 91, 94, 95,201,195 /* 0x 5f0 */
0, 16, 0, 0, 93, 89, 88,141,124,132, 4, 80, 41,192,175,117, /* 0x 70 */
253,175,137,254,139, 6,131,248, 3,116, 8,131,198, 8,131,248, /* 0x 80 */
0,117,241,139, 94, 4, 83,129,236, 0, 10, 0, 0,137,226, 81, /* 0x 90 */
141, 67, 88,139,115, 24, 41,198,139, 24,139, 72, 4,131,193, 12, /* 0x a0 */
96,232, 62, 4, 0, 0,129,196, 36, 10, 0, 0, 91, 80,139, 75, /* 0x b0 */
20,139, 91, 8,184, 91, 0, 0, 0,205,128, 41,192, 41,201, 41, /* 0x c0 */
210, 41,219, 41,237, 41,246, 41,255,195, 83,141, 92, 36, 8,106, /* 0x d0 */
90, 88,205,128, 91,195, 0, 0, 87, 86,137,206, 83,137,195, 57, /* 0x e0 */
8,139,120, 4,115, 10,106,127, 91,106, 1, 88,205,128,235,254, /* 0x f0 */
133,201,116, 8,138, 7, 71,136, 2, 66,226,248, 1,115, 4, 41, /* 0x 100 */
51, 91, 94, 95,195, 85,137,229, 87, 86,137,198, 83,137,211,131, /* 0x 110 */
236, 20,139,125, 12,131, 58, 0, 15,132,185, 0, 0, 0,141, 85, /* 0x 120 */
228,185, 12, 0, 0, 0,137,240,232,171,255,255,255,139, 69,228, /* 0x 130 */
139, 77,232,133,192,117, 19,129,249, 85, 80, 88, 33,117, 15,131, /* 0x 140 */
62, 0, 15,132,143, 0, 0, 0,235, 4,133,201,117, 10,106,127, /* 0x 150 */
91,106, 1, 88,205,128,235,254, 57,193,119,242, 59, 3,119,238, /* 0x 160 */
57,193,115, 86,137, 69,224, 15,182, 69,236, 80,255, 85, 8, 90, /* 0x 170 */
141, 85,224,255,117,236, 82,255,115, 4,255,117,232,255,118, 4, /* 0x 180 */
255, 16,131,196, 20,133,192,117,197,139, 69,228, 57, 69,224,117, /* 0x 190 */
189,138, 69,237,132,192,116, 24, 15,182,192, 80,255,215, 15,182, /* 0x 1a0 */
85,238,137, 20, 36,255,117,224,255,115, 4,255, 16,131,196, 12, /* 0x 1b0 */
139, 69,232, 1, 70, 4, 41, 6,235, 10,139, 83, 4,137,240,232, /* 0x 1c0 */
20,255,255,255,139, 85,228,139, 3, 1, 83, 4, 41,208,133,192, /* 0x 1d0 */
137, 3,233, 65,255,255,255,141,101,244, 91, 94, 95,201,195,133, /* 0x 1e0 */
210,137,209,116, 6,198, 0, 0, 64,226,250,195,133,192, 83,137, /* 0x 1f0 */
211,116, 29,168, 1,117, 25,139, 16, 57,218,116, 7, 74,117, 11, /* 0x 200 */
133,219,116, 7,137, 24,137, 72, 4,235, 5,131,192, 8,235,231, /* 0x 210 */
91,195, 85,137,229, 87, 86, 83,131,236, 84,137, 69,228,139, 69, /* 0x 220 */
8,137, 85,224,139, 77, 16,137, 69,220, 3, 64, 28,139, 93,220, /* 0x 230 */
137, 77,212,139, 85, 12,137, 69,208, 49,192,102,131,123, 16, 3, /* 0x 240 */
137, 85,216, 15,183, 75, 44,139, 85,208, 15,149,192,131,206,255, /* 0x 250 */
193,224, 4,131,192, 34, 49,219,137, 69,184,137,200, 49,255, 72, /* 0x 260 */
120, 31,131, 58, 1,117, 21,139, 66, 8, 57,240,115, 5,137,198, /* 0x 270 */
139,122, 16, 3, 66, 20, 57,195,115, 2,137,195,131,194, 32,226, /* 0x 280 */
225,137,240,129,230, 0,240,255,255,106, 0, 41,243,106, 0, 37, /* 0x 290 */
255, 15, 0, 0,137,117,188,141,179,255, 15, 0, 0,255,117,184, /* 0x 2a0 */
129,230, 0,240,255,255,106, 7, 86,255,117,188,141,188, 7,255, /* 0x 2b0 */
15, 0, 0,232, 18,254,255,255,129,231, 0,240,255,255,137,194, /* 0x 2c0 */
137,195, 1,242, 41,254,131,196, 24,137, 69,172,137, 85,240, 1, /* 0x 2d0 */
251,137,241,106, 91, 88,205,128,139, 69,220,199, 69,196, 0, 0, /* 0x 2e0 */
0, 0,139, 93,172, 43, 93,188,102,131,120, 44, 0,137, 93,204, /* 0x 2f0 */
15,132,180, 1, 0, 0,139, 85,208,139, 2,131,248, 6,117, 24, /* 0x 300 */
139, 77,204, 3, 74, 8,186, 3, 0, 0, 0,139, 69,212,232,217, /* 0x 310 */
254,255,255,233,123, 1, 0, 0, 72, 15,133,116, 1, 0, 0,139, /* 0x 320 */
93,208,199, 69,192, 64, 98, 81,115,139, 75, 24,139, 67, 8,131, /* 0x 330 */
225, 7,139, 83, 16,193,225, 2,137, 69,236,211,109,192,137,193, /* 0x 340 */
3, 75, 20,137,195,129,227,255, 15, 0, 0,137, 85,232,141, 60, /* 0x 350 */
26,139, 85,204, 41,216,131,101,192, 7, 1,209,141, 52, 16,137, /* 0x 360 */
77,176,139, 77,208,139, 65, 4, 41,216,131,125,216, 1, 80,255, /* 0x 370 */
117,228, 25,192,131,224,224,131,192, 50,131,125,216, 0, 80,137, /* 0x 380 */
248,106, 3,116, 3,141, 71, 3, 80, 86,232, 59,253,255,255,131, /* 0x 390 */
196, 24, 57,198, 15,133,170, 0, 0, 0,131,125,216, 0,116, 19, /* 0x 3a0 */
255,117,224,255,117,228,139, 69,216,141, 85,232,232, 84,253,255, /* 0x 3b0 */
255, 89, 88,137,218,137,251,137,240,247,219,232, 31,254,255,255, /* 0x 3c0 */
129,227,255, 15, 0, 0,141, 4, 62,137,218,137, 93,180,232, 12, /* 0x 3d0 */
254,255,255,131,125,216, 0,116, 91,139, 69,208,131, 56, 1,117, /* 0x 3e0 */
83,246, 64, 24, 1,116, 77,139, 93,208,137,194,139, 64, 20, 59, /* 0x 3f0 */
67, 16,139, 82, 8,141, 12, 16,117, 14,137,200,247,216, 37,255, /* 0x 400 */
15, 0, 0,131,248, 3,119, 12,139, 69,208,141, 74, 12,131,120, /* 0x 410 */
4, 0,117, 15,139, 1, 61,205,128, 97,195,116, 6,199, 1,205, /* 0x 420 */
128, 97,195,133,201,116, 13,139, 69,212, 49,210,131,224,254,232, /* 0x 430 */
184,253,255,255,137,243,137,249,139, 85,192,106,125, 88,205,128, /* 0x 440 */
133,192,116, 10,106,127, 91,106, 1, 88,205,128,235,254,139, 85, /* 0x 450 */
180,141, 4, 23,141, 28, 6, 59, 93,176,115, 30,106, 0,106, 0, /* 0x 460 */
106, 50,255,117,192, 41, 93,176,255,117,176, 83,232, 89,252,255, /* 0x 470 */
255,131,196, 24, 57,195,116, 27,235,202,131,125,216, 0,116, 19, /* 0x 480 */
141, 79, 3,129,225,255, 15, 0, 0,131,249, 3,119, 5,106, 91, /* 0x 490 */
88,205,128,139, 77,220,255, 69,196, 15,183, 65, 44,131, 69,208, /* 0x 4a0 */
32, 57, 69,196, 15,140, 76,254,255,255,131,125,216, 0,117, 14, /* 0x 4b0 */
139, 93,228,106, 6, 88,205,128,133,192,116, 20,235,134,139, 69, /* 0x 4c0 */
220,102,131,120, 16, 3,116, 8,139, 93,240,106, 45, 88,205,128, /* 0x 4d0 */
139, 85,220,139, 82, 24, 1, 85,204,139, 69,204,141,101,244, 91, /* 0x 4e0 */
94, 95,201,195, 85,137,229, 87, 86, 83,131,236, 16,141, 85, 24, /* 0x 4f0 */
139,125, 20,255,117, 40,141, 71, 52,139, 93, 8,255,117, 16,137, /* 0x 500 */
69,240,139,117, 32,141, 69, 32,232,248,251,255,255,139, 85,240, /* 0x 510 */
139, 69, 12,139, 74, 8,186, 3, 0, 0, 0,137, 69, 32,137,216, /* 0x 520 */
131,193, 52, 41,117, 36,232,193,252,255,255, 15,183, 79, 42,137, /* 0x 530 */
216,186, 4, 0, 0, 0,232,177,252,255,255, 15,183, 79, 44,137, /* 0x 540 */
216,186, 5, 0, 0, 0,232,161,252,255,255,139, 79, 24,137,216, /* 0x 550 */
186, 9, 0, 0, 0,232,146,252,255,255,141, 69, 32, 83,139, 85, /* 0x 560 */
40, 80,139, 69, 16, 87,232,167,252,255,255,102,139, 79, 44,131, /* 0x 570 */
196, 20, 49,210,102,133,201,137,195,116, 90,139, 69,240,131, 56, /* 0x 580 */
3,117, 70, 49,201,139, 88, 8,137,202,106, 5, 88,205,128,133, /* 0x 590 */
192,137,198,120, 21,186, 0, 2, 0, 0,137,195,137,249,106, 3, /* 0x 5a0 */
88,205,128, 61, 0, 2, 0, 0,116, 10,106,127, 91,106, 1, 88, /* 0x 5b0 */
205,128,235,254,106, 0, 49,210,106, 0,137,240, 87,232, 80,252, /* 0x 5c0 */
255,255,131,196, 12,137,195,235, 12, 66, 15,183,193,131, 69,240, /* 0x 5d0 */
32, 57,194,124,166,141,101,244,137,216, 91, 94, 95,201,195 /* 0x 5e0 */
};

3285
src/stub/i386-linux.elf.shell-entry.h
View File

File diff suppressed because it is too large Load Diff

8
src/stub/i386-linux.elf.shell-fold.h
View File

@ -28,8 +28,8 @@
#define LINUX_I386SH_FOLD_SIZE 1194
#define LINUX_I386SH_FOLD_ADLER32 0x63b3f90a
#define LINUX_I386SH_FOLD_CRC32 0xe2bc019d
#define LINUX_I386SH_FOLD_ADLER32 0xbb9cf7de
#define LINUX_I386SH_FOLD_CRC32 0xd5a101a8
unsigned char linux_i386sh_fold[1194] = {
127, 69, 76, 70, 1, 1, 1, 0, 76,105,110,117,120, 0, 0, 0, /* 0x 0 */
@ -42,8 +42,8 @@ unsigned char linux_i386sh_fold[1194] = {
0, 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 70 */
137,230,129,236, 80, 1, 0, 0,137,231,173,171,133,192,117,250, /* 0x 80 */
173,171,133,192,117,250, 87, 64,106, 82, 89,243,171, 72,171,171, /* 0x 90 */
95,173,133,192,145,173,116, 15,131,249, 42,115,244,137, 76,207, /* 0x a0 */
248,137, 68,207,252,235,234,129,236, 0, 10, 0, 0,147,139, 10, /* 0x b0 */
95,173,133,192,145,173,116, 15,131,249, 42,115,244,137, 76, 57, /* 0x a0 */
248,137, 68, 57,252,235,234,129,236, 0, 10, 0, 0,147,139, 10, /* 0x b0 */
139, 90, 4,137,198, 96,232,123, 2, 0, 0, 89, 80, 97,129,196, /* 0x c0 */
0, 10, 0, 0, 89, 90, 82, 65, 86,131,238, 3,102,199, 6, 45, /* 0x d0 */
99, 65, 86, 65, 82, 81, 87,141,188, 36, 0,245,255,255, 96,137, /* 0x e0 */

3170
src/stub/i386-linux.kernel.vmlinux.h
View File

File diff suppressed because it is too large Load Diff

3350
src/stub/i386-linux.kernel.vmlinuz.h
View File

File diff suppressed because it is too large Load Diff

4170
src/stub/i386-win32.pe.h
View File

File diff suppressed because it is too large Load Diff

158
src/stub/src/arch/i386/lzma_d_2.ash Normal file
View File

@ -0,0 +1,158 @@
/*
; lzma_d.ash -- 32-bit assembly
;
; This file is part of the UPX executable compressor.
;
; Copyright (C) 2006-2006 Markus Franz Xaver Johannes Oberhumer
; All Rights Reserved.
;
; UPX and the UCL library are free software; you can redistribute them
; and/or modify them under the terms of the GNU General Public License as
; published by the Free Software Foundation; either version 2 of
; the License, or (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program; see the file COPYING.
; If not, write to the Free Software Foundation, Inc.,
; 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
;
; Markus F.X.J. Oberhumer
; <markus@oberhumer.com>
; http://www.oberhumer.com/opensource/upx/
;
; ------------- DECOMPRESSION -------------
; Input:
; esi - source
; edi - dest
; cld
; Output:
; eax - 0
; ecx - 0
*/
// CPU 386
//
// init
section LZMA_DEC00
// ebx = alloca('UPXa');
mov ebp, esp // save stack
lea ebx, [esp + UPXa]
xor eax, eax
.clearstack1:
push eax
cmp esp, ebx
jnz .clearstack1
inc esi // skip 2 bytes for properties
inc esi
push ebx // &outSizeProcessed
push UPXb // outSize
push edi // out
add ebx, 4
push ebx // &inSizeProcessed
push UPXc // inSize
push esi // in
add ebx, 4
push ebx // &CLzmaDecoderState
push eax // dummy for call
// hardwired LzmaDecodeProperties()
mov dword ptr [ebx], offset UPXd // lc, lp, pb, dummy
section LZMA_ELF00
#define LZMA_BASE_SIZE 1846
#define LZMA_LIT_SIZE 768
#ifndef O_OUTS // ELF defines them, others do not care
#define O_OUTS 0
#define O_INS 0
#endif
mov ebp, esp // save stack
mov edx,[O_INS + ebp] // inSize
lodsb // first byte, replaces LzmaDecodeProperties()
dec edx
mov cl,al // cl= ((lit_context_bits + lit_pos_bits)<<3) | pos_bits
and al,7 // al= pos_bits
shr cl,3 // cl= lit_context_bits + lit_pos_bits
mov ebx, -LZMA_LIT_SIZE
shl ebx,cl
// inSizeProcessed, outSizeProcessed, *_bits, CLzmaDecoderState
lea ebx,[0 -(2*4 +4) - 2*LZMA_BASE_SIZE + 2*ebx + esp]
and ebx, (~0<<5) // 32-byte align
.elf_clearstack1:
push 0
cmp esp,ebx
jne .elf_clearstack1
push ebx // &outSizeProcessed
add ebx, 4
mov ecx,[O_OUTS + ebp] // &outSize
push dword [ecx] // outSize
push edi // out
push ebx // &inSizeProcessed
add ebx, 4
mov [2+ ebx],al // store pos_bits
lodsb // second byte, replaces LzmaDecodeProperties()
dec edx
mov cl,al // cl= (lit_pos_bits<<4) | lit_context_bits
and al,0xf
mov [ ebx],al // store lit_context_bits
shr cl,4
mov [1+ ebx],cl // store lit_pos_bits
push edx // inSize -2
push esi // in
push ebx // &CLzmaDecoderState
push eax // return address slot (dummy CALL)
section LZMA_DEC10
#include "lzma_d_cs_2.ash"
section LZMA_DEC20
#include "lzma_d_cf_2.ash"
//
// cleanup
section LZMA_DEC30
add esi, [ebx - 4] // inSizeProcessed
add edi, [ebx - 8] // outSizeProcessed
xor eax, eax
lea ecx, [esp - 256]
mov esp, ebp // restore stack
.clearstack2:
push eax
cmp esp, ecx
jnz .clearstack2
mov esp, ebp // restore stack
xor ecx, ecx
// vi:ts=8:et

169
src/stub/src/arch/i386/lzma_d_cf_2.ash Normal file
View File

@ -0,0 +1,169 @@
db 85, 87, 86, 83,131,236,124,139,148, 36,144, 0, 0, 0,199, 68 // 0x0000
db 36,116, 0, 0, 0, 0,198, 68, 36,115, 0,139,172, 36,156, 0 // 0x0010
db 0, 0,141, 66, 4,137, 68, 36,120,184, 1, 0, 0, 0, 15,182 // 0x0020
db 74, 2,137,195,211,227,137,217, 73,137, 76, 36,108, 15,182, 74 // 0x0030
db 1,211,224, 72,137, 68, 36,104,139,132, 36,168, 0, 0, 0, 15 // 0x0040
db 182, 50,199, 69, 0, 0, 0, 0, 0,199, 68, 36, 96, 0, 0, 0 // 0x0050
db 0,199, 0, 0, 0, 0, 0,184, 0, 3, 0, 0,137,116, 36,100 // 0x0060
db 199, 68, 36, 92, 1, 0, 0, 0,199, 68, 36, 88, 1, 0, 0, 0 // 0x0070
db 199, 68, 36, 84, 1, 0, 0, 0,199, 68, 36, 80, 1, 0, 0, 0 // 0x0080
db 15,182, 74, 1, 1,241,211,224,141,136, 54, 7, 0, 0, 57, 76 // 0x0090
db 36,116,115, 14,139, 68, 36,120,102,199, 0, 0, 4,131,192, 2 // 0x00a0
db 226,246,139,156, 36,148, 0, 0, 0, 49,255,199, 68, 36, 72,255 // 0x00b0
db 255,255,255,137,218, 3,148, 36,152, 0, 0, 0,137, 84, 36, 76 // 0x00c0
db 49,210, 59, 92, 36, 76, 15,132,124, 9, 0, 0, 15,182, 3,193 // 0x00d0
db 231, 8, 66, 67, 9,199,131,250, 4,126,231,139,140, 36,164, 0 // 0x00e0
db 0, 0, 57, 76, 36,116, 15,131,100, 9, 0, 0,139,116, 36,116 // 0x00f0
db 35,116, 36,108,139, 68, 36, 96,139, 84, 36,120,193,224, 4,137 // 0x0100
db 116, 36, 68, 1,240,129,124, 36, 72,255,255,255, 0,141, 44, 66 // 0x0110
db 119, 24, 59, 92, 36, 76, 15,132, 44, 9, 0, 0,193,100, 36, 72 // 0x0120
db 8, 15,182, 3,193,231, 8, 67, 9,199,139, 68, 36, 72,102,139 // 0x0130
db 85, 0,193,232, 11, 15,183,202, 15,175,193, 57,199, 15,131,221 // 0x0140
db 1, 0, 0,137, 68, 36, 72,184, 0, 8, 0, 0, 41,200,138, 76 // 0x0150
db 36,100,193,248, 5,190, 1, 0, 0, 0,141, 4, 2, 15,182, 84 // 0x0160
db 36,115,102,137, 69, 0,139, 68, 36,116, 35, 68, 36,104,139,108 // 0x0170
db 36,120,211,224,185, 8, 0, 0, 0, 43, 76, 36,100,211,250, 1 // 0x0180
db 208,105,192, 0, 6, 0, 0,131,124, 36, 96, 6,141,132, 5,108 // 0x0190
db 14, 0, 0,137, 68, 36, 20, 15,142,202, 0, 0, 0,139, 68, 36 // 0x01a0
db 116, 43, 68, 36, 92,139,148, 36,160, 0, 0, 0, 15,182, 4, 2 // 0x01b0
db 137, 68, 36, 64,209,100, 36, 64,139, 76, 36, 64,141, 20, 54,139 // 0x01c0
db 108, 36, 20,129,225, 0, 1, 0, 0,129,124, 36, 72,255,255,255 // 0x01d0
db 0,141, 68, 77, 0,137, 76, 36, 60,141, 44, 16,119, 24, 59, 92 // 0x01e0
db 36, 76, 15,132, 96, 8, 0, 0,193,100, 36, 72, 8, 15,182, 3 // 0x01f0
db 193,231, 8, 67, 9,199,139, 68, 36, 72,102,139,141, 0, 2, 0 // 0x0200
db 0,193,232, 11, 15,183,241, 15,175,198, 57,199,115, 35,137, 68 // 0x0210
db 36, 72,184, 0, 8, 0, 0, 41,240,137,214,193,248, 5,131,124 // 0x0220
db 36, 60, 0,141, 4, 1,102,137,133, 0, 2, 0, 0,116, 34,235 // 0x0230
db 46, 41, 68, 36, 72, 41,199,137,200,141,114, 1,102,193,232, 5 // 0x0240
db 102, 41,193,131,124, 36, 60, 0,102,137,141, 0, 2, 0, 0,116 // 0x0250
db 14,129,254,255, 0, 0, 0, 15,142, 87,255,255,255,235,121,129 // 0x0260
db 254,255, 0, 0, 0,127,113,141, 20, 54,139,108, 36, 20, 1,213 // 0x0270
db 129,124, 36, 72,255,255,255, 0,119, 24, 59, 92, 36, 76, 15,132 // 0x0280
db 196, 7, 0, 0,193,100, 36, 72, 8, 15,182, 3,193,231, 8, 67 // 0x0290
db 9,199,139, 68, 36, 72,102,139, 77, 0,193,232, 11, 15,183,241 // 0x02a0
db 15,175,198, 57,199,115, 25,137, 68, 36, 72,184, 0, 8, 0, 0 // 0x02b0
db 41,240,137,214,193,248, 5,141, 4, 1,102,137, 69, 0,235,159 // 0x02c0
db 41, 68, 36, 72, 41,199,137,200,141,114, 1,102,193,232, 5,102 // 0x02d0
db 41,193,102,137, 77, 0,235,135,139, 84, 36,116,137,240,139,140 // 0x02e0
db 36,160, 0, 0, 0,136, 68, 36,115,136, 4, 10, 66,131,124, 36 // 0x02f0
db 96, 3,137, 84, 36,116,127, 13,199, 68, 36, 96, 0, 0, 0, 0 // 0x0300
db 233, 27, 7, 0, 0,131,124, 36, 96, 9,127, 10,131,108, 36, 96 // 0x0310
db 3,233, 10, 7, 0, 0,131,108, 36, 96, 6,233, 0, 7, 0, 0 // 0x0320
db 139, 76, 36, 72, 41,199,139,116, 36, 96, 41,193,137,208,102,193 // 0x0330
db 232, 5,102, 41,194,129,249,255,255,255, 0,102,137, 85, 0,139 // 0x0340
db 108, 36,120,141,116,117, 0,137,116, 36, 56,119, 22, 59, 92, 36 // 0x0350
db 76, 15,132,241, 6, 0, 0, 15,182, 3,193,231, 8,193,225, 8 // 0x0360
db 67, 9,199,139,108, 36, 56,137,200,193,232, 11,102,139,149,128 // 0x0370
db 1, 0, 0, 15,183,234, 15,175,197, 57,199,115, 82,137,198,184 // 0x0380
db 0, 8, 0, 0, 41,232,139,108, 36, 88,193,248, 5,139, 76, 36 // 0x0390
db 84,141, 4, 2,139, 84, 36, 56,137, 76, 36, 80,139, 76, 36,120 // 0x03a0
db 102,137,130,128, 1, 0, 0,139, 68, 36, 92,137,108, 36, 84,137 // 0x03b0
db 68, 36, 88, 49,192,131,124, 36, 96, 6, 15,159,192,129,193,100 // 0x03c0
db 6, 0, 0,141, 4, 64,137, 68, 36, 96,233,116, 2, 0, 0,137 // 0x03d0
db 206, 41,199, 41,198,137,208,102,193,232, 5,139, 76, 36, 56,102 // 0x03e0
db 41,194,129,254,255,255,255, 0,102,137,145,128, 1, 0, 0,119 // 0x03f0
db 22, 59, 92, 36, 76, 15,132, 77, 6, 0, 0, 15,182, 3,193,231 // 0x0400
db 8,193,230, 8, 67, 9,199,139,108, 36, 56,137,242,193,234, 11 // 0x0410
db 102,139,141,152, 1, 0, 0, 15,183,193, 15,175,208, 57,215, 15 // 0x0420
db 131,227, 0, 0, 0,189, 0, 8, 0, 0,137,214, 41,197,199, 68 // 0x0430
db 36, 52, 0, 8, 0, 0,137,232,193,248, 5,141, 4, 1,139, 76 // 0x0440
db 36, 56,102,137,129,152, 1, 0, 0,139, 68, 36, 96,139, 76, 36 // 0x0450
db 68,193,224, 5, 3, 68, 36,120,129,250,255,255,255, 0,141, 44 // 0x0460
db 72,119, 22, 59, 92, 36, 76, 15,132,219, 5, 0, 0, 15,182, 3 // 0x0470
db 193,231, 8,193,230, 8, 67, 9,199,102,139,149,224, 1, 0, 0 // 0x0480
db 137,240,193,232, 11, 15,183,202, 15,175,193, 57,199,115, 96, 41 // 0x0490
db 76, 36, 52,193,124, 36, 52, 5,139,116, 36, 52,137, 68, 36, 72 // 0x04a0
db 131,124, 36,116, 0,141, 4, 50,102,137,133,224, 1, 0, 0, 15 // 0x04b0
db 132,147, 5, 0, 0, 49,192,131,124, 36, 96, 6,139,172, 36,160 // 0x04c0
db 0, 0, 0,139, 84, 36,116, 15,159,192,141, 68, 0, 9,137, 68 // 0x04d0
db 36, 96,139, 68, 36,116, 43, 68, 36, 92,138, 68, 5, 0,136, 68 // 0x04e0
db 36,115,136, 4, 42, 66,137, 84, 36,116,233, 49, 5, 0, 0, 41 // 0x04f0
db 198, 41,199,137,208,102,193,232, 5,102, 41,194,102,137,149,224 // 0x0500
db 1, 0, 0,233, 31, 1, 0, 0,137,200, 41,214,102,193,232, 5 // 0x0510
db 139,108, 36, 56,102, 41,193, 41,215,129,254,255,255,255, 0,102 // 0x0520
db 137,141,152, 1, 0, 0,119, 22, 59, 92, 36, 76, 15,132, 22, 5 // 0x0530
db 0, 0, 15,182, 3,193,231, 8,193,230, 8, 67, 9,199,139, 76 // 0x0540
db 36, 56,137,240,193,232, 11,102,139,145,176, 1, 0, 0, 15,183 // 0x0550
db 202, 15,175,193, 57,199,115, 35,137,198,184, 0, 8, 0, 0, 41 // 0x0560
db 200,139,108, 36, 56,193,248, 5,141, 4, 2,102,137,133,176, 1 // 0x0570
db 0, 0,139, 68, 36, 88,233,160, 0, 0, 0,137,241, 41,199, 41 // 0x0580
db 193,137,208,102,193,232, 5,102, 41,194,139, 68, 36, 56,129,249 // 0x0590
db 255,255,255, 0,102,137,144,176, 1, 0, 0,119, 22, 59, 92, 36 // 0x05a0
db 76, 15,132,161, 4, 0, 0, 15,182, 3,193,231, 8,193,225, 8 // 0x05b0
db 67, 9,199,139,116, 36, 56,137,200,193,232, 11,102,139,150,200 // 0x05c0
db 1, 0, 0, 15,183,234, 15,175,197, 57,199,115, 32,137,198,184 // 0x05d0
db 0, 8, 0, 0, 41,232,139,108, 36, 56,193,248, 5,141, 4, 2 // 0x05e0
db 102,137,133,200, 1, 0, 0,139, 68, 36, 84,235, 38,137,206, 41 // 0x05f0
db 199, 41,198,137,208,102,193,232, 5,102, 41,194,139, 68, 36, 56 // 0x0600
db 102,137,144,200, 1, 0, 0,139, 84, 36, 84,139, 68, 36, 80,137 // 0x0610
db 84, 36, 80,139, 76, 36, 88,137, 76, 36, 84,139,108, 36, 92,137 // 0x0620
db 68, 36, 92,137,108, 36, 88, 49,192,131,124, 36, 96, 6,139, 76 // 0x0630
db 36,120, 15,159,192,129,193,104, 10, 0, 0,141, 68, 64, 8,137 // 0x0640
db 68, 36, 96,129,254,255,255,255, 0,119, 22, 59, 92, 36, 76, 15 // 0x0650
db 132,243, 3, 0, 0, 15,182, 3,193,231, 8,193,230, 8, 67, 9 // 0x0660
db 199,102,139, 17,137,240,193,232, 11, 15,183,234, 15,175,197, 57 // 0x0670
db 199,115, 47,137, 68, 36, 72,184, 0, 8, 0, 0, 41,232,193,100 // 0x0680
db 36, 68, 4,193,248, 5,199, 68, 36, 44, 0, 0, 0, 0,141, 4 // 0x0690
db 2,102,137, 1,139, 68, 36, 68,141, 76, 1, 4,137, 76, 36, 16 // 0x06a0
db 235,114, 41,198, 41,199,137,208,102,193,232, 5,102, 41,194,129 // 0x06b0
db 254,255,255,255, 0,102,137, 17,119, 22, 59, 92, 36, 76, 15,132 // 0x06c0
db 132, 3, 0, 0, 15,182, 3,193,231, 8,193,230, 8, 67, 9,199 // 0x06d0
db 102,139, 81, 2,137,240,193,232, 11, 15,183,234, 15,175,197, 57 // 0x06e0
db 199,115, 59,137, 68, 36, 72,184, 0, 8, 0, 0, 41,232,193,100 // 0x06f0
db 36, 68, 4,193,248, 5,199, 68, 36, 44, 8, 0, 0, 0,141, 4 // 0x0700
db 2,139, 84, 36, 68,102,137, 65, 2,141,140, 17, 4, 1, 0, 0 // 0x0710
db 137, 76, 36, 16,199, 68, 36, 48, 3, 0, 0, 0,235, 47, 41,198 // 0x0720
db 41,199,137,208,137,116, 36, 72,102,193,232, 5,199, 68, 36, 44 // 0x0730
db 16, 0, 0, 0,102, 41,194,199, 68, 36, 48, 8, 0, 0, 0,102 // 0x0740
db 137, 81, 2,129,193, 4, 2, 0, 0,137, 76, 36, 16,139, 76, 36 // 0x0750
db 48,186, 1, 0, 0, 0,137, 76, 36, 40,141, 44, 18,139,116, 36 // 0x0760
db 16, 1,238,129,124, 36, 72,255,255,255, 0,119, 24, 59, 92, 36 // 0x0770
db 76, 15,132,209, 2, 0, 0,193,100, 36, 72, 8, 15,182, 3,193 // 0x0780
db 231, 8, 67, 9,199,139, 68, 36, 72,102,139, 22,193,232, 11, 15 // 0x0790
db 183,202, 15,175,193, 57,199,115, 24,137, 68, 36, 72,184, 0, 8 // 0x07a0
db 0, 0, 41,200,193,248, 5,141, 4, 2,137,234,102,137, 6,235 // 0x07b0
db 21, 41, 68, 36, 72, 41,199,137,208,102,193,232, 5,102, 41,194 // 0x07c0
db 102,137, 22,141, 85, 1,139,116, 36, 40, 78,137,116, 36, 40,117 // 0x07d0
db 137,138, 76, 36, 48,184, 1, 0, 0, 0,211,224, 41,194, 3, 84 // 0x07e0
db 36, 44,131,124, 36, 96, 3,137, 84, 36, 12, 15,143,231, 1, 0 // 0x07f0
db 0,131, 68, 36, 96, 7,131,250, 3,137,208,126, 5,184, 3, 0 // 0x0800
db 0, 0,139,116, 36,120,193,224, 7,199, 68, 36, 36, 6, 0, 0 // 0x0810
db 0,141,132, 6, 96, 3, 0, 0,137, 68, 36, 8,184, 1, 0, 0 // 0x0820
db 0,141, 44, 0,139,116, 36, 8, 1,238,129,124, 36, 72,255,255 // 0x0830
db 255, 0,119, 24, 59, 92, 36, 76, 15,132, 10, 2, 0, 0,193,100 // 0x0840
db 36, 72, 8, 15,182, 3,193,231, 8, 67, 9,199,139, 68, 36, 72 // 0x0850
db 102,139, 22,193,232, 11, 15,183,202, 15,175,193, 57,199,115, 24 // 0x0860
db 137, 68, 36, 72,184, 0, 8, 0, 0, 41,200,193,248, 5,141, 4 // 0x0870
db 2,102,137, 6,137,232,235, 21, 41, 68, 36, 72, 41,199,137,208 // 0x0880
db 102,193,232, 5,102, 41,194,141, 69, 1,102,137, 22,139,108, 36 // 0x0890
db 36, 77,137,108, 36, 36,117,137,141, 80,192,131,250, 3,137, 20 // 0x08a0
db 36, 15,142, 39, 1, 0, 0,137,208,137,214,209,248,131,230, 1 // 0x08b0
db 141, 72,255,131,206, 2,131,250, 13,137, 76, 36, 32,127, 28,139 // 0x08c0
db 108, 36,120,211,230, 1,210,137, 52, 36,141, 68,117, 0, 41,208 // 0x08d0
db 5, 94, 5, 0, 0,137, 68, 36, 4,235, 86,141, 80,251,129,124 // 0x08e0
db 36, 72,255,255,255, 0,119, 24, 59, 92, 36, 76, 15,132, 86, 1 // 0x08f0
db 0, 0,193,100, 36, 72, 8, 15,182, 3,193,231, 8, 67, 9,199 // 0x0900
db 209,108, 36, 72, 1,246, 59,124, 36, 72,114, 7, 43,124, 36, 72 // 0x0910
db 131,206, 1, 74,117,200,139, 68, 36,120,193,230, 4,137, 52, 36 // 0x0920
db 5, 68, 6, 0, 0,199, 68, 36, 32, 4, 0, 0, 0,137, 68, 36 // 0x0930
db 4,199, 68, 36, 28, 1, 0, 0, 0,184, 1, 0, 0, 0,139,108 // 0x0940
db 36, 4, 1,192,137, 68, 36, 24, 1,197,129,124, 36, 72,255,255 // 0x0950
db 255, 0,119, 24, 59, 92, 36, 76, 15,132,234, 0, 0, 0,193,100 // 0x0960
db 36, 72, 8, 15,182, 3,193,231, 8, 67, 9,199,139, 68, 36, 72 // 0x0970
db 102,139, 85, 0,193,232, 11, 15,183,242, 15,175,198, 57,199,115 // 0x0980
db 27,137, 68, 36, 72,184, 0, 8, 0, 0, 41,240,193,248, 5,141 // 0x0990
db 4, 2,102,137, 69, 0,139, 68, 36, 24,235, 31, 41, 68, 36, 72 // 0x09a0
db 41,199,137,208,102,193,232, 5,102, 41,194,139, 68, 36, 24,102 // 0x09b0
db 137, 85, 0,139, 84, 36, 28, 64, 9, 20, 36,139, 76, 36, 32,209 // 0x09c0
db 100, 36, 28, 73,137, 76, 36, 32, 15,133,112,255,255,255,139, 52 // 0x09d0
db 36, 70,137,116, 36, 92,116, 89,139, 76, 36, 12,139,108, 36,116 // 0x09e0
db 131,193, 2, 57,108, 36, 92,119, 95,139,132, 36,160, 0, 0, 0 // 0x09f0
db 137,234, 43, 68, 36, 92, 3,148, 36,160, 0, 0, 0,141, 52, 40 // 0x0a00
db 138, 6, 70,136, 68, 36,115,136, 2, 66,255, 68, 36,116, 73,116 // 0x0a10
db 15,139,172, 36,164, 0, 0, 0, 57,108, 36,116,114,226,235, 17 // 0x0a20
db 139,132, 36,164, 0, 0, 0, 57, 68, 36,116, 15,130,187,246,255 // 0x0a30
db 255,129,124, 36, 72,255,255,255, 0,119, 21, 59, 92, 36, 76,184 // 0x0a40
db 1, 0, 0, 0,116, 41,235, 7,184, 1, 0, 0, 0,235, 32, 67 // 0x0a50
db 43,156, 36,148, 0, 0, 0, 49,192,139,148, 36,156, 0, 0, 0 // 0x0a60
db 139, 76, 36,116,137, 26,139,156, 36,168, 0, 0, 0,137, 11,131 // 0x0a70
db 196,124, 91, 94, 95, 93 // 0x0a80

169
src/stub/src/arch/i386/lzma_d_cs_2.ash Normal file
View File

@ -0,0 +1,169 @@
db 85, 87, 86, 83,131,236,124,139,148, 36,144, 0, 0, 0,199, 68 // 0x0000
db 36,116, 0, 0, 0, 0,198, 68, 36,115, 0,139,172, 36,156, 0 // 0x0010
db 0, 0,141, 66, 4,137, 68, 36,120,184, 1, 0, 0, 0, 15,182 // 0x0020
db 74, 2,137,195,211,227,137,217, 73,137, 76, 36,108, 15,182, 74 // 0x0030
db 1,211,224, 72,137, 68, 36,104,139,132, 36,168, 0, 0, 0, 15 // 0x0040
db 182, 50,199, 69, 0, 0, 0, 0, 0,199, 68, 36, 96, 0, 0, 0 // 0x0050
db 0,199, 0, 0, 0, 0, 0,184, 0, 3, 0, 0,137,116, 36,100 // 0x0060
db 199, 68, 36, 92, 1, 0, 0, 0,199, 68, 36, 88, 1, 0, 0, 0 // 0x0070
db 199, 68, 36, 84, 1, 0, 0, 0,199, 68, 36, 80, 1, 0, 0, 0 // 0x0080
db 15,182, 74, 1, 1,241,211,224,141,136, 54, 7, 0, 0, 57, 76 // 0x0090
db 36,116,115, 14,139, 68, 36,120,102,199, 0, 0, 4,131,192, 2 // 0x00a0
db 226,246,139,156, 36,148, 0, 0, 0, 49,255,199, 68, 36, 72,255 // 0x00b0
db 255,255,255,137,218, 3,148, 36,152, 0, 0, 0,137, 84, 36, 76 // 0x00c0
db 49,210, 59, 92, 36, 76, 15,132,124, 9, 0, 0, 15,182, 3,193 // 0x00d0
db 231, 8, 66, 67, 9,199,131,250, 4,126,231,139,140, 36,164, 0 // 0x00e0
db 0, 0, 57, 76, 36,116, 15,131,100, 9, 0, 0,139,116, 36,116 // 0x00f0
db 35,116, 36,108,139, 68, 36, 96,139, 84, 36,120,193,224, 4,137 // 0x0100
db 116, 36, 68, 1,240,129,124, 36, 72,255,255,255, 0,141, 44, 66 // 0x0110
db 119, 24, 59, 92, 36, 76, 15,132, 44, 9, 0, 0,193,100, 36, 72 // 0x0120
db 8, 15,182, 3,193,231, 8, 67, 9,199,139, 68, 36, 72,102,139 // 0x0130
db 85, 0,193,232, 11, 15,183,202, 15,175,193, 57,199, 15,131,221 // 0x0140
db 1, 0, 0,137, 68, 36, 72,184, 0, 8, 0, 0, 41,200,138, 76 // 0x0150
db 36,100,193,248, 5,190, 1, 0, 0, 0,141, 4, 2, 15,182, 84 // 0x0160
db 36,115,102,137, 69, 0,139, 68, 36,116, 35, 68, 36,104,139,108 // 0x0170
db 36,120,211,224,185, 8, 0, 0, 0, 43, 76, 36,100,211,250, 1 // 0x0180
db 208,105,192, 0, 6, 0, 0,131,124, 36, 96, 6,141,132, 5,108 // 0x0190
db 14, 0, 0,137, 68, 36, 20, 15,142,202, 0, 0, 0,139, 68, 36 // 0x01a0
db 116, 43, 68, 36, 92,139,148, 36,160, 0, 0, 0, 15,182, 4, 2 // 0x01b0
db 137, 68, 36, 64,209,100, 36, 64,139, 76, 36, 64,141, 20, 54,139 // 0x01c0
db 108, 36, 20,129,225, 0, 1, 0, 0,129,124, 36, 72,255,255,255 // 0x01d0
db 0,141, 68, 77, 0,137, 76, 36, 60,141, 44, 16,119, 24, 59, 92 // 0x01e0
db 36, 76, 15,132, 96, 8, 0, 0,193,100, 36, 72, 8, 15,182, 3 // 0x01f0
db 193,231, 8, 67, 9,199,139, 68, 36, 72,102,139,141, 0, 2, 0 // 0x0200
db 0,193,232, 11, 15,183,241, 15,175,198, 57,199,115, 35,137, 68 // 0x0210
db 36, 72,184, 0, 8, 0, 0, 41,240,137,214,193,248, 5,131,124 // 0x0220
db 36, 60, 0,141, 4, 1,102,137,133, 0, 2, 0, 0,116, 34,235 // 0x0230
db 46, 41, 68, 36, 72, 41,199,137,200,141,114, 1,102,193,232, 5 // 0x0240
db 102, 41,193,131,124, 36, 60, 0,102,137,141, 0, 2, 0, 0,116 // 0x0250
db 14,129,254,255, 0, 0, 0, 15,142, 87,255,255,255,235,121,129 // 0x0260
db 254,255, 0, 0, 0,127,113,141, 20, 54,139,108, 36, 20, 1,213 // 0x0270
db 129,124, 36, 72,255,255,255, 0,119, 24, 59, 92, 36, 76, 15,132 // 0x0280
db 196, 7, 0, 0,193,100, 36, 72, 8, 15,182, 3,193,231, 8, 67 // 0x0290
db 9,199,139, 68, 36, 72,102,139, 77, 0,193,232, 11, 15,183,241 // 0x02a0
db 15,175,198, 57,199,115, 25,137, 68, 36, 72,184, 0, 8, 0, 0 // 0x02b0
db 41,240,137,214,193,248, 5,141, 4, 1,102,137, 69, 0,235,159 // 0x02c0
db 41, 68, 36, 72, 41,199,137,200,141,114, 1,102,193,232, 5,102 // 0x02d0
db 41,193,102,137, 77, 0,235,135,139, 84, 36,116,137,240,139,140 // 0x02e0
db 36,160, 0, 0, 0,136, 68, 36,115,136, 4, 10, 66,131,124, 36 // 0x02f0
db 96, 3,137, 84, 36,116,127, 13,199, 68, 36, 96, 0, 0, 0, 0 // 0x0300
db 233, 27, 7, 0, 0,131,124, 36, 96, 9,127, 10,131,108, 36, 96 // 0x0310
db 3,233, 10, 7, 0, 0,131,108, 36, 96, 6,233, 0, 7, 0, 0 // 0x0320
db 139, 76, 36, 72, 41,199,139,116, 36, 96, 41,193,137,208,102,193 // 0x0330
db 232, 5,102, 41,194,129,249,255,255,255, 0,102,137, 85, 0,139 // 0x0340
db 108, 36,120,141,116,117, 0,137,116, 36, 56,119, 22, 59, 92, 36 // 0x0350
db 76, 15,132,241, 6, 0, 0, 15,182, 3,193,231, 8,193,225, 8 // 0x0360
db 67, 9,199,139,108, 36, 56,137,200,193,232, 11,102,139,149,128 // 0x0370
db 1, 0, 0, 15,183,234, 15,175,197, 57,199,115, 82,137,198,184 // 0x0380
db 0, 8, 0, 0, 41,232,139,108, 36, 88,193,248, 5,139, 76, 36 // 0x0390
db 84,141, 4, 2,139, 84, 36, 56,137, 76, 36, 80,139, 76, 36,120 // 0x03a0
db 102,137,130,128, 1, 0, 0,139, 68, 36, 92,137,108, 36, 84,137 // 0x03b0
db 68, 36, 88, 49,192,131,124, 36, 96, 6, 15,159,192,129,193,100 // 0x03c0
db 6, 0, 0,141, 4, 64,137, 68, 36, 96,233,116, 2, 0, 0,137 // 0x03d0
db 206, 41,199, 41,198,137,208,102,193,232, 5,139, 76, 36, 56,102 // 0x03e0
db 41,194,129,254,255,255,255, 0,102,137,145,128, 1, 0, 0,119 // 0x03f0
db 22, 59, 92, 36, 76, 15,132, 77, 6, 0, 0, 15,182, 3,193,231 // 0x0400
db 8,193,230, 8, 67, 9,199,139,108, 36, 56,137,242,193,234, 11 // 0x0410
db 102,139,141,152, 1, 0, 0, 15,183,193, 15,175,208, 57,215, 15 // 0x0420
db 131,227, 0, 0, 0,189, 0, 8, 0, 0,137,214, 41,197,199, 68 // 0x0430
db 36, 52, 0, 8, 0, 0,137,232,193,248, 5,141, 4, 1,139, 76 // 0x0440
db 36, 56,102,137,129,152, 1, 0, 0,139, 68, 36, 96,139, 76, 36 // 0x0450
db 68,193,224, 5, 3, 68, 36,120,129,250,255,255,255, 0,141, 44 // 0x0460
db 72,119, 22, 59, 92, 36, 76, 15,132,219, 5, 0, 0, 15,182, 3 // 0x0470
db 193,231, 8,193,230, 8, 67, 9,199,102,139,149,224, 1, 0, 0 // 0x0480
db 137,240,193,232, 11, 15,183,202, 15,175,193, 57,199,115, 96, 41 // 0x0490
db 76, 36, 52,193,124, 36, 52, 5,139,116, 36, 52,137, 68, 36, 72 // 0x04a0
db 131,124, 36,116, 0,141, 4, 50,102,137,133,224, 1, 0, 0, 15 // 0x04b0
db 132,147, 5, 0, 0, 49,192,131,124, 36, 96, 6,139,172, 36,160 // 0x04c0
db 0, 0, 0,139, 84, 36,116, 15,159,192,141, 68, 0, 9,137, 68 // 0x04d0
db 36, 96,139, 68, 36,116, 43, 68, 36, 92,138, 68, 5, 0,136, 68 // 0x04e0
db 36,115,136, 4, 42, 66,137, 84, 36,116,233, 49, 5, 0, 0, 41 // 0x04f0
db 198, 41,199,137,208,102,193,232, 5,102, 41,194,102,137,149,224 // 0x0500
db 1, 0, 0,233, 31, 1, 0, 0,137,200, 41,214,102,193,232, 5 // 0x0510
db 139,108, 36, 56,102, 41,193, 41,215,129,254,255,255,255, 0,102 // 0x0520
db 137,141,152, 1, 0, 0,119, 22, 59, 92, 36, 76, 15,132, 22, 5 // 0x0530
db 0, 0, 15,182, 3,193,231, 8,193,230, 8, 67, 9,199,139, 76 // 0x0540
db 36, 56,137,240,193,232, 11,102,139,145,176, 1, 0, 0, 15,183 // 0x0550
db 202, 15,175,193, 57,199,115, 35,137,198,184, 0, 8, 0, 0, 41 // 0x0560
db 200,139,108, 36, 56,193,248, 5,141, 4, 2,102,137,133,176, 1 // 0x0570
db 0, 0,139, 68, 36, 88,233,160, 0, 0, 0,137,241, 41,199, 41 // 0x0580
db 193,137,208,102,193,232, 5,102, 41,194,139, 68, 36, 56,129,249 // 0x0590
db 255,255,255, 0,102,137,144,176, 1, 0, 0,119, 22, 59, 92, 36 // 0x05a0
db 76, 15,132,161, 4, 0, 0, 15,182, 3,193,231, 8,193,225, 8 // 0x05b0
db 67, 9,199,139,116, 36, 56,137,200,193,232, 11,102,139,150,200 // 0x05c0
db 1, 0, 0, 15,183,234, 15,175,197, 57,199,115, 32,137,198,184 // 0x05d0
db 0, 8, 0, 0, 41,232,139,108, 36, 56,193,248, 5,141, 4, 2 // 0x05e0
db 102,137,133,200, 1, 0, 0,139, 68, 36, 84,235, 38,137,206, 41 // 0x05f0
db 199, 41,198,137,208,102,193,232, 5,102, 41,194,139, 68, 36, 56 // 0x0600
db 102,137,144,200, 1, 0, 0,139, 84, 36, 84,139, 68, 36, 80,137 // 0x0610
db 84, 36, 80,139, 76, 36, 88,137, 76, 36, 84,139,108, 36, 92,137 // 0x0620
db 68, 36, 92,137,108, 36, 88, 49,192,131,124, 36, 96, 6,139, 76 // 0x0630
db 36,120, 15,159,192,129,193,104, 10, 0, 0,141, 68, 64, 8,137 // 0x0640
db 68, 36, 96,129,254,255,255,255, 0,119, 22, 59, 92, 36, 76, 15 // 0x0650
db 132,243, 3, 0, 0, 15,182, 3,193,231, 8,193,230, 8, 67, 9 // 0x0660
db 199,102,139, 17,137,240,193,232, 11, 15,183,234, 15,175,197, 57 // 0x0670
db 199,115, 47,137, 68, 36, 72,184, 0, 8, 0, 0, 41,232,193,100 // 0x0680
db 36, 68, 4,193,248, 5,199, 68, 36, 44, 0, 0, 0, 0,141, 4 // 0x0690
db 2,102,137, 1,139, 68, 36, 68,141, 76, 1, 4,137, 76, 36, 16 // 0x06a0
db 235,114, 41,198, 41,199,137,208,102,193,232, 5,102, 41,194,129 // 0x06b0
db 254,255,255,255, 0,102,137, 17,119, 22, 59, 92, 36, 76, 15,132 // 0x06c0
db 132, 3, 0, 0, 15,182, 3,193,231, 8,193,230, 8, 67, 9,199 // 0x06d0
db 102,139, 81, 2,137,240,193,232, 11, 15,183,234, 15,175,197, 57 // 0x06e0
db 199,115, 59,137, 68, 36, 72,184, 0, 8, 0, 0, 41,232,193,100 // 0x06f0
db 36, 68, 4,193,248, 5,199, 68, 36, 44, 8, 0, 0, 0,141, 4 // 0x0700
db 2,139, 84, 36, 68,102,137, 65, 2,141,140, 17, 4, 1, 0, 0 // 0x0710
db 137, 76, 36, 16,199, 68, 36, 48, 3, 0, 0, 0,235, 47, 41,198 // 0x0720
db 41,199,137,208,137,116, 36, 72,102,193,232, 5,199, 68, 36, 44 // 0x0730
db 16, 0, 0, 0,102, 41,194,199, 68, 36, 48, 8, 0, 0, 0,102 // 0x0740
db 137, 81, 2,129,193, 4, 2, 0, 0,137, 76, 36, 16,139, 76, 36 // 0x0750
db 48,186, 1, 0, 0, 0,137, 76, 36, 40,141, 44, 18,139,116, 36 // 0x0760
db 16, 1,238,129,124, 36, 72,255,255,255, 0,119, 24, 59, 92, 36 // 0x0770
db 76, 15,132,209, 2, 0, 0,193,100, 36, 72, 8, 15,182, 3,193 // 0x0780
db 231, 8, 67, 9,199,139, 68, 36, 72,102,139, 22,193,232, 11, 15 // 0x0790
db 183,202, 15,175,193, 57,199,115, 24,137, 68, 36, 72,184, 0, 8 // 0x07a0
db 0, 0, 41,200,193,248, 5,141, 4, 2,137,234,102,137, 6,235 // 0x07b0
db 21, 41, 68, 36, 72, 41,199,137,208,102,193,232, 5,102, 41,194 // 0x07c0
db 102,137, 22,141, 85, 1,139,116, 36, 40, 78,137,116, 36, 40,117 // 0x07d0
db 137,138, 76, 36, 48,184, 1, 0, 0, 0,211,224, 41,194, 3, 84 // 0x07e0
db 36, 44,131,124, 36, 96, 3,137, 84, 36, 12, 15,143,231, 1, 0 // 0x07f0
db 0,131, 68, 36, 96, 7,131,250, 3,137,208,126, 5,184, 3, 0 // 0x0800
db 0, 0,139,116, 36,120,193,224, 7,199, 68, 36, 36, 6, 0, 0 // 0x0810
db 0,141,132, 6, 96, 3, 0, 0,137, 68, 36, 8,184, 1, 0, 0 // 0x0820
db 0,141, 44, 0,139,116, 36, 8, 1,238,129,124, 36, 72,255,255 // 0x0830
db 255, 0,119, 24, 59, 92, 36, 76, 15,132, 10, 2, 0, 0,193,100 // 0x0840
db 36, 72, 8, 15,182, 3,193,231, 8, 67, 9,199,139, 68, 36, 72 // 0x0850
db 102,139, 22,193,232, 11, 15,183,202, 15,175,193, 57,199,115, 24 // 0x0860
db 137, 68, 36, 72,184, 0, 8, 0, 0, 41,200,193,248, 5,141, 4 // 0x0870
db 2,102,137, 6,137,232,235, 21, 41, 68, 36, 72, 41,199,137,208 // 0x0880
db 102,193,232, 5,102, 41,194,141, 69, 1,102,137, 22,139,108, 36 // 0x0890
db 36, 77,137,108, 36, 36,117,137,141, 80,192,131,250, 3,137, 20 // 0x08a0
db 36, 15,142, 39, 1, 0, 0,137,208,137,214,209,248,131,230, 1 // 0x08b0
db 141, 72,255,131,206, 2,131,250, 13,137, 76, 36, 32,127, 28,139 // 0x08c0
db 108, 36,120,211,230, 1,210,137, 52, 36,141, 68,117, 0, 41,208 // 0x08d0
db 5, 94, 5, 0, 0,137, 68, 36, 4,235, 86,141, 80,251,129,124 // 0x08e0
db 36, 72,255,255,255, 0,119, 24, 59, 92, 36, 76, 15,132, 86, 1 // 0x08f0
db 0, 0,193,100, 36, 72, 8, 15,182, 3,193,231, 8, 67, 9,199 // 0x0900
db 209,108, 36, 72, 1,246, 59,124, 36, 72,114, 7, 43,124, 36, 72 // 0x0910
db 131,206, 1, 74,117,200,139, 68, 36,120,193,230, 4,137, 52, 36 // 0x0920
db 5, 68, 6, 0, 0,199, 68, 36, 32, 4, 0, 0, 0,137, 68, 36 // 0x0930
db 4,199, 68, 36, 28, 1, 0, 0, 0,184, 1, 0, 0, 0,139,108 // 0x0940
db 36, 4, 1,192,137, 68, 36, 24, 1,197,129,124, 36, 72,255,255 // 0x0950
db 255, 0,119, 24, 59, 92, 36, 76, 15,132,234, 0, 0, 0,193,100 // 0x0960
db 36, 72, 8, 15,182, 3,193,231, 8, 67, 9,199,139, 68, 36, 72 // 0x0970
db 102,139, 85, 0,193,232, 11, 15,183,242, 15,175,198, 57,199,115 // 0x0980
db 27,137, 68, 36, 72,184, 0, 8, 0, 0, 41,240,193,248, 5,141 // 0x0990
db 4, 2,102,137, 69, 0,139, 68, 36, 24,235, 31, 41, 68, 36, 72 // 0x09a0
db 41,199,137,208,102,193,232, 5,102, 41,194,139, 68, 36, 24,102 // 0x09b0
db 137, 85, 0,139, 84, 36, 28, 64, 9, 20, 36,139, 76, 36, 32,209 // 0x09c0
db 100, 36, 28, 73,137, 76, 36, 32, 15,133,112,255,255,255,139, 52 // 0x09d0
db 36, 70,137,116, 36, 92,116, 89,139, 76, 36, 12,139,108, 36,116 // 0x09e0
db 131,193, 2, 57,108, 36, 92,119, 95,139,132, 36,160, 0, 0, 0 // 0x09f0
db 137,234, 43, 68, 36, 92, 3,148, 36,160, 0, 0, 0,141, 52, 40 // 0x0a00
db 138, 6, 70,136, 68, 36,115,136, 2, 66,255, 68, 36,116, 73,116 // 0x0a10
db 15,139,172, 36,164, 0, 0, 0, 57,108, 36,116,114,226,235, 17 // 0x0a20
db 139,132, 36,164, 0, 0, 0, 57, 68, 36,116, 15,130,187,246,255 // 0x0a30
db 255,129,124, 36, 72,255,255,255, 0,119, 21, 59, 92, 36, 76,184 // 0x0a40
db 1, 0, 0, 0,116, 41,235, 7,184, 1, 0, 0, 0,235, 32, 67 // 0x0a50
db 43,156, 36,148, 0, 0, 0, 49,192,139,148, 36,156, 0, 0, 0 // 0x0a60
db 139, 76, 36,116,137, 26,139,156, 36,168, 0, 0, 0,137, 11,131 // 0x0a70
db 196,124, 91, 94, 95, 93 // 0x0a80

192
src/stub/src/arch/i386/nrv2b_d32_2.ash Normal file
View File

@ -0,0 +1,192 @@
/*
; n2b_d32.ash -- ucl_nrv2b_decompress_le32 in 32-bit assembly
;
; This file is part of the UCL data compression library.
;
; Copyright (C) 1996-2006 Markus Franz Xaver Johannes Oberhumer
; All Rights Reserved.
;
; The UCL library is free software; you can redistribute it and/or
; modify it under the terms of the GNU General Public License as
; published by the Free Software Foundation; either version 2 of
; the License, or (at your option) any later version.
;
; The UCL library is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with the UCL library; see the file COPYING.
; If not, write to the Free Software Foundation, Inc.,
; 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
;
; Markus F.X.J. Oberhumer
; <markus@oberhumer.com>
; http://www.oberhumer.com/opensource/ucl/
;
; ------------- DECOMPRESSION -------------
; Input:
; esi - source
; edi - dest
; ebp - -1
; cld
; Output:
; eax - 0
; ecx - 0
*/
// CPU 386
.macro getbit_n2b one
.ifc \one, 1
add ebx, ebx
jnz 1f
.endif
mov ebx, [esi]
sub esi, byte -4
adc ebx, ebx
1:
.endm
#undef getbit
#define getbit getbit_n2b
section N2BSMA10
jmps dcl1_n2b
decompr_literals_n2b:
movsb
section N2BFAS10
jmps dcl1_n2b
.balign 8
section N2BFAS11
decompr_literalb_n2b:
mov al, [esi]
inc esi
mov [edi], al
inc edi
section N2BDEC10
decompr_loop_n2b:
add ebx, ebx
jnz dcl2_n2b
dcl1_n2b:
getbit 32
dcl2_n2b:
section N2BSMA20
jc decompr_literals_n2b
xor eax, eax
inc eax
section N2BFAS20
#ifndef UPX102
mov al, [edi] // force data cache allocate (PentiumPlain or MMX)
#endif
jc decompr_literalb_n2b
mov eax, 1
section N2BDEC20
loop1_n2b:
getbit 1
adc eax, eax
section N2BSMA30
getbit 1
jnc loop1_n2b
section N2BFAS30
add ebx, ebx
jnc loop1_n2b
jnz loopend1_n2b
getbit 32
jnc loop1_n2b
loopend1_n2b:
section N2BDEC30
xor ecx, ecx
sub eax, 3
jb decompr_ebpeax_n2b
shl eax, 8
mov al, [esi]
inc esi
xor eax, -1
jz decompr_end_n2b
mov ebp, eax
decompr_ebpeax_n2b:
getbit 1
adc ecx, ecx
getbit 1
adc ecx, ecx
jnz decompr_got_mlen_n2b
inc ecx
loop2_n2b:
getbit 1
adc ecx, ecx
section N2BSMA40
getbit 1
jnc loop2_n2b
section N2BFAS40
add ebx, ebx
jnc loop2_n2b
jnz loopend2_n2b
getbit 32
jnc loop2_n2b
loopend2_n2b:
section N2BDUMM1
section N2BSMA50
inc ecx
inc ecx
section N2BFAS50
add ecx, 2
section N2BDEC50
decompr_got_mlen_n2b:
cmp ebp, -0xd00
adc ecx, 1
section N2BSMA60
#ifndef UPX102
push esi
#else
mov edx, esi
#endif
lea esi, [edi+ebp]
rep
movsb
#ifndef UPX102
pop esi
#else
mov esi, edx
#endif
jmp decompr_loop_n2b
section N2BFAS60
lea edx, [edi+ebp]
cmp ebp, -4
#ifndef UPX102
mov al, [edi+ecx] // force data cache allocate (PentiumPlain or MMX)
#endif
jbe decompr_copy4_n2b
loop3_n2b:
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz loop3_n2b
jmp decompr_loop_n2b
section N2BFAS61
.balign 4
decompr_copy4_n2b:
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja decompr_copy4_n2b
add edi, ecx
jmp decompr_loop_n2b
section N2BDEC60
decompr_end_n2b:
section NRV2BEND
// vi:ts=8:et

201
src/stub/src/arch/i386/nrv2d_d32_2.ash Normal file
View File

@ -0,0 +1,201 @@
/*
; n2d_d32.ash -- ucl_nrv2d_decompress_le32 in 32-bit assembly
;
; This file is part of the UCL data compression library.
;
; Copyright (C) 1996-2006 Markus Franz Xaver Johannes Oberhumer
; All Rights Reserved.
;
; The UCL library is free software; you can redistribute it and/or
; modify it under the terms of the GNU General Public License as
; published by the Free Software Foundation; either version 2 of
; the License, or (at your option) any later version.
;
; The UCL library is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with the UCL library; see the file COPYING.
; If not, write to the Free Software Foundation, Inc.,
; 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
;
; Markus F.X.J. Oberhumer
; <markus@oberhumer.com>
; http://www.oberhumer.com/opensource/ucl/
;
; ------------- DECOMPRESSION -------------
; Input:
; esi - source
; edi - dest
; ebp - -1
; cld
; Output:
; eax - 0
; ecx - 0
*/
// CPU 386
.macro getbit_n2d one
.ifc \one, 1
add ebx, ebx
jnz 1f
.endif
mov ebx, [esi]
sub esi, -4
adc ebx, ebx
1:
.endm
#undef getbit
#define getbit getbit_n2d
section N2DSMA10
jmps dcl1_n2d
decompr_literals_n2d:
movsb
section N2DFAS10
jmps dcl1_n2d
.balign 8
section N2DFAS11
decompr_literalb_n2d:
mov al, [esi]
inc esi
mov [edi], al
inc edi
section N2DDEC10
decompr_loop_n2d:
add ebx, ebx
jnz dcl2_n2d
dcl1_n2d:
getbit 32
dcl2_n2d:
section N2DSMA20
jc decompr_literals_n2d
xor eax, eax
inc eax
section N2DFAS20
#ifndef UPX102
mov al, [edi] // force data cache allocate (PentiumPlain or MMX)
#endif
jc decompr_literalb_n2d
mov eax, 1
section N2DDEC20
loop1_n2d:
getbit 1
adc eax, eax
section N2DSMA30
getbit 1
jc loopend1_n2d
section N2DFAS30
add ebx, ebx
jnc loopcontinue1_n2d
jnz loopend1_n2d
getbit 32
jc loopend1_n2d
loopcontinue1_n2d:
section N2DDEC30
dec eax
getbit 1
adc eax, eax
jmps loop1_n2d
loopend1_n2d:
xor ecx, ecx
sub eax, 3
jb decompr_prev_dist_n2d
shl eax, 8
mov al, [esi]
inc esi
xor eax, -1
jz decompr_end_n2d
sar eax, 1 // shift low-bit into carry
mov ebp, eax
jmps decompr_ebpeax_n2d
decompr_prev_dist_n2d:
getbit 1
decompr_ebpeax_n2d:
adc ecx, ecx
getbit 1
adc ecx, ecx
jnz decompr_got_mlen_n2d
inc ecx
loop2_n2d:
getbit 1
adc ecx, ecx
section N2DSMA40
getbit 1
jnc loop2_n2d
section N2DFAS40
add ebx, ebx
jnc loop2_n2d
jnz loopend2_n2d
getbit 32
jnc loop2_n2d
loopend2_n2d:
section N2DDUMM1
section N2DSMA50
inc ecx
inc ecx
section N2DFAS50
add ecx, 2
section N2DDEC50
decompr_got_mlen_n2d:
cmp ebp, -0x500
adc ecx, 1
section N2DSMA60
#ifndef UPX102
push esi
#else
mov edx, esi
#endif
lea esi, [edi+ebp]
rep
movsb
#ifndef UPX102
pop esi
#else
mov esi, edx
#endif
jmp decompr_loop_n2d
section N2DFAS60
lea edx, [edi+ebp]
cmp ebp, -4
#ifndef UPX102
mov al, [edi+ecx] // force data cache allocate (PentiumPlain or MMX)
#endif
jbe decompr_copy4_n2d
loop3_n2d:
mov al, [edx]
inc edx
mov [edi], al
inc edi
dec ecx
jnz loop3_n2d
jmp decompr_loop_n2d
section N2DFAS61
.balign 4
decompr_copy4_n2d:
mov eax, [edx]
add edx, 4
mov [edi], eax
add edi, 4
sub ecx, 4
ja decompr_copy4_n2d
add edi, ecx
jmp decompr_loop_n2d
section N2DDEC60
decompr_end_n2d:
section NRV2DEND
// vi:ts=8:et

225
src/stub/src/i386-bsd.elf-entry.asm
View File

@ -1,3 +1,4 @@
/*
; i386-BSD.elf-entry.asm -- BSD program entry point & decompressor (Elf binary)
;
; This file is part of the UPX executable compressor.
@ -28,24 +29,21 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
#include "arch/i386/macros2.ash"
BITS 32
SECTION .text
CPU 386
%define jmps jmp short
%define jmpn jmp near
// CPU 386
; /*************************************************************************
; // program entry point
; // see glibc/sysdeps/i386/elf/start.S
; **************************************************************************/
GLOBAL _start
;__LEXEC000__
_start:
;;;; int3
section LEXEC000
_start: .globl _start
//// int3
/*
;; How to debug this code: Uncomment the 'int3' breakpoint instruction above.
;; Build the stubs and upx. Compress a testcase, such as a copy of /bin/date.
;; Invoke gdb, and give a 'run' command. Define a single-step macro such as
@ -62,51 +60,52 @@ _start:
;; end
;; Step through the code; remember that <Enter> repeats the previous command.
;;
call main ; push address of decompress subroutine
*/
call main // push address of decompress subroutine
decompress:
; /*************************************************************************
; // C callable decompressor
; **************************************************************************/
// /*************************************************************************
// // C callable decompressor
// **************************************************************************/
; /* Offsets to parameters, allowing for {push + pusha + call} */
%define O_INP (4+ 8*4 +1*4)
%define O_INS (4+ 8*4 +2*4)
%define O_OUTP (4+ 8*4 +3*4)
%define O_OUTS (4+ 8*4 +4*4)
%define O_PARAM (4+ 8*4 +5*4)
// /* Offsets to parameters, allowing for {push + pusha + call} */
#define O_INP (4+ 8*4 +1*4)
#define O_INS (4+ 8*4 +2*4)
#define O_OUTP (4+ 8*4 +3*4)
#define O_OUTS (4+ 8*4 +4*4)
#define O_PARAM (4+ 8*4 +5*4)
%define INP dword [esp+O_INP]
%define INS dword [esp+O_INS]
%define OUTP dword [esp+O_OUTP]
%define OUTS dword [esp+O_OUTS]
%define PARM dword [esp+O_PARAM]
#define INP dword [esp+O_INP]
#define INS dword [esp+O_INS]
#define OUTP dword [esp+O_OUTP]
#define OUTS dword [esp+O_OUTS]
#define PARM dword [esp+O_PARAM]
;__LEXEC009__
;; empty section for commonality with l_lx_exec86.asm
;__LEXEC010__
section LEXEC009
// empty section for commonality with l_lx_exec86.asm
section LEXEC010
pusha
push byte '?' ; cto8 (sign extension does not matter)
; cld
push '?' // cto8 (sign extension does not matter)
// cld
mov esi, INP
mov edi, OUTP
or ebp, byte -1
;;; align 8
or ebp, -1
// align 8
%include "arch/i386/nrv2b_d32.ash"
%include "arch/i386/nrv2d_d32.ash"
%include "arch/i386/nrv2e_d32.ash"
%include "arch/i386/lzma_d.ash"
%include "arch/i386/macros.ash"
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
#define db .byte
#include "arch/i386/lzma_d_2.ash"
cjt32 0
;__LEXEC015__
; eax is 0 from decompressor code
;xor eax, eax ; return code
section LEXEC015
// eax is 0 from decompressor code
//xor eax, eax ; return code
; check compressed size
// check compressed size
mov edx, INP
add edx, INS
cmp esi, edx
@ -114,12 +113,12 @@ decompress:
dec eax
.ok:
; write back the uncompressed size
// write back the uncompressed size
sub edi, OUTP
mov edx, OUTS
mov [edx], edi
pop edx ; cto8
pop edx // cto8
mov [7*4 + esp], eax
popa
@ -127,109 +126,105 @@ decompress:
ctojr32
ckt32 edi, dl
;__LEXEC017__
section LEXEC017
popa
ret
;__LEXEC020__
section LEXEC020
%define PAGE_SIZE ( 1<<12)
#define PAGE_SIZE ( 1<<12)
%define MAP_FIXED 0x10
%define MAP_PRIVATE 0x02
%define MAP_ANONYMOUS 0x1000
%define PROT_READ 1
%define PROT_WRITE 2
%define PROT_EXEC 4
%define __NR_mmap 197
%define __NR_syscall 198
%define szElf32_Ehdr 0x34
%define p_memsz 5*4
#define MAP_FIXED 0x10
#define MAP_PRIVATE 0x02
#define MAP_ANONYMOUS 0x1000
#define PROT_READ 1
#define PROT_WRITE 2
#define PROT_EXEC 4
#define __NR_mmap 197
#define __NR_syscall 198
#define szElf32_Ehdr 0x34
#define p_memsz 5*4
%define __NR_write 4
%define __NR_exit 1
#define __NR_write 4
#define __NR_exit 1
fail_mmap:
push byte L71 - L70
push L71 - L70
call L71
L70:
db "PROT_EXEC|PROT_WRITE failed.",10
.ascii "PROT_EXEC|PROT_WRITE failed.\n"
L71:
push byte 2 ; fd stderr
push eax ; fake ret.addr
push byte __NR_write
push 2 // fd stderr
push eax // fake ret.addr
push __NR_write
pop eax
int 0x80
die:
push byte 127 ; only low 7 bits matter!
push eax ; fake ret.addr
push byte __NR_exit
pop eax ; write to stderr could fail, leaving eax as -EBADF etc.
push 127 // only low 7 bits matter!
push eax // fake ret.addr
push __NR_exit
pop eax // write to stderr could fail, leaving eax as -EBADF etc.
int 0x80
; Decompress the rest of this loader, and jump to it
// Decompress the rest of this loader, and jump to it
unfold:
pop esi ; &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_data...}
pop esi // &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_data...}
lea eax, [ebp - (4+ decompress - _start)] ; 4: sizeof(int)
sub eax, [eax] ; %eax= &Elf32_Ehdr of this program
mov edx, eax ; %edx= &Elf32_Ehdr of this program
lea eax, [ebp - (4+ decompress - _start)] // 4: sizeof(int)
sub eax, [eax] // %eax= &Elf32_Ehdr of this program
mov edx, eax // %edx= &Elf32_Ehdr of this program
; Linux requires PF_W in order to create .bss (implied by .p_filesz!=.p_memsz),
; but strict SELinux (or PaX, grSecurity) forbids PF_W with PF_X.
; So first PT_LOAD must be PF_R|PF_X only, and .p_memsz==.p_filesz.
; So we must round up here, instead of pre-rounding .p_memsz.
add eax, [p_memsz + szElf32_Ehdr + eax] ; address after .text
add eax, PAGE_SIZE -1
and eax, -PAGE_SIZE
// Linux requires PF_W in order to create .bss (implied by .p_filesz!=.p_memsz),
// but strict SELinux (or PaX, grSecurity) forbids PF_W with PF_X.
// So first PT_LOAD must be PF_R|PF_X only, and .p_memsz==.p_filesz.
// So we must round up here, instead of pre-rounding .p_memsz.
add eax, [p_memsz + szElf32_Ehdr + eax] // address after .text
add eax, PAGE_SIZE -1
and eax, 0-PAGE_SIZE
push eax ; destination for 'ret'
push eax // destination for 'ret'
; mmap a page to hold the decompressed fold_elf86
xor ecx, ecx ; %ecx= 0
; MAP_ANONYMOUS ==>offset is ignored, so do not push!
push ecx ; pad (must be zero?)
push byte -1 ; *BSD demands -1==fd for mmap(,,,MAP_ANON,,)
push dword MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
mov ch, PAGE_SIZE >> 8 ; %ecx= PAGE_SIZE
push byte PROT_READ | PROT_WRITE | PROT_EXEC
push ecx ; length
push eax ; destination
xor eax,eax ; 0
push eax ; current thread
// mmap a page to hold the decompressed fold_elf86
xor ecx, ecx // %ecx= 0
// MAP_ANONYMOUS ==>offset is ignored, so do not push!
push ecx // pad (must be zero?)
push -1 // *BSD demands -1==fd for mmap(,,,MAP_ANON,,)
push MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
mov ch, PAGE_SIZE >> 8 // %ecx= PAGE_SIZE
push PROT_READ | PROT_WRITE | PROT_EXEC
push ecx // length
push eax // destination
xor eax,eax // 0
push eax // current thread
mov al, __NR_mmap
push eax ; __NR_mmap
push eax ; fake return address
push eax // __NR_mmap
push eax // fake return address
mov al, __NR_syscall
int 0x80 ; changes only %eax; %edx is live
int 0x80 // changes only %eax; %edx is live
jb fail_mmap
xchg eax, edx ; %edx= page after .text; %eax= &Elf32_Ehdr of this program
xchg eax, ebx ; %ebx= &Elf32_Ehdr of this program
xchg eax, edx // %edx= page after .text; %eax= &Elf32_Ehdr of this program
xchg eax, ebx // %ebx= &Elf32_Ehdr of this program
cld
lodsd
push eax ; sz_uncompressed (maximum dstlen for lzma)
mov ecx,esp ; save &dstlen
push eax ; space for 5th param
push ecx ; &dstlen
push edx ; &dst
push eax // sz_uncompressed (maximum dstlen for lzma)
mov ecx,esp // save &dstlen
push eax // space for 5th param
push ecx // &dstlen
push edx // &dst
lodsd
push eax ; sz_compressed (srclen)
lodsd ; last 4 bytes of b_info
push eax // sz_compressed (srclen)
lodsd // last 4 bytes of b_info
mov [4*3 + esp],eax
push esi ; &compressed_data
call ebp ; decompress(&src, srclen, &dst, &dstlen, b_info.misc)
add esp, byte (5+1 + 9)*4 ; (5+1) args to decompress, 9 "args" to mmap
ret ; &destination
push esi // &compressed_data
call ebp // decompress(&src, srclen, &dst, &dstlen, b_info.misc)
add esp, (5+1 + 9)*4 // (5+1) args to decompress, 9 "args" to mmap
ret // &destination
main:
pop ebp ; &decompress
pop ebp // &decompress
call unfold
; compressed fold_elf86 follows
// compressed fold_elf86 follows
eof:
; __XTHEENDX__
section .data
dd -1
dw eof
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

299
src/stub/src/i386-bsd.elf-fold.asm
View File

@ -1,3 +1,4 @@
/*
; i386-bsd.elf-fold.asm -- linkage to C code to process Elf binary
;
; This file is part of the UPX executable compressor.
@ -26,256 +27,246 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
#include "arch/i386/macros2.ash"
// CPU 386
BITS 32
SECTION .text
CPU 386
#define PAGE_SIZE ( 1<<12)
#define szElf32_Ehdr 0x34
#define szElf32_Phdr 8*4
#define e_type 16
#define e_entry (16 + 2*2 + 4)
#define p_memsz 5*4
#define szb_info 12
#define szl_info 12
#define szp_info 12
#define a_type 0
#define a_val 4
#define sz_auxv 8
%define PAGE_SIZE ( 1<<12)
%define szElf32_Ehdr 0x34
%define szElf32_Phdr 8*4
%define e_type 16
%define e_entry (16 + 2*2 + 4)
%define p_memsz 5*4
%define szb_info 12
%define szl_info 12
%define szp_info 12
%define a_type 0
%define a_val 4
%define sz_auxv 8
#define __NR_munmap 73
%define __NR_munmap 73
// control just falls through, after this part and compiled C code
// are uncompressed.
;; control just falls through, after this part and compiled C code
;; are uncompressed.
fold_begin: // enter: %ebx= &Elf32_Ehdr of this program
// patchLoader will modify to be
// dword sz_uncompressed, sz_compressed
// byte compressed_data...
fold_begin: ; enter: %ebx= &Elf32_Ehdr of this program
; patchLoader will modify to be
; dword sz_uncompressed, sz_compressed
; byte compressed_data...
// ld-linux.so.2 depends on AT_PHDR and AT_ENTRY, for instance.
// Move argc,argv,envp down to make room for Elf_auxv table.
// Linux kernel 2.4.2 and earlier give only AT_HWCAP and AT_PLATFORM
// because we have no PT_INTERP. Linux kernel 2.4.5 (and later?)
// give not quite everything. It is simpler and smaller code for us
// to generate a "complete" table where Elf_auxv[k -1].a_type = k.
// On second thought, that wastes a lot of stack space (the entire kernel
// auxv, plus those slots that remain empty anyway). So try for minimal
// space on stack, without too much code, by doing it serially.
; ld-linux.so.2 depends on AT_PHDR and AT_ENTRY, for instance.
; Move argc,argv,envp down to make room for Elf_auxv table.
; Linux kernel 2.4.2 and earlier give only AT_HWCAP and AT_PLATFORM
; because we have no PT_INTERP. Linux kernel 2.4.5 (and later?)
; give not quite everything. It is simpler and smaller code for us
; to generate a "complete" table where Elf_auxv[k -1].a_type = k.
; On second thought, that wastes a lot of stack space (the entire kernel
; auxv, plus those slots that remain empty anyway). So try for minimal
; space on stack, without too much code, by doing it serially.
#define AT_NULL 0
#define AT_IGNORE 1
#define AT_PHDR 3
#define AT_PHENT 4
#define AT_PHNUM 5
#define AT_PAGESZ 6
#define AT_BASE 7
#define AT_ENTRY 9
%define AT_NULL 0
%define AT_IGNORE 1
%define AT_PHDR 3
%define AT_PHENT 4
%define AT_PHNUM 5
%define AT_PAGESZ 6
%define AT_BASE 7
%define AT_ENTRY 9
%define ET_DYN 3
#define ET_DYN 3
sub ecx, ecx
mov edx, (1<<AT_PHDR) | (1<<AT_PHENT) | (1<<AT_PHNUM) | (1<<AT_PAGESZ) | (1<<AT_BASE) | (1<<AT_ENTRY)
mov esi, esp
mov edi, esp
call do_auxv ; clear bits in edx according to existing auxv slots
call do_auxv // clear bits in edx according to existing auxv slots
mov esi, esp
L50:
shr edx, 1 ; Carry = bottom bit
sbb eax, eax ; -1 or 0
sub ecx, eax ; count of 1 bits that remained in edx
lea esp, [esp + sz_auxv * eax] ; allocate one auxv slot, if needed
shr edx, 1 // Carry = bottom bit
sbb eax, eax // -1 or 0
sub ecx, eax // count of 1 bits that remained in edx
lea esp, [esp + sz_auxv * eax] // allocate one auxv slot, if needed
test edx,edx
jne L50
mov edi, esp
call do_auxv ; move; fill new auxv slots with AT_IGNORE
call do_auxv // move; fill new auxv slots with AT_IGNORE
%define OVERHEAD 2048
%define MAX_ELF_HDR 512
#define OVERHEAD 2048
#define MAX_ELF_HDR 512
sub esp, dword MAX_ELF_HDR + OVERHEAD ; alloca
push ebx ; start of unmap region (&Elf32_Ehdr of this stub)
sub esp, MAX_ELF_HDR + OVERHEAD // alloca
push ebx // start of unmap region (&Elf32_Ehdr of this stub)
; Cannot pre-round .p_memsz because kernel requires PF_W to setup .bss,
; but strict SELinux (or PaX, grsecurity) prohibits PF_W with PF_X.
mov edx, [p_memsz + szElf32_Ehdr + ebx] ; phdr[0].p_memsz
lea edx, [-1 + 2*PAGE_SIZE + edx + ebx] ; 1 page for round, 1 for unfold
and edx, -PAGE_SIZE
// Cannot pre-round .p_memsz because kernel requires PF_W to setup .bss,
// but strict SELinux (or PaX, grsecurity) prohibits PF_W with PF_X.
mov edx, [p_memsz + szElf32_Ehdr + ebx] // phdr[0].p_memsz
lea edx, [-1 + 2*PAGE_SIZE + edx + ebx] // 1 page for round, 1 for unfold
and edx, 0-PAGE_SIZE
push edx ; end of unmap region
sub eax, eax ; 0
cmp word [e_type + ebx], byte ET_DYN
push edx // end of unmap region
sub eax, eax // 0
cmp word ptr [e_type + ebx], ET_DYN
jne L53
xchg eax, edx ; dynbase for ET_DYN; assumes mmap(0, ...) is placed after us!
xchg eax, edx // dynbase for ET_DYN; assumes mmap(0, ...) is placed after us!
L53:
push eax ; dynbase
push eax // dynbase
mov esi, [e_entry + ebx] ; end of compressed data
lea eax, [szElf32_Ehdr + 2*szElf32_Phdr + szl_info + szp_info + ebx] ; 1st &b_info
sub esi, eax ; length of compressed data
mov ebx, [ eax] ; length of uncompressed ELF headers
mov ecx, [4+ eax] ; length of compressed ELF headers
add ecx, byte szb_info
lea edx, [3*4 + esp] ; &tmp
pusha ; (AT_table, sz_cpr, f_expand, &tmp_ehdr, {sz_unc, &tmp}, {sz_cpr, &b1st_info} )
inc edi ; swap with above 'pusha' to inhibit auxv_up for PT_INTERP
EXTERN upx_main
call upx_main ; returns entry address
add esp, byte (8 +1)*4 ; remove 8 params from pusha, also dynbase
pop ecx ; end of unmap region
pop ebx ; start of unmap region (&Elf32_Ehdr of this stub)
add esp, dword MAX_ELF_HDR + OVERHEAD ; un-alloca
mov esi, [e_entry + ebx] // end of compressed data
lea eax, [szElf32_Ehdr + 2*szElf32_Phdr + szl_info + szp_info + ebx] // 1st &b_info
sub esi, eax // length of compressed data
mov ebx, [ eax] // length of uncompressed ELF headers
mov ecx, [4+ eax] // length of compressed ELF headers
add ecx, szb_info
lea edx, [3*4 + esp] // &tmp
pusha // (AT_table, sz_cpr, f_expand, &tmp_ehdr, {sz_unc, &tmp}, {sz_cpr, &b1st_info} )
inc edi // swap with above 'pusha' to inhibit auxv_up for PT_INTERP
.extern upx_main
call upx_main // returns entry address
add esp, (8 +1)*4 // remove 8 params from pusha, also dynbase
pop ecx // end of unmap region
pop ebx // start of unmap region (&Elf32_Ehdr of this stub)
add esp, MAX_ELF_HDR + OVERHEAD // un-alloca
push eax ; save entry address as ret.addr
push byte 0 ; 'leave' uses this to clear ebp
mov ebp,esp ; frame
push eax // save entry address as ret.addr
push 0 // 'leave' uses this to clear ebp
mov ebp,esp // frame
sub ecx, ebx
sub eax,eax ; 0, also AT_NULL
push ecx ; length to unmap
push ebx ; start of unmap region (&Elf32_Ehdr of this stub)
push eax ; fake ret.addr
sub eax,eax // 0, also AT_NULL
push ecx // length to unmap
push ebx // start of unmap region (&Elf32_Ehdr of this stub)
push eax // fake ret.addr
dec edi ; auxv table
db 0x3c ; "cmpb al, byte ..." like "jmp 1+L60" but 1 byte shorter
dec edi // auxv table
.byte 0x3c // "cmpb al, ..." like "jmp 1+L60" but 1 byte shorter
L60:
scasd ; a_un.a_val etc.
scasd ; a_type
jne L60 ; not AT_NULL
; edi now points at [AT_NULL]a_un.a_ptr which contains result of make_hatch()
push dword [edi] ; &escape hatch
scasd // a_un.a_val etc.
scasd // a_type
jne L60 // not AT_NULL
// edi now points at [AT_NULL]a_un.a_ptr which contains result of make_hatch()
push dword ptr [edi] // &escape hatch
xor edi,edi
xor esi,esi
xor edx,edx
xor ecx,ecx
xor ebx,ebx
mov al, __NR_munmap ; eax was 0 from L60
ret ; goto escape hatch: int 0x80; leave; ret
mov al, __NR_munmap // eax was 0 from L60
ret // goto escape hatch: int 0x80; leave; ret
; called twice:
; 1st with esi==edi, ecx=0, edx= bitmap of slots needed: just update edx.
; 2nd with esi!=edi, ecx= slot_count: move, then append AT_IGNORE slots
; entry: esi= src = &argc; edi= dst; ecx= # slots wanted; edx= bits wanted
; exit: edi= &auxtab; edx= bits still needed
// called twice:
// 1st with esi==edi, ecx=0, edx= bitmap of slots needed: just update edx.
// 2nd with esi!=edi, ecx= slot_count: move, then append AT_IGNORE slots
// entry: esi= src = &argc; edi= dst; ecx= # slots wanted; edx= bits wanted
// exit: edi= &auxtab; edx= bits still needed
do_auxv:
; cld
// cld
L10: ; move argc+argv
L10: // move argc+argv
lodsd
stosd
test eax,eax
jne L10
L20: ; move envp
L20: // move envp
lodsd
stosd
test eax,eax
jne L20
push edi ; return value
L30: ; process auxv
lodsd ; a_type
push edi // return value
L30: // process auxv
lodsd // a_type
stosd
cmp eax, byte 32
jae L32 ; prevent aliasing by 'btr' when 32<=a_type
btr edx, eax ; no longer need a slot of type eax [Carry only]
cmp eax, 32
jae L32 // prevent aliasing by 'btr' when 32<=a_type
btr edx, eax // no longer need a slot of type eax [Carry only]
L32:
test eax, eax ; AT_NULL ?
test eax, eax // AT_NULL ?
lodsd
stosd
jnz L30 ; a_type != AT_NULL
jnz L30 // a_type != AT_NULL
sub edi, byte 8 ; backup to AT_NULL
add ecx, ecx ; two words per auxv
inc eax ; convert 0 to AT_IGNORE
rep stosd ; allocate and fill
dec eax ; convert AT_IGNORE to AT_NULL
stosd ; re-terminate with AT_NULL
sub edi, 8 // backup to AT_NULL
add ecx, ecx // two words per auxv
inc eax // convert 0 to AT_IGNORE
rep stosd // allocate and fill
dec eax // convert AT_IGNORE to AT_NULL
stosd // re-terminate with AT_NULL
stosd
pop edi ; &auxtab
pop edi // &auxtab
ret
%define __NR_mmap 197
%define __NR_syscall 198
#define __NR_mmap 197
#define __NR_syscall 198
global mmap
mmap:
mmap: .globl mmap
push ebp
mov ebp,esp
xor eax,eax ; 0
push eax ; convert to 64-bit
push dword [7*4+ebp] ; offset
push eax ; pad
push dword [6*4+ebp] ; fd
push dword [5*4+ebp] ; flags
push dword [4*4+ebp] ; prot
push dword [3*4+ebp] ; len
push dword [2*4+ebp] ; addr
push eax ; current thread
xor eax,eax // 0
push eax // convert to 64-bit
push dword ptr [7*4+ebp] // offset
push eax // pad
push dword ptr [6*4+ebp] // fd
push dword ptr [5*4+ebp] // flags
push dword ptr [4*4+ebp] // prot
push dword ptr [3*4+ebp] // len
push dword ptr [2*4+ebp] // addr
push eax // current thread
mov al,__NR_mmap
push eax
push eax ; fake ret.addr
push eax // fake ret.addr
mov al,__NR_syscall
int 0x80
leave
ret
global brk
brk:
brk: .globl brk
ret
%define __NR_exit 1
%define __NR_read 3
%define __NR_write 4
%define __NR_open 5
%define __NR_close 6
%define __NR_munmap 73
%define __NR_mprotect 74
#define __NR_exit 1
#define __NR_read 3
#define __NR_write 4
#define __NR_open 5
#define __NR_close 6
#define __NR_munmap 73
#define __NR_mprotect 74
global exit
exit:
exit: .globl exit
mov al,__NR_exit
nf_sysgo:
movzx eax,al
int 0x80
ret
global read
read:
read: .globl read
mov al,__NR_read
jmp nf_sysgo
global write
write:
write: .globl write
mov al,__NR_write
jmp nf_sysgo
global open
open:
open: .globl open
mov al,__NR_open
jmp nf_sysgo
global close
close:
close: .globl close
mov al,__NR_close
jmp nf_sysgo
global munmap
munmap:
munmap: .globl munmap
mov al,__NR_munmap
jmp nf_sysgo
global mprotect
mprotect:
mprotect: .globl mprotect
mov al,__NR_mprotect
jmp nf_sysgo
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

9
src/stub/src/i386-dos32.djgpp2.asm
View File

@ -63,10 +63,11 @@ section LZMA_INIT_STACK
; =============
*/
//include "arch/i386/nrv2b_d32.ash"
//#include "arch/i386/nrv2d_d32.ash"
#include "arch/i386/nrv2e_d32_2.ash"
//#include "arch/i386/lzma_d.ash"
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
#define db .byte
#include "arch/i386/lzma_d_2.ash"
section LZMA_DONE_STACK
mov ss, [eax] // eax is always 0 here

8
src/stub/src/i386-dos32.tmt.asm
View File

@ -66,10 +66,10 @@ decompressor:
// ============= DECOMPRESSION
// =============
//#include "arch/i386/nrv2b_d32.ash"
//#include "arch/i386/nrv2d_d32.ash"
#include "arch/i386/nrv2e_d32_2.ash"
//#include "arch/i386/lzma_d.ash"
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
#include "arch/i386/lzma_d_2.ash"
section TMTMAIN5
pop ebp

8
src/stub/src/i386-dos32.watcom.le.asm
View File

@ -71,10 +71,10 @@ decompressor:
// ============= DECOMPRESSION
// =============
//#include "arch/i386/nrv2b_d32.ash"
//#include "arch/i386/nrv2d_d32.ash"
#include "arch/i386/nrv2e_d32_2.ash"
//#include "arch/i386/lzma_d.ash"
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
#include "arch/i386/lzma_d_2.ash"
// =============

227
src/stub/src/i386-linux.elf-entry.asm
View File

@ -1,3 +1,4 @@
/*
; l_lx_elf86.asm -- Linux program entry point & decompressor (Elf binary)
;
; This file is part of the UPX executable compressor.
@ -28,24 +29,23 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
#include "arch/i386/macros2.ash"
// CPU 386
BITS 32
SECTION .text
CPU 386
#define jmps jmp short
#define jmpn jmp near
%define jmps jmp short
%define jmpn jmp near
/*************************************************************************
// program entry point
// see glibc/sysdeps/i386/elf/start.S
**************************************************************************/
; /*************************************************************************
; // program entry point
; // see glibc/sysdeps/i386/elf/start.S
; **************************************************************************/
GLOBAL _start
;__LEXEC000__
_start:
;;;; int3
section LEXEC000
_start: .globl _start
//// int3
/*
;; How to debug this code: Uncomment the 'int3' breakpoint instruction above.
;; Build the stubs and upx. Compress a testcase, such as a copy of /bin/date.
;; Invoke gdb, and give a 'run' command. Define a single-step macro such as
@ -62,51 +62,52 @@ _start:
;; end
;; Step through the code; remember that <Enter> repeats the previous command.
;;
call main ; push address of decompress subroutine
*/
call main // push address of decompress subroutine
decompress:
; /*************************************************************************
; // C callable decompressor
; **************************************************************************/
// /*************************************************************************
// // C callable decompressor
// **************************************************************************/
; /* Offsets to parameters, allowing for {push + pusha + call} */
%define O_INP (4+ 8*4 +1*4)
%define O_INS (4+ 8*4 +2*4)
%define O_OUTP (4+ 8*4 +3*4)
%define O_OUTS (4+ 8*4 +4*4)
%define O_PARAM (4+ 8*4 +5*4)
// /* Offsets to parameters, allowing for {push + pusha + call} */
#define O_INP (4+ 8*4 +1*4)
#define O_INS (4+ 8*4 +2*4)
#define O_OUTP (4+ 8*4 +3*4)
#define O_OUTS (4+ 8*4 +4*4)
#define O_PARAM (4+ 8*4 +5*4)
%define INP dword [esp+O_INP]
%define INS dword [esp+O_INS]
%define OUTP dword [esp+O_OUTP]
%define OUTS dword [esp+O_OUTS]
%define PARM dword [esp+O_PARAM]
#define INP dword [esp+O_INP]
#define INS dword [esp+O_INS]
#define OUTP dword [esp+O_OUTP]
#define OUTS dword [esp+O_OUTS]
#define PARM dword [esp+O_PARAM]
;__LEXEC009__
;; empty section for commonality with l_lx_exec86.asm
;__LEXEC010__
section LEXEC009
//; empty section for commonality with l_lx_exec86.asm
section LEXEC010
pusha
push byte '?' ; cto8 (sign extension does not matter)
; cld
push '?' // cto8 (sign extension does not matter)
// cld
mov esi, INP
mov edi, OUTP
or ebp, byte -1
;;; align 8
//;; align 8
%include "arch/i386/nrv2b_d32.ash"
%include "arch/i386/nrv2d_d32.ash"
%include "arch/i386/nrv2e_d32.ash"
%include "arch/i386/lzma_d.ash"
%include "arch/i386/macros.ash"
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
#define db .byte
#include "arch/i386/lzma_d_2.ash"
cjt32 0
;__LEXEC015__
; eax is 0 from decompressor code
;xor eax, eax ; return code
section LEXEC015
// eax is 0 from decompressor code
//xor eax, eax ; return code
; check compressed size
// check compressed size
mov edx, INP
add edx, INS
cmp esi, edx
@ -114,12 +115,12 @@ decompress:
dec eax
.ok:
; write back the uncompressed size
// write back the uncompressed size
sub edi, OUTP
mov edx, OUTS
mov [edx], edi
pop edx ; cto8
pop edx // cto8
mov [7*4 + esp], eax
popa
@ -127,107 +128,103 @@ decompress:
ctojr32
ckt32 edi, dl
;__LEXEC017__
section LEXEC017
popa
ret
;__LEXEC020__
section LEXEC020
%define PAGE_SIZE ( 1<<12)
#define PAGE_SIZE ( 1<<12)
%define MAP_FIXED 0x10
%define MAP_PRIVATE 0x02
%define MAP_ANONYMOUS 0x20
%define PROT_READ 1
%define PROT_WRITE 2
%define PROT_EXEC 4
%define __NR_mmap 90
%define szElf32_Ehdr 0x34
%define p_memsz 5*4
#define MAP_FIXED 0x10
#define MAP_PRIVATE 0x02
#define MAP_ANONYMOUS 0x20
#define PROT_READ 1
#define PROT_WRITE 2
#define PROT_EXEC 4
#define __NR_mmap 90
#define szElf32_Ehdr 0x34
#define p_memsz 5*4
%define __NR_write 4
%define __NR_exit 1
#define __NR_write 4
#define __NR_exit 1
msg_SELinux:
push byte L71 - L70
pop edx ; length
push L71 - L70
pop edx // length
call L71
L70:
db "PROT_EXEC|PROT_WRITE failed.",10
.ascii "PROT_EXEC|PROT_WRITE failed.\n"
L71:
pop ecx ; message text
push byte 2 ; fd stderr
pop ecx // message text
push 2 // fd stderr
pop ebx
push byte __NR_write
push __NR_write
pop eax
int 0x80
die:
mov bl, byte 127 ; only low 7 bits matter!
push byte __NR_exit
pop eax ; write to stderr could fail, leaving eax as -EBADF etc.
mov bl, 127 // only low 7 bits matter!
push __NR_exit
pop eax // write to stderr could fail, leaving eax as -EBADF etc.
int 0x80
; Decompress the rest of this loader, and jump to it
// Decompress the rest of this loader, and jump to it
unfold:
pop esi ; &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_data...}
pop esi // &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_data...}
lea eax, [ebp - (4+ decompress - _start)] ; 4: sizeof(int)
sub eax, [eax] ; %eax= &Elf32_Ehdr of this program
mov edx, eax ; %edx= &Elf32_Ehdr of this program
lea eax, [ebp - (4+ decompress - _start)] // 4: sizeof(int)
sub eax, [eax] // %eax= &Elf32_Ehdr of this program
mov edx, eax // %edx= &Elf32_Ehdr of this program
; Linux requires PF_W in order to create .bss (implied by .p_filesz!=.p_memsz),
; but strict SELinux (or PaX, grSecurity) forbids PF_W with PF_X.
; So first PT_LOAD must be PF_R|PF_X only, and .p_memsz==.p_filesz.
; So we must round up here, instead of pre-rounding .p_memsz.
add eax, [p_memsz + szElf32_Ehdr + eax] ; address after .text
add eax, PAGE_SIZE -1
and eax, -PAGE_SIZE
// Linux requires PF_W in order to create .bss (implied by .p_filesz!=.p_memsz),
// but strict SELinux (or PaX, grSecurity) forbids PF_W with PF_X.
// So first PT_LOAD must be PF_R|PF_X only, and .p_memsz==.p_filesz.
// So we must round up here, instead of pre-rounding .p_memsz.
add eax, [p_memsz + szElf32_Ehdr + eax] // address after .text
add eax, PAGE_SIZE -1
and eax, 0-PAGE_SIZE
push eax ; destination for 'ret'
push eax // destination for 'ret'
; mmap a page to hold the decompressed fold_elf86
xor ecx, ecx ; %ecx= 0
; MAP_ANONYMOUS ==>offset is ignored, so do not push!
; push ecx ; offset
push byte -1 ; *BSD demands -1==fd for mmap(,,,MAP_ANON,,)
push byte MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
mov ch, PAGE_SIZE >> 8 ; %ecx= PAGE_SIZE
push byte PROT_READ | PROT_WRITE | PROT_EXEC
push ecx ; length
push eax ; destination
mov ebx, esp ; address of parameter vector for __NR_mmap
push byte __NR_mmap
// mmap a page to hold the decompressed fold_elf86
xor ecx, ecx // %ecx= 0
// MAP_ANONYMOUS ==>offset is ignored, so do not push!
// push ecx ; offset
push -1 // *BSD demands -1==fd for mmap(,,,MAP_ANON,,)
push MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
mov ch, PAGE_SIZE >> 8 // %ecx= PAGE_SIZE
push PROT_READ | PROT_WRITE | PROT_EXEC
push ecx // length
push eax // destination
mov ebx, esp // address of parameter vector for __NR_mmap
push __NR_mmap
pop eax
int 0x80 ; changes only %eax; %edx is live
int 0x80 // changes only %eax; %edx is live
test eax,eax
js msg_SELinux
xchg eax, edx ; %edx= page after .text; %eax= &Elf32_Ehdr of this program
xchg eax, ebx ; %ebx= &Elf32_Ehdr of this program
xchg eax, edx // %edx= page after .text; %eax= &Elf32_Ehdr of this program
xchg eax, ebx // %ebx= &Elf32_Ehdr of this program
cld
lodsd
push eax ; sz_uncompressed (maximum dstlen for lzma)
mov ecx,esp ; save &dstlen
push eax ; space for 5th param
push ecx ; &dstlen
push edx ; &dst
push eax // sz_uncompressed (maximum dstlen for lzma)
mov ecx,esp // save &dstlen
push eax // space for 5th param
push ecx // &dstlen
push edx // &dst
lodsd
push eax ; sz_compressed (srclen)
lodsd ; last 4 bytes of b_info
push eax // sz_compressed (srclen)
lodsd // last 4 bytes of b_info
mov [4*3 + esp],eax
push esi ; &compressed_data
call ebp ; decompress(&src, srclen, &dst, &dstlen, b_info.misc)
add esp, byte (5+1 + 6-1)*4 ; (5+1) args to decompress, (6-1) args to mmap
ret ; &destination
push esi // &compressed_data
call ebp // decompress(&src, srclen, &dst, &dstlen, b_info.misc)
add esp, 0+(5+1 + 6-1)*4 // (5+1) args to decompress, (6-1) args to mmap
ret // &destination
main:
pop ebp ; &decompress
pop ebp // &decompress
call unfold
; compressed fold_elf86 follows
// compressed fold_elf86 follows
eof:
; __XTHEENDX__
section .data
dd -1
dw eof
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

228
src/stub/src/i386-linux.elf-fold.asm
View File

@ -1,3 +1,4 @@
/*
; fold_elf86.asm -- linkage to C code to process Elf binary
;
; This file is part of the UPX executable compressor.
@ -26,118 +27,118 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
#include "arch/i386/macros2.ash"
BITS 32
SECTION .text
CPU 386
// CPU 386
%define PAGE_SIZE ( 1<<12)
%define szElf32_Ehdr 0x34
%define szElf32_Phdr 8*4
%define e_type 16
%define e_entry (16 + 2*2 + 4)
%define p_memsz 5*4
%define szb_info 12
%define szl_info 12
%define szp_info 12
%define a_type 0
%define a_val 4
%define sz_auxv 8
#define PAGE_SIZE ( 1<<12)
#define szElf32_Ehdr 0x34
#define szElf32_Phdr 8*4
#define e_type 16
#define e_entry (16 + 2*2 + 4)
#define p_memsz 5*4
#define szb_info 12
#define szl_info 12
#define szp_info 12
#define a_type 0
#define a_val 4
#define sz_auxv 8
%define __NR_munmap 91
#define __NR_munmap 91
;; control just falls through, after this part and compiled C code
;; are uncompressed.
// control just falls through, after this part and compiled C code
// are uncompressed.
fold_begin: ; enter: %ebx= &Elf32_Ehdr of this program
; patchLoader will modify to be
; dword sz_uncompressed, sz_compressed
; byte compressed_data...
fold_begin: // enter: %ebx= &Elf32_Ehdr of this program
// patchLoader will modify to be
// dword sz_uncompressed, sz_compressed
// byte compressed_data...
; ld-linux.so.2 depends on AT_PHDR and AT_ENTRY, for instance.
; Move argc,argv,envp down to make room for Elf_auxv table.
; Linux kernel 2.4.2 and earlier give only AT_HWCAP and AT_PLATFORM
; because we have no PT_INTERP. Linux kernel 2.4.5 (and later?)
; give not quite everything. It is simpler and smaller code for us
; to generate a "complete" table where Elf_auxv[k -1].a_type = k.
; On second thought, that wastes a lot of stack space (the entire kernel
; auxv, plus those slots that remain empty anyway). So try for minimal
; space on stack, without too much code, by doing it serially.
// ld-linux.so.2 depends on AT_PHDR and AT_ENTRY, for instance.
// Move argc,argv,envp down to make room for Elf_auxv table.
// Linux kernel 2.4.2 and earlier give only AT_HWCAP and AT_PLATFORM
// because we have no PT_INTERP. Linux kernel 2.4.5 (and later?)
// give not quite everything. It is simpler and smaller code for us
// to generate a "complete" table where Elf_auxv[k -1].a_type = k.
// On second thought, that wastes a lot of stack space (the entire kernel
// auxv, plus those slots that remain empty anyway). So try for minimal
// space on stack, without too much code, by doing it serially.
%define AT_NULL 0
%define AT_IGNORE 1
%define AT_PHDR 3
%define AT_PHENT 4
%define AT_PHNUM 5
%define AT_PAGESZ 6
%define AT_ENTRY 9
#define AT_NULL 0
#define AT_IGNORE 1
#define AT_PHDR 3
#define AT_PHENT 4
#define AT_PHNUM 5
#define AT_PAGESZ 6
#define AT_ENTRY 9
%define ET_DYN 3
#define ET_DYN 3
sub ecx, ecx
mov edx, (1<<AT_PHDR) | (1<<AT_PHENT) | (1<<AT_PHNUM) | (1<<AT_PAGESZ) | (1<<AT_ENTRY)
mov esi, esp
mov edi, esp
call do_auxv ; clear bits in edx according to existing auxv slots
call do_auxv // clear bits in edx according to existing auxv slots
mov esi, esp
L50:
shr edx, 1 ; Carry = bottom bit
sbb eax, eax ; -1 or 0
sub ecx, eax ; count of 1 bits that remained in edx
lea esp, [esp + sz_auxv * eax] ; allocate one auxv slot, if needed
shr edx, 1 // Carry = bottom bit
sbb eax, eax // -1 or 0
sub ecx, eax // count of 1 bits that remained in edx
lea esp, [esp + sz_auxv * eax] // allocate one auxv slot, if needed
test edx,edx
jne L50
mov edi, esp
call do_auxv ; move; fill new auxv slots with AT_IGNORE
call do_auxv // move; fill new auxv slots with AT_IGNORE
%define OVERHEAD 2048
%define MAX_ELF_HDR 512
#define OVERHEAD 2048
#define MAX_ELF_HDR 512
sub esp, dword MAX_ELF_HDR + OVERHEAD ; alloca
push ebx ; start of unmap region (&Elf32_Ehdr of this stub)
sub esp, MAX_ELF_HDR + OVERHEAD // alloca
push ebx // start of unmap region (&Elf32_Ehdr of this stub)
; Cannot pre-round .p_memsz because kernel requires PF_W to setup .bss,
; but strict SELinux (or PaX, grsecurity) prohibits PF_W with PF_X.
mov edx, [p_memsz + szElf32_Ehdr + ebx] ; phdr[0].p_memsz
lea edx, [-1 + 2*PAGE_SIZE + edx + ebx] ; 1 page for round, 1 for unfold
and edx, -PAGE_SIZE
// Cannot pre-round .p_memsz because kernel requires PF_W to setup .bss,
// but strict SELinux (or PaX, grsecurity) prohibits PF_W with PF_X.
mov edx, [p_memsz + szElf32_Ehdr + ebx] // phdr[0].p_memsz
lea edx, [-1 + 2*PAGE_SIZE + edx + ebx] // 1 page for round, 1 for unfold
and edx, 0-PAGE_SIZE
push edx ; end of unmap region
sub eax, eax ; 0
cmp word [e_type + ebx], byte ET_DYN
push edx // end of unmap region
sub eax, eax // 0
cmp word ptr [e_type + ebx], ET_DYN
jne L53
xchg eax, edx ; dynbase for ET_DYN; assumes mmap(0, ...) is placed after us!
xchg eax, edx // dynbase for ET_DYN; assumes mmap(0, ...) is placed after us!
L53:
push eax ; dynbase
push eax // dynbase
mov esi, [e_entry + ebx] ; end of compressed data
lea eax, [szElf32_Ehdr + 2*szElf32_Phdr + szl_info + szp_info + ebx] ; 1st &b_info
sub esi, eax ; length of compressed data
mov ebx, [ eax] ; length of uncompressed ELF headers
mov ecx, [4+ eax] ; length of compressed ELF headers
add ecx, byte szb_info
lea edx, [3*4 + esp] ; &tmp
pusha ; (AT_table, sz_cpr, f_expand, &tmp_ehdr, {sz_unc, &tmp}, {sz_cpr, &b1st_info} )
inc edi ; swap with above 'pusha' to inhibit auxv_up for PT_INTERP
EXTERN upx_main
call upx_main ; returns entry address
add esp, byte (8 +1)*4 ; remove 8 params from pusha, also dynbase
pop ecx ; end of unmap region
pop ebx ; start of unmap region (&Elf32_Ehdr of this stub)
add esp, dword MAX_ELF_HDR + OVERHEAD ; un-alloca
push eax ; save entry address
mov esi, [e_entry + ebx] // end of compressed data
lea eax, [szElf32_Ehdr + 2*szElf32_Phdr + szl_info + szp_info + ebx] // 1st &b_info
sub esi, eax // length of compressed data
mov ebx, [ eax] // length of uncompressed ELF headers
mov ecx, [4+ eax] // length of compressed ELF headers
add ecx, szb_info
lea edx, [3*4 + esp] // &tmp
pusha // (AT_table, sz_cpr, f_expand, &tmp_ehdr, {sz_unc, &tmp}, {sz_cpr, &b1st_info} )
inc edi // swap with above 'pusha' to inhibit auxv_up for PT_INTERP
.extern upx_main
call upx_main // returns entry address
add esp, (8 +1)*4 // remove 8 params from pusha, also dynbase
pop ecx // end of unmap region
pop ebx // start of unmap region (&Elf32_Ehdr of this stub)
add esp, MAX_ELF_HDR + OVERHEAD // un-alloca
push eax // save entry address
dec edi ; auxv table
sub eax,eax ; 0, also AT_NULL
db 0x3c ; "cmpb al, byte ..." like "jmp 1+L60" but 1 byte shorter
dec edi // auxv table
sub eax,eax // 0, also AT_NULL
.byte 0x3c // "cmpb al, byte ..." like "jmp 1+L60" but 1 byte shorter
L60:
scasd ; a_un.a_val etc.
scasd ; a_type
jne L60 ; not AT_NULL
; edi now points at [AT_NULL]a_un.a_ptr which contains result of make_hatch()
scasd // a_un.a_val etc.
scasd // a_type
jne L60 // not AT_NULL
// edi now points at [AT_NULL]a_un.a_ptr which contains result of make_hatch()
push eax
push eax
@ -146,67 +147,66 @@ L60:
push eax
push eax
push eax
push eax ; 32 bytes of zeroes now on stack, ready for 'popa'
push eax // 32 bytes of zeroes now on stack, ready for 'popa'
sub ecx, ebx ; length to unmap
mov al, __NR_munmap ; eax was 0 from L60
jmp [edi] ; unmap ourselves via escape hatch, then goto entry
sub ecx, ebx // length to unmap
mov al, __NR_munmap // eax was 0 from L60
jmp [edi] // unmap ourselves via escape hatch, then goto entry
; called twice:
; 1st with esi==edi, ecx=0, edx= bitmap of slots needed: just update edx.
; 2nd with esi!=edi, ecx= slot_count: move, then append AT_IGNORE slots
; entry: esi= src = &argc; edi= dst; ecx= # slots wanted; edx= bits wanted
; exit: edi= &auxtab; edx= bits still needed
// called twice:
// 1st with esi==edi, ecx=0, edx= bitmap of slots needed: just update edx.
// 2nd with esi!=edi, ecx= slot_count: move, then append AT_IGNORE slots
// entry: esi= src = &argc; edi= dst; ecx= # slots wanted; edx= bits wanted
// exit: edi= &auxtab; edx= bits still needed
do_auxv:
; cld
// cld
L10: ; move argc+argv
L10: // move argc+argv
lodsd
stosd
test eax,eax
jne L10
L20: ; move envp
L20: // move envp
lodsd
stosd
test eax,eax
jne L20
push edi ; return value
L30: ; process auxv
lodsd ; a_type
push edi // return value
L30: // process auxv
lodsd // a_type
stosd
cmp eax, byte 32
jae L32 ; prevent aliasing by 'btr' when 32<=a_type
btr edx, eax ; no longer need a slot of type eax [Carry only]
cmp eax, 32
jae L32 // prevent aliasing by 'btr' when 32<=a_type
btr edx, eax // no longer need a slot of type eax [Carry only]
L32:
test eax, eax ; AT_NULL ?
test eax, eax // AT_NULL ?
lodsd
stosd
jnz L30 ; a_type != AT_NULL
jnz L30 // a_type != AT_NULL
sub edi, byte 8 ; backup to AT_NULL
add ecx, ecx ; two words per auxv
inc eax ; convert 0 to AT_IGNORE
rep stosd ; allocate and fill
dec eax ; convert AT_IGNORE to AT_NULL
stosd ; re-terminate with AT_NULL
sub edi, 8 // backup to AT_NULL
add ecx, ecx // two words per auxv
inc eax // convert 0 to AT_IGNORE
rep stosd // allocate and fill
dec eax // convert AT_IGNORE to AT_NULL
stosd // re-terminate with AT_NULL
stosd
pop edi ; &auxtab
pop edi // &auxtab
ret
%define __NR_mmap 90
#define __NR_mmap 90
global mmap
mmap:
mmap: .globl mmap
push ebx
lea ebx, [2*4 + esp]
push byte __NR_mmap
push __NR_mmap
pop eax
int 0x80
pop ebx
ret
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

140
src/stub/src/i386-linux.elf.execve-entry.asm
View File

@ -1,3 +1,4 @@
/*
; l_lx_exec86.asm -- Linux program entry point & decompressor (kernel exec)
;
; This file is part of the UPX executable compressor.
@ -28,24 +29,23 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
#include "arch/i386/macros2.ash"
// CPU 386
BITS 32
SECTION .text
CPU 386
#define jmps jmp short
#define jmpn jmp near
%define jmps jmp short
%define jmpn jmp near
/*************************************************************************
// program entry point
// see glibc/sysdeps/i386/elf/start.S
**************************************************************************/
; /*************************************************************************
; // program entry point
; // see glibc/sysdeps/i386/elf/start.S
; **************************************************************************/
GLOBAL _start
;__LEXEC000__
_start:
;;;; int3
section LEXEC000
_start: .globl _start
//// int3
/*
;; How to debug this code: Uncomment the 'int3' breakpoint instruction above.
;; Build the stubs and upx. Compress a testcase, such as a copy of /bin/date.
;; Invoke gdb, and give a 'run' command. Define a single-step macro such as
@ -62,106 +62,104 @@ _start:
;; end
;; Step through the code; remember that <Enter> repeats the previous command.
;;
*/
%if 0
; personality(PER_LINUX)
mov eax, 136 ; syscall_personality
xor ebx, ebx ; PER_LINUX
#if 0
// personality(PER_LINUX)
mov eax, 136 // syscall_personality
xor ebx, ebx // PER_LINUX
int 0x80
%endif
#endif
call main ; push address of decompress subroutine
call main // push address of decompress subroutine
decompress:
; /*************************************************************************
; // C callable decompressor
; **************************************************************************/
// /*************************************************************************
// // C callable decompressor
// **************************************************************************/
; /* Offsets to parameters, allowing for {push + pusha + call} */
%define O_INP (4+ 8*4 +1*4)
%define O_INS (4+ 8*4 +2*4)
%define O_OUTP (4+ 8*4 +3*4)
%define O_OUTS (4+ 8*4 +4*4)
%define O_PARAM (4+ 8*4 +5*4)
// /* Offsets to parameters, allowing for {push + pusha + call} */
#define O_INP (4+ 8*4 +1*4)
#define O_INS (4+ 8*4 +2*4)
#define O_OUTP (4+ 8*4 +3*4)
#define O_OUTS (4+ 8*4 +4*4)
#define O_PARAM (4+ 8*4 +5*4)
%define INP dword [esp+O_INP]
%define INS dword [esp+O_INS]
%define OUTP dword [esp+O_OUTP]
%define OUTS dword [esp+O_OUTS]
%define PARM dword [esp+O_PARAM]
#define INP dword [esp+O_INP]
#define INS dword [esp+O_INS]
#define OUTP dword [esp+O_OUTP]
#define OUTS dword [esp+O_OUTS]
#define PARM dword [esp+O_PARAM]
;__LEXEC009__
mov eax, 'NMRU' ; free slot in following 'pusha'
;__LEXEC010__
section LEXEC009
mov eax, offset NMRU // free slot in following 'pusha'
section LEXEC010
pusha
push byte '?' ; cto8 (sign extension does not matter)
; cld
push '?' // cto8 (sign extension does not matter)
// cld
mov esi, INP
mov edi, OUTP
or ebp, byte -1
;;; align 8
// align 8
%include "arch/i386/nrv2b_d32.ash"
%include "arch/i386/nrv2d_d32.ash"
%include "arch/i386/nrv2e_d32.ash"
%include "arch/i386/lzma_d.ash"
%include "arch/i386/macros.ash"
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
#define db .byte
#include "arch/i386/lzma_d_2.ash"
#include "arch/i386/macros2.ash"
cjt32 0
;__LEXEC015__
; eax is 0 from decompressor code
;xor eax, eax ; return code
section LEXEC015
// eax is 0 from decompressor code
//xor eax, eax ; return code
; check compressed size
// check compressed size
mov edx, INP
add edx, INS
cmp edx, esi
jz .ok
dec eax
.ok:
xchg [8*4 + esp], eax ; store success/failure, fetch NMRU
xchg [8*4 + esp], eax // store success/failure, fetch NMRU
; write back the uncompressed size, and prepare for unfilter
// write back the uncompressed size, and prepare for unfilter
mov edx, OUTS
mov ecx, edi
mov edi, OUTP
sub ecx, edi ; ecx= uncompressed size
sub ecx, edi // ecx= uncompressed size
mov [edx], ecx
pop edx ; cto8
pop edx // cto8
;__LEXEC110__ Jcc and/or possible n_mru
push edi ; addvalue
push byte 0x0f
section LEXEC110 // Jcc and/or possible n_mru
push edi // addvalue
push 0x0f
pop ebx
mov bh, dl ; ebx= 0,,cto8,0x0F
mov bh, dl // ebx= 0,,cto8,0x0F
;__LEXEC100__ 0!=n_mru
xchg eax, ebx ; eax= ct08_0f; ebx= n_mru {or n_mru1}
section LEXEC100 // 0!=n_mru
xchg eax, ebx // eax= ct08_0f; ebx= n_mru {or n_mru1}
;;LEXEC016 bug in APP: jmp and target must be in same .asx
;; jmpn lxunf0 ; logically belongs here
section LEXEC016 // bug in APP: jmp and target must be in same .asx
//; jmpn lxunf0 ; logically belongs here
ctojr32
ckt32 edi, dl
;__LEXEC017__
section LEXEC017
popa
ret
;__LEXEC020__
section LEXEC020
main:
pop ebp ; &decompress
mov ebx, 0x401000 ; &Elf32_Ehdr of this program
;; fall into fold_begin
pop ebp // &decompress
mov ebx, 0x401000 // &Elf32_Ehdr of this program
//; fall into fold_begin
eof:
; __XTHEENDX__
section .data
dd -1
dw eof
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

55
src/stub/src/i386-linux.elf.execve-fold.asm
View File

@ -1,3 +1,4 @@
/*
; fold_exec86.asm -- linkage to C code to process Elf binary
;
; This file is part of the UPX executable compressor.
@ -26,47 +27,45 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
#include "arch/i386/macros2.ash"
// CPU 386
BITS 32
SECTION .text
CPU 386
// control just falls through, after this part and compiled C code
// are uncompressed.
;; control just falls through, after this part and compiled C code
;; are uncompressed.
#define szElf32_Ehdr 0x34
#define szElf32_Phdr 8*4
#define e_entry (16 + 2*2 + 4)
#define p_vaddr 2*4
#define p_memsz 5*4
#define szl_info 12
#define szp_info 12
%define szElf32_Ehdr 0x34
%define szElf32_Phdr 8*4
%define e_entry (16 + 2*2 + 4)
%define p_vaddr 2*4
%define p_memsz 5*4
%define szl_info 12
%define szp_info 12
fold_begin: // enter: %ebx= &Elf32_Ehdr of this program
fold_begin: ; enter: %ebx= &Elf32_Ehdr of this program
pop eax ; Pop the argument count
mov ecx, esp ; argv starts just at the current stack top
lea edx, [esp+eax*4+4] ; envp = &argv[argc + 1]
pop eax // Pop the argument count
mov ecx, esp // argv starts just at the current stack top
lea edx, [esp+eax*4+4] // envp = &argv[argc + 1]
mov edi, [ebx + e_entry]
lea esi, [ebx + szElf32_Ehdr + 2*szElf32_Phdr + szl_info]
sub edi, esi ; length
lea ebx, [2 + ebp] ; f_unfilter, maybe
pusha ; (cprLen, cprSrc, f_decpr, xx, f_unf, envp, argv, argc)
EXTERN upx_main
call upx_main ; Call the UPX main function
hlt ; Crash if somehow upx_main does return
sub edi, esi // length
lea ebx, [2 + ebp] // f_unfilter, maybe
pusha // (cprLen, cprSrc, f_decpr, xx, f_unf, envp, argv, argc)
.extern upx_main
call upx_main // Call the UPX main function
hlt // Crash if somehow upx_main does return
%define __NR_mmap 90
#define __NR_mmap 90
global mmap
mmap:
mmap: .globl mmap
push ebx
lea ebx, [2*4 + esp]
push byte __NR_mmap
push __NR_mmap
pop eax
int 0x80
pop ebx
ret
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

130
src/stub/src/i386-linux.elf.interp-entry.asm
View File

@ -1,3 +1,4 @@
/*
; l_lx_pti86.asm -- Linux separate ELF PT_INTERP
;
; This file is part of the UPX executable compressor.
@ -28,24 +29,20 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
#include "arch/i386/macros2.ash"
// CPU 386
BITS 32
SECTION .text
CPU 386
/*************************************************************************
// program entry point
// see glibc/sysdeps/i386/elf/start.S
**************************************************************************/
%define jmps jmp short
%define jmpn jmp near
; /*************************************************************************
; // program entry point
; // see glibc/sysdeps/i386/elf/start.S
; **************************************************************************/
GLOBAL _start
;__LXPTI000__
_start:
;;;; int3
section LXPTI000
_start: .globl _start
//// int3
/*
;; How to debug this code: Uncomment the 'int3' breakpoint instruction above.
;; Build the stubs and upx. Compress a testcase, such as a copy of /bin/date.
;; Invoke gdb, and give a 'run' command. Define a single-step macro such as
@ -62,12 +59,13 @@ _start:
;; end
;; Step through the code; remember that <Enter> repeats the previous command.
;;
call L200 ; push address of get_funf
*/
call L200 // push address of get_funf
get_funf:
cmp eax, byte 0x46
cmp eax, 0x46
mov ecx, unf46
je L110
cmp eax, byte 0x49
cmp eax, 0x49
mov ecx, unf49
je L110
L120:
@ -77,66 +75,67 @@ L110:
none:
ret
%define M_NRV2B_LE32 2
%define M_NRV2D_LE32 5
%define M_NRV2E_LE32 8
%define M_CL1B_LE32 11
%define M_LZMA 14
#define M_NRV2B_LE32 2
#define M_NRV2D_LE32 5
#define M_NRV2E_LE32 8
#define M_CL1B_LE32 11
#define M_LZMA 14
L200:
call L300 ; push address of get_fexp
call L300 // push address of get_fexp
get_fexp:
cmp eax, byte M_NRV2B_LE32
cmp eax, M_NRV2B_LE32
mov ecx, nrv2b
je L110
cmp eax, byte M_NRV2D_LE32
cmp eax, M_NRV2D_LE32
mov ecx, nrv2d
je L110
cmp eax, byte M_NRV2E_LE32
cmp eax, M_NRV2E_LE32
mov ecx, nrv2e
je L110
cmp eax, byte M_CL1B_LE32
cmp eax, M_CL1B_LE32
mov ecx, cl1b
je L110
jmpn L120
jmp L120
; /*************************************************************************
; // C callable decompressor
; **************************************************************************/
;__LXPTI040__
/*************************************************************************
// C callable decompressor
**************************************************************************/
section LXPTI040
nrv2b:
;__LXPTI041__
section LXPTI041
nrv2d:
;__LXPTI042__
section LXPTI042
nrv2e:
;__LXPTI043__
section LXPTI043
cl1b:
%define INP dword [esp+8*4+1*4]
%define INS dword [esp+8*4+2*4]
%define OUTP dword [esp+8*4+3*4]
%define OUTS dword [esp+8*4+4*4]
#define INP dword [esp+8*4+1*4]
#define INS dword [esp+8*4+2*4]
#define OUTP dword [esp+8*4+3*4]
#define OUTS dword [esp+8*4+4*4]
;__LXPTI050__
section LXPTI050
pusha
; cld
or ebp, byte -1
// cld
or ebp, -1
mov esi, INP
mov edi, OUTP
;;; align 8
// align 8
%include "arch/i386/nrv2b_d32.ash"
%include "arch/i386/nrv2d_d32.ash"
%include "arch/i386/nrv2e_d32.ash"
%include "arch/i386/cl1_d32.ash"
%include "arch/i386/lzma_d.ash"
;__LXPTI090__
jmpn exp_done
;__LXPTI091__
; eax is 0 from decompressor code
;xor eax, eax ; return code
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
#include "arch/i386/cl1_d32_2.ash"
#define db .byte
#include "arch/i386/lzma_d_2.ash"
section LXPTI090
jmp exp_done
section LXPTI091
// eax is 0 from decompressor code
//xor eax, eax ; return code
exp_done:
; check compressed size
// check compressed size
mov edx, INP
add edx, INS
cmp esi, edx
@ -144,7 +143,7 @@ exp_done:
dec eax
.ok:
; write back the uncompressed size
// write back the uncompressed size
sub edi, OUTP
mov edx, OUTS
mov [edx], edi
@ -153,18 +152,17 @@ exp_done:
popa
ret
%include "arch/i386/macros.ash"
cjt32 0
ctojr32
;__LXPTI140__
section LXPTI140
unf46:
;__LXPTI141__
section LXPTI141
unf49:
%define CTO8 dword [esp+8*4+3*4]
#define CTO8 dword ptr [esp+8*4+3*4]
;__LXPTI150__
section LXPTI150
pusha
mov edi,INP
mov ecx,INS
@ -172,18 +170,14 @@ unf49:
ckt32 edi, dl
;__LXPTI160__
section LXPTI160
popa
ret
;__LXPTI200__
section LXPTI200
L300:
eof:
; __XTHEENDX__
section .data
dd -1
dw eof
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

123
src/stub/src/i386-linux.elf.interp-fold.asm
View File

@ -1,3 +1,4 @@
/*
; fold_pti86.asm -- linkage to C code to act as ELF PT_INTERP
;
; This file is part of the UPX executable compressor.
@ -26,85 +27,84 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
#include "arch/i386/macros2.ash"
// CPU 386
BITS 32
SECTION .text
CPU 386
#define PAGE_SIZE ( 1<<12)
#define AT_NULL 0
#define AT_PHDR 3
%define PAGE_SIZE ( 1<<12)
#define szElf32_Ehdr 0x34
#define szElf32_Phdr 8*4
#define e_entry (16 + 2*2 + 4)
#define p_vaddr 2*4
#define p_memsz 5*4
#define szb_info 12
#define szl_info 12
#define szp_info 12
#define a_type 0
#define a_val 4
#define sz_auxv 8
%define AT_NULL 0
%define AT_PHDR 3
#define MAP_FIXED 0x10
#define MAP_PRIVATE 0x02
#define MAP_ANONYMOUS 0x20
#define PROT_READ 1
#define PROT_WRITE 2
#define PROT_EXEC 4
#define __NR_mmap 90
#define __NR_munmap 91
%define szElf32_Ehdr 0x34
%define szElf32_Phdr 8*4
%define e_entry (16 + 2*2 + 4)
%define p_vaddr 2*4
%define p_memsz 5*4
%define szb_info 12
%define szl_info 12
%define szp_info 12
%define a_type 0
%define a_val 4
%define sz_auxv 8
#define OVERHEAD 2048
#define MAX_ELF_HDR 512
%define MAP_FIXED 0x10
%define MAP_PRIVATE 0x02
%define MAP_ANONYMOUS 0x20
%define PROT_READ 1
%define PROT_WRITE 2
%define PROT_EXEC 4
%define __NR_mmap 90
%define __NR_munmap 91
pop ebp // get_fexp
pop ecx // get_funf
pop eax // argc
lea edi, [4+ 4*eax + esp] // &environ
push eax // argc
%define OVERHEAD 2048
%define MAX_ELF_HDR 512
pop ebp ; get_fexp
pop ecx ; get_funf
pop eax ; argc
lea edi, [4+ 4*eax + esp] ; &environ
push eax ; argc
sub eax,eax ; 0
sub eax,eax // 0
L310:
scasd
jne L310
scasd ; edi= &Elf32_auxv_t
scasd // edi= &Elf32_auxv_t
mov esi,edi
L320:
mov eax,[esi] ; a_type
cmp eax, byte AT_PHDR
mov eax,[esi] // a_type
cmp eax, AT_PHDR
je L330
add esi, byte sz_auxv
cmp eax, byte AT_NULL
add esi, sz_auxv
cmp eax, AT_NULL
jne L320
L330:
mov ebx,[a_val + esi]
push ebx ; save &Elf32_Phdr of compressed data
push ebx // save &Elf32_Phdr of compressed data
sub esp, dword MAX_ELF_HDR + OVERHEAD ; working storage
sub esp, MAX_ELF_HDR + OVERHEAD // working storage
mov edx, esp
push ecx ; get_funf 9th param to pti_main
lea eax, [2*szElf32_Phdr + szl_info + szp_info + ebx] ; 1st &b_info
mov esi, [e_entry + ebx] ; beyond compressed data
sub esi, eax ; length of compressed data
mov ebx, [ eax] ; length of uncompressed ELF headers
mov ecx, [4+ eax] ; length of compressed ELF headers
add ecx, byte szb_info
pusha ; (AT_table, sz_cpr, get_fexp, &tmp_ehdr, {sz_unc, &tmp}, {sz_cpr, &b1st_info} )
EXTERN pti_main
call pti_main ; returns entry address
add esp, dword 9*4 + MAX_ELF_HDR + OVERHEAD ; remove 9 params, temp space
pop ebx ; &Elf32_Phdr
push eax ; save entry address
push ecx // get_funf 9th param to pti_main
lea eax, [2*szElf32_Phdr + szl_info + szp_info + ebx] // 1st &b_info
mov esi, [e_entry + ebx] // beyond compressed data
sub esi, eax // length of compressed data
mov ebx, [ eax] // length of uncompressed ELF headers
mov ecx, [4+ eax] // length of compressed ELF headers
add ecx, szb_info
pusha // (AT_table, sz_cpr, get_fexp, &tmp_ehdr, {sz_unc, &tmp}, {sz_cpr, &b1st_info} )
.extern pti_main
call pti_main // returns entry address
add esp, 9*4 + MAX_ELF_HDR + OVERHEAD // remove 9 params, temp space
pop ebx // &Elf32_Phdr
push eax // save entry address
mov ecx,[p_memsz + ebx]
mov ebx,[p_vaddr + ebx]
mov eax,__NR_munmap
int 0x80 ; unmap compressed data
int 0x80 // unmap compressed data
sub eax,eax
sub ecx,ecx
@ -113,19 +113,18 @@ EXTERN pti_main
sub ebp,ebp
sub esi,esi
sub edi,edi
ret ; goto entry point
ret // goto entry point
%define __NR_mmap 90
#define __NR_mmap 90
global mmap
mmap:
mmap: .globl mmap
push ebx
lea ebx, [2*4 + esp]
push byte __NR_mmap
push __NR_mmap
pop eax
int 0x80
pop ebx
ret
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

140
src/stub/src/i386-linux.elf.shell-entry.asm
View File

@ -1,3 +1,4 @@
/*
; l_lx_sh86.asm -- Linux program entry point & decompressor (shell script)
;
; This file is part of the UPX executable compressor.
@ -28,21 +29,21 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
#include "arch/i386/macros2.ash"
BITS 32
SECTION .text
CPU 386
// CPU 386
; /*************************************************************************
; // program entry point
; // see glibc/sysdeps/i386/elf/start.S
; **************************************************************************/
/*************************************************************************
// program entry point
// see glibc/sysdeps/i386/elf/start.S
**************************************************************************/
GLOBAL _start
;__LEXEC000__
_start:
;;;; int3
section LEXEC000
_start: .globl _start
//// int3
/*
;; How to debug this code: Uncomment the 'int3' breakpoint instruction above.
;; Build the stubs and upx. Compress a testcase, such as a copy of /bin/date.
;; Invoke gdb, and give a 'run' command. Define a single-step macro such as
@ -59,42 +60,43 @@ _start:
;; end
;; Step through the code; remember that <Enter> repeats the previous command.
;;
*/
call main ; push address of decompress subroutine
call main // push address of decompress subroutine
decompress:
; /*************************************************************************
; // C callable decompressor
; **************************************************************************/
/*************************************************************************
// C callable decompressor
**************************************************************************/
%define INP dword [esp+8*4+4]
%define INS dword [esp+8*4+8]
%define OUTP dword [esp+8*4+12]
%define OUTS dword [esp+8*4+16]
#define INP dword [esp+8*4+4]
#define INS dword [esp+8*4+8]
#define OUTP dword [esp+8*4+12]
#define OUTS dword [esp+8*4+16]
;__LEXEC010__
section LEXEC010
pusha
; cld
mov esi, INP
mov edi, OUTP
or ebp, byte -1
;;; align 8
or ebp, -1
// .balign 8
%include "arch/i386/nrv2b_d32.ash"
%include "arch/i386/nrv2d_d32.ash"
%include "arch/i386/nrv2e_d32.ash"
%include "arch/i386/cl1_d32.ash"
%include "arch/i386/lzma_d.ash"
%include "arch/i386/macros.ash"
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
#include "arch/i386/cl1_d32_2.ash"
#define db .byte
#include "arch/i386/lzma_d_2.ash"
cjt32 0
;__LEXEC015__
; eax is 0 from decompressor code
;xor eax, eax ; return code
section LEXEC015
// eax is 0 from decompressor code
//xor eax, eax ; return code
; check compressed size
// check compressed size
mov edx, INP
add edx, INS
cmp esi, edx
@ -102,65 +104,61 @@ decompress:
dec eax
.ok:
; write back the uncompressed size
// write back the uncompressed size
sub edi, OUTP
mov edx, OUTS
mov [edx], edi
mov [7*4 + esp], eax
;__LEXEC017__
section LEXEC017
popa
ret
;__LEXEC020__
section LEXEC020
%define PAGE_SIZE ( 1<<12)
#define PAGE_SIZE ( 1<<12)
%define MAP_FIXED 0x10
%define MAP_PRIVATE 0x02
%define MAP_ANONYMOUS 0x20
%define PROT_READ 1
%define PROT_WRITE 2
%define PROT_EXEC 4
%define __NR_mmap 90
#define MAP_FIXED 0x10
#define MAP_PRIVATE 0x02
#define MAP_ANONYMOUS 0x20
#define PROT_READ 1
#define PROT_WRITE 2
#define PROT_EXEC 4
#define __NR_mmap 90
%define szElf32_Ehdr 0x34
%define szElf32_Phdr 8*4
%define e_entry (16 + 2*2 + 4)
%define p_memsz 5*4
%define szl_info 12
%define szp_info 12
%define p_filesize 4
#define szElf32_Ehdr 0x34
#define szElf32_Phdr 8*4
#define e_entry (16 + 2*2 + 4)
#define p_memsz 5*4
#define szl_info 12
#define szp_info 12
#define p_filesize 4
; Decompress the rest of this loader, and jump to it
// Decompress the rest of this loader, and jump to it
main:
pop ebp ; &decompress
mov eax,0x1400000 ; &Elf32_Ehdr of this stub
lea edx,[0x80 + szp_info + eax] ; &cprScript
add eax,[p_memsz + szElf32_Ehdr + eax] ; after .text
pop ebp // &decompress
mov eax,0x1400000 // &Elf32_Ehdr of this stub
lea edx,[0x80 + szp_info + eax] // &cprScript
add eax,[p_memsz + szElf32_Ehdr + eax] // after .text
add eax,PAGE_SIZE -1
and eax, -PAGE_SIZE ; round up to next page
and eax, 0-PAGE_SIZE // round up to next page
push byte 0
push byte -1
push byte MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
push byte PROT_READ | PROT_WRITE
push dword [edx] ; sz_unc length
push eax ; address
push 0
push -1
push MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS
push PROT_READ | PROT_WRITE
push dword ptr [edx] // sz_unc length
push eax // address
mov ebx,esp
push byte __NR_mmap
push __NR_mmap
pop eax
int 0x80
add esp, byte 6*4 ; remove arguments
add esp, 6*4 // remove arguments
lea ebx,[3+ eax] ; space for "-c"
; fall into fold [not compressed!]
lea ebx,[3+ eax] // space for "-c"
// fall into fold [not compressed!]
eof:
; __XTHEENDX__
section .data
dd -1
dw eof
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

170
src/stub/src/i386-linux.elf.shell-fold.asm
View File

@ -1,3 +1,4 @@
/*
; fold_sh86.asm -- Linux program entry point & decompressor (shell script)
;
; This file is part of the UPX executable compressor.
@ -28,151 +29,150 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
#include "arch/i386/macros2.ash"
BITS 32
SECTION .text
CPU 386
// CPU 386
%define PAGE_SIZE ( 1<<12)
%define szElf32_Ehdr 0x34
%define szElf32_Phdr 8*4
%define e_entry (16 + 2*2 + 4)
%define szl_info 12
%define szp_info 12
%define a_type 0
%define a_val 4
%define sz_auxv 8
#define PAGE_SIZE ( 1<<12)
#define szElf32_Ehdr 0x34
#define szElf32_Phdr 8*4
#define e_entry (16 + 2*2 + 4)
#define szl_info 12
#define szp_info 12
#define a_type 0
#define a_val 4
#define sz_auxv 8
fold_begin: ; In: %ebx= uncDst; edx= &b_info cprSrc; ebp = &decompress
fold_begin: // In: %ebx= uncDst; edx= &b_info cprSrc; ebp = &decompress
; Move argc,argv,envp down to make room for complete Elf_auxv table.
; Linux kernel 2.4.2 and earlier give only AT_HWCAP and AT_PLATFORM
; because we have no PT_INTERP. Linux kernel 2.4.5 (and later?)
; give not quite everything. It is simpler and smaller code for us
; to generate a "complete" table where Elf_auxv[k -1].a_type = k.
; ld-linux.so.2 depends on AT_PHDR and AT_ENTRY, for instance
// Move argc,argv,envp down to make room for complete Elf_auxv table.
// Linux kernel 2.4.2 and earlier give only AT_HWCAP and AT_PLATFORM
// because we have no PT_INTERP. Linux kernel 2.4.5 (and later?)
// give not quite everything. It is simpler and smaller code for us
// to generate a "complete" table where Elf_auxv[k -1].a_type = k.
// ld-linux.so.2 depends on AT_PHDR and AT_ENTRY, for instance
%define AT_NULL 0
%define AT_IGNORE 1
%define AT_PHDR 3
%define AT_NUMBER (5+ 37)
; 2002-11-09 glibc-2.2.90 AT_IGNOREPPC==22 plus 5 for future growth
; 2006-05-15 glibc-2.4-4 AT_L3_CACHESHAPE==37
#define AT_NULL 0
#define AT_IGNORE 1
#define AT_PHDR 3
#define AT_NUMBER (5+ 37)
// 2002-11-09 glibc-2.2.90 AT_IGNOREPPC==22 plus 5 for future growth
// 2006-05-15 glibc-2.4-4 AT_L3_CACHESHAPE==37
mov esi, esp
sub esp, sz_auxv * AT_NUMBER ; more than 128 bytes
sub esp, sz_auxv * AT_NUMBER // more than 128 bytes
mov edi, esp
do_auxv: ; entry: %esi=src = &argc; %edi=dst. exit: %edi= &AT_NULL
; cld
do_auxv: // entry: %esi=src = &argc; %edi=dst. exit: %edi= &AT_NULL
// cld
L10: ; move argc+argv
L10: // move argc+argv
lodsd
stosd
test eax,eax
jne L10
L20: ; move envp
L20: // move envp
lodsd
stosd
test eax,eax
jne L20
; complete Elf_auxv table full of AT_IGNORE
push edi ; save base of resulting table
inc eax ; convert 0 to AT_IGNORE
push byte 2 * (AT_NUMBER -1) ; less than 128
// complete Elf_auxv table full of AT_IGNORE
push edi // save base of resulting table
inc eax // convert 0 to AT_IGNORE
push 2 * (AT_NUMBER -1) // less than 128
pop ecx
rep stosd
dec eax ; convert AT_IGNORE into AT_NULL
stosd ; terminate Elf_auxv
dec eax // convert AT_IGNORE into AT_NULL
stosd // terminate Elf_auxv
stosd
pop edi ; base of resulting table
pop edi // base of resulting table
L30: ; distribute existing Elf32_auxv into new table
L30: // distribute existing Elf32_auxv into new table
lodsd
test eax,eax ; AT_NULL ?
xchg eax,ecx ; edx is busy, do not use
test eax,eax // AT_NULL ?
xchg eax,ecx // edx is busy, do not use
lodsd
je L40
cmp ecx, byte AT_NUMBER
cmp ecx, AT_NUMBER
jae L30
mov [a_type + sz_auxv*(ecx -1) + edi], ecx
mov [a_val + sz_auxv*(ecx -1) + edi], eax
jmp L30
L40:
%define OVERHEAD 2048
%define MAX_ELF_HDR 512
#define OVERHEAD 2048
#define MAX_ELF_HDR 512
sub esp, dword MAX_ELF_HDR + OVERHEAD
sub esp, MAX_ELF_HDR + OVERHEAD
xchg eax, ebx ; eax= uncDst
mov ecx, [ edx] ; sz_unc
mov ebx, [4+ edx] ; sz_cpr
mov esi, eax ; extra copy of uncDst
pusha ; (AT_table,uncDst,f_decpr,&ehdr,{sz_cpr,cprSrc},{sz_unc,uncDst})
EXTERN upx_main
call upx_main ; entry = upx_main(...)
pop ecx ; junk
push eax ; save entry address
popa ; edi= entry address; esi= uncDst
add esp, dword MAX_ELF_HDR + OVERHEAD ; remove temp space
xchg eax, ebx // eax= uncDst
mov ecx, [ edx] // sz_unc
mov ebx, [4+ edx] // sz_cpr
mov esi, eax // extra copy of uncDst
pusha // (AT_table,uncDst,f_decpr,&ehdr,{sz_cpr,cprSrc},{sz_unc,uncDst})
.extern upx_main
call upx_main // entry = upx_main(...)
pop ecx // junk
push eax // save entry address
popa // edi= entry address; esi= uncDst
add esp, MAX_ELF_HDR + OVERHEAD // remove temp space
pop ecx ; argc
pop edx ; $0 filename, to become argv[0]
push edx ; restore $0 filename
pop ecx // argc
pop edx // $0 filename, to become argv[0]
push edx // restore $0 filename
inc ecx
push esi ; &uncompressed shell script
sub esi, byte 3
push esi // &uncompressed shell script
sub esi, 3
mov [esi], word 0x632d ; "-c"
mov word ptr [esi], 0x632d // "-c"
inc ecx
push esi ; &"-c"
push esi // &"-c"
inc ecx
push edx ; argv[0] is duplicate of $0
push edx // argv[0] is duplicate of $0
push ecx ; new argc
push edi ; save entry address
push ecx // new argc
push edi // save entry address
; _dl_start and company (ld-linux.so.2) assumes that it has virgin stack,
; and does not initialize all its stack local variables to zero.
; Ulrich Drepper (drepper@cyngus.com) has refused to fix the bugs.
; See GNU wwwgnats libc/1165 .
// _dl_start and company (ld-linux.so.2) assumes that it has virgin stack,
// and does not initialize all its stack local variables to zero.
// Ulrich Drepper (drepper@cyngus.com) has refused to fix the bugs.
// See GNU wwwgnats libc/1165 .
%define N_STKCLR (0x100 + MAX_ELF_HDR + OVERHEAD)/4
#define N_STKCLR (0x100 + MAX_ELF_HDR + OVERHEAD)/4
lea edi, [esp - 4*N_STKCLR]
pusha ; values will be zeroed
mov ebx,esp ; save
mov esp,edi ; Linux does not grow stack below esp
pusha // values will be zeroed
mov ebx,esp // save
mov esp,edi // Linux does not grow stack below esp
mov ecx, N_STKCLR
xor eax,eax
rep stosd
mov esp,ebx ; restore
mov esp,ebx // restore
; Because the decompressed shell script occupies low memory anyway,
; there isn't much payback to unmapping the compressed script and
; ourselves the stub. We would need a place to put the escape hatch
; "int $0x80; popa; ret", and some kernels do not allow execution
; on the stack. So, we would have to dirty a page of the shell
; or of /lib/ld-linux.so. It's simpler just to omit the unmapping.
// Because the decompressed shell script occupies low memory anyway,
// there isn't much payback to unmapping the compressed script and
// ourselves the stub. We would need a place to put the escape hatch
// "int $0x80; popa; ret", and some kernels do not allow execution
// on the stack. So, we would have to dirty a page of the shell
// or of /lib/ld-linux.so. It's simpler just to omit the unmapping.
popa
ret
%define __NR_mmap 90
#define __NR_mmap 90
global mmap
mmap:
mmap: .globl mmap
push ebx
lea ebx, [2*4 + esp]
push byte __NR_mmap
push __NR_mmap
pop eax
int 0x80
pop ebx
ret
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

14
src/stub/src/i386-linux.kernel.vmlinux.asm
View File

@ -30,7 +30,7 @@
; <jreiser@users.sourceforge.net>
*/
#include "arch/i386/macros2.ash"
#include "arch/i386/macros2.ash"
/*
; =============
@ -62,11 +62,11 @@ section LXMOVEUP
// ============= DECOMPRESSION
// =============
//#include "arch/i386/nrv2b_d32.ash"
//#include "arch/i386/nrv2d_d32.ash"
//#include "arch/i386/nrv2e_d32.ash"
#include "arch/i386/nrv2e_d32_2.ash"
//#include "arch/i386/lzma_d.ash"
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
#define db .byte
#include "arch/i386/lzma_d_2.ash"
// =============
// ============= UNFILTER
@ -130,6 +130,6 @@ move_up:
or ebp, -1 // decompressor assumption
jmp eax // enter moved decompressor
#include "include/header2.ash"
#include "include/header2.ash"
// vi:ts=8:et:nowrap

12
src/stub/src/i386-linux.kernel.vmlinuz.asm
View File

@ -28,7 +28,7 @@
*/
#include "arch/i386/macros2.ash"
#include "arch/i386/macros2.ash"
// =============
// ============= ENTRY POINT
@ -118,11 +118,11 @@ section LZCUTPOI
// ============= DECOMPRESSION
// =============
//#include "arch/i386/nrv2b_d32.ash"
//#include "arch/i386/nrv2d_d32.ash"
//#include "arch/i386/nrv2e_d32.ash"
#include "arch/i386/nrv2e_d32_2.ash"
//#include "arch/i386/lzma_d.ash"
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
#define db .byte
#include "arch/i386/lzma_d_2.ash"
// =============
// ============= UNFILTER

304
src/stub/src/i386-openbsd.elf-fold.asm
View File

@ -1,3 +1,4 @@
/*
; i386-openbsd.elf-fold.asm -- linkage to C code to process Elf binary
;
; This file is part of the UPX executable compressor.
@ -26,262 +27,249 @@
; John F. Reiser
; <jreiser@users.sourceforge.net>
;
*/
#include "arch/i386/macros2.ash"
#define PAGE_SIZE ( 1<<12)
#define szElf32_Ehdr 0x34
#define szElf32_Phdr 8*4
#define e_type 16
#define e_entry (16 + 2*2 + 4)
#define p_memsz 5*4
#define sznote 0x18
#define szb_info 12
#define szl_info 12
#define szp_info 12
#define a_type 0
#define a_val 4
#define sz_auxv 8
BITS 32
SECTION .text
CPU 386
#define __NR_munmap 73
%define PAGE_SIZE ( 1<<12)
%define szElf32_Ehdr 0x34
%define szElf32_Phdr 8*4
%define e_type 16
%define e_entry (16 + 2*2 + 4)
%define p_memsz 5*4
%define sznote 0x18
%define szb_info 12
%define szl_info 12
%define szp_info 12
%define a_type 0
%define a_val 4
%define sz_auxv 8
// control just falls through, after this part and compiled C code
// are uncompressed.
%define __NR_munmap 73
fold_begin: // enter: %ebx= &Elf32_Ehdr of this program
// patchLoader will modify to be
// dword sz_uncompressed, sz_compressed
// byte compressed_data...
;; control just falls through, after this part and compiled C code
;; are uncompressed.
// ld-linux.so.2 depends on AT_PHDR and AT_ENTRY, for instance.
// Move argc,argv,envp down to make room for Elf_auxv table.
// Linux kernel 2.4.2 and earlier give only AT_HWCAP and AT_PLATFORM
// because we have no PT_INTERP. Linux kernel 2.4.5 (and later?)
// give not quite everything. It is simpler and smaller code for us
// to generate a "complete" table where Elf_auxv[k -1].a_type = k.
// On second thought, that wastes a lot of stack space (the entire kernel
// auxv, plus those slots that remain empty anyway). So try for minimal
// space on stack, without too much code, by doing it serially.
fold_begin: ; enter: %ebx= &Elf32_Ehdr of this program
; patchLoader will modify to be
; dword sz_uncompressed, sz_compressed
; byte compressed_data...
#define AT_NULL 0
#define AT_IGNORE 1
#define AT_PHDR 3
#define AT_PHENT 4
#define AT_PHNUM 5
#define AT_PAGESZ 6
#define AT_BASE 7
#define AT_ENTRY 9
; ld-linux.so.2 depends on AT_PHDR and AT_ENTRY, for instance.
; Move argc,argv,envp down to make room for Elf_auxv table.
; Linux kernel 2.4.2 and earlier give only AT_HWCAP and AT_PLATFORM
; because we have no PT_INTERP. Linux kernel 2.4.5 (and later?)
; give not quite everything. It is simpler and smaller code for us
; to generate a "complete" table where Elf_auxv[k -1].a_type = k.
; On second thought, that wastes a lot of stack space (the entire kernel
; auxv, plus those slots that remain empty anyway). So try for minimal
; space on stack, without too much code, by doing it serially.
%define AT_NULL 0
%define AT_IGNORE 1
%define AT_PHDR 3
%define AT_PHENT 4
%define AT_PHNUM 5
%define AT_PAGESZ 6
%define AT_BASE 7
%define AT_ENTRY 9
%define ET_DYN 3
#define ET_DYN 3
sub ecx, ecx
mov edx, (1<<AT_PHDR) | (1<<AT_PHENT) | (1<<AT_PHNUM) | (1<<AT_PAGESZ) | (1<<AT_BASE) | (1<<AT_ENTRY)
mov esi, esp
mov edi, esp
call do_auxv ; clear bits in edx according to existing auxv slots
call do_auxv // clear bits in edx according to existing auxv slots
mov esi, esp
L50:
shr edx, 1 ; Carry = bottom bit
sbb eax, eax ; -1 or 0
sub ecx, eax ; count of 1 bits that remained in edx
lea esp, [esp + sz_auxv * eax] ; allocate one auxv slot, if needed
shr edx, 1 // Carry = bottom bit
sbb eax, eax // -1 or 0
sub ecx, eax // count of 1 bits that remained in edx
lea esp, [esp + sz_auxv * eax] // allocate one auxv slot, if needed
test edx,edx
jne L50
mov edi, esp
call do_auxv ; move; fill new auxv slots with AT_IGNORE
call do_auxv // move; fill new auxv slots with AT_IGNORE
%define OVERHEAD 2048
%define MAX_ELF_HDR 512
#define OVERHEAD 2048
#define MAX_ELF_HDR 512
sub esp, dword MAX_ELF_HDR + OVERHEAD ; alloca
push ebx ; start of unmap region (&Elf32_Ehdr of this stub)
sub esp, MAX_ELF_HDR + OVERHEAD // alloca
push ebx // start of unmap region (&Elf32_Ehdr of this stub)
; Cannot pre-round .p_memsz because kernel requires PF_W to setup .bss,
; but strict SELinux (or PaX, grsecurity) prohibits PF_W with PF_X.
mov edx, [p_memsz + szElf32_Ehdr + ebx] ; phdr[0].p_memsz
lea edx, [-1 + 2*PAGE_SIZE + edx + ebx] ; 1 page for round, 1 for unfold
and edx, -PAGE_SIZE
// Cannot pre-round .p_memsz because kernel requires PF_W to setup .bss,
// but strict SELinux (or PaX, grsecurity) prohibits PF_W with PF_X.
mov edx, [p_memsz + szElf32_Ehdr + ebx] // phdr[0].p_memsz
lea edx, [-1 + 2*PAGE_SIZE + edx + ebx] // 1 page for round, 1 for unfold
and edx, 0-PAGE_SIZE
push edx ; end of unmap region
sub eax, eax ; 0
cmp word [e_type + ebx], byte ET_DYN
push edx // end of unmap region
sub eax, eax // 0
cmp word ptr [e_type + ebx], ET_DYN
jne L53
xchg eax, edx ; dynbase for ET_DYN; assumes mmap(0, ...) is placed after us!
xchg eax, edx // dynbase for ET_DYN; assumes mmap(0, ...) is placed after us!
L53:
push eax ; dynbase
push eax // dynbase
mov esi, [e_entry + ebx] ; end of compressed data
lea eax, [szElf32_Ehdr + 3*szElf32_Phdr + sznote + szl_info + szp_info + ebx] ; 1st &b_info
sub esi, eax ; length of compressed data
mov ebx, [ eax] ; length of uncompressed ELF headers
mov ecx, [4+ eax] ; length of compressed ELF headers
add ecx, byte szb_info
lea edx, [3*4 + esp] ; &tmp
pusha ; (AT_table, sz_cpr, f_expand, &tmp_ehdr, {sz_unc, &tmp}, {sz_cpr, &b1st_info} )
inc edi ; swap with above 'pusha' to inhibit auxv_up for PT_INTERP
EXTERN upx_main
call upx_main ; returns entry address
add esp, byte (8 +1)*4 ; remove 8 params from pusha, also dynbase
pop ecx ; end of unmap region
pop ebx ; start of unmap region (&Elf32_Ehdr of this stub)
add esp, dword MAX_ELF_HDR + OVERHEAD ; un-alloca
mov esi, [e_entry + ebx] // end of compressed data
lea eax, [szElf32_Ehdr + 3*szElf32_Phdr + sznote + szl_info + szp_info + ebx] // 1st &b_info
sub esi, eax // length of compressed data
mov ebx, [ eax] // length of uncompressed ELF headers
mov ecx, [4+ eax] // length of compressed ELF headers
add ecx, szb_info
lea edx, [3*4 + esp] // &tmp
pusha // (AT_table, sz_cpr, f_expand, &tmp_ehdr, {sz_unc, &tmp}, {sz_cpr, &b1st_info} )
inc edi // swap with above 'pusha' to inhibit auxv_up for PT_INTERP
.extern upx_main
call upx_main // returns entry address
add esp, (8 +1)*4 // remove 8 params from pusha, also dynbase
pop ecx // end of unmap region
pop ebx // start of unmap region (&Elf32_Ehdr of this stub)
add esp, MAX_ELF_HDR + OVERHEAD // un-alloca
push eax ; save entry address as ret.addr
push byte 0 ; 'leave' uses this to clear ebp
mov ebp,esp ; frame
push eax // save entry address as ret.addr
push 0 // 'leave' uses this to clear ebp
mov ebp,esp // frame
sub ecx, ebx
sub eax,eax ; 0, also AT_NULL
push ecx ; length to unmap
push ebx ; start of unmap region (&Elf32_Ehdr of this stub)
push eax ; fake ret.addr
sub eax,eax // 0, also AT_NULL
push ecx // length to unmap
push ebx // start of unmap region (&Elf32_Ehdr of this stub)
push eax // fake ret.addr
dec edi ; auxv table
db 0x3c ; "cmpb al, byte ..." like "jmp 1+L60" but 1 byte shorter
dec edi // auxv table
.byte 0x3c // "cmpb al, ..." like "jmp 1+L60" but 1 byte shorter
L60:
scasd ; a_un.a_val etc.
scasd ; a_type
jne L60 ; not AT_NULL
; edi now points at [AT_NULL]a_un.a_ptr which contains result of make_hatch()
push dword [edi] ; &escape hatch
scasd // a_un.a_val etc.
scasd // a_type
jne L60 // not AT_NULL
// edi now points at [AT_NULL]a_un.a_ptr which contains result of make_hatch()
push dword ptr [edi] // &escape hatch
xor edi,edi
xor esi,esi
xor edx,edx
xor ecx,ecx
xor ebx,ebx
mov al, __NR_munmap ; eax was 0 from L60
ret ; goto escape hatch: int 0x80; leave; ret
mov al, __NR_munmap // eax was 0 from L60
ret // goto escape hatch: int 0x80; leave; ret
; called twice:
; 1st with esi==edi, ecx=0, edx= bitmap of slots needed: just update edx.
; 2nd with esi!=edi, ecx= slot_count: move, then append AT_IGNORE slots
; entry: esi= src = &argc; edi= dst; ecx= # slots wanted; edx= bits wanted
; exit: edi= &auxtab; edx= bits still needed
// called twice:
// 1st with esi==edi, ecx=0, edx= bitmap of slots needed: just update edx.
// 2nd with esi!=edi, ecx= slot_count: move, then append AT_IGNORE slots
// entry: esi= src = &argc; edi= dst; ecx= # slots wanted; edx= bits wanted
// exit: edi= &auxtab; edx= bits still needed
do_auxv:
; cld
// cld
L10: ; move argc+argv
L10: // move argc+argv
lodsd
stosd
test eax,eax
jne L10
L20: ; move envp
L20: // move envp
lodsd
stosd
test eax,eax
jne L20
push edi ; return value
L30: ; process auxv
lodsd ; a_type
push edi // return value
L30: // process auxv
lodsd // a_type
stosd
cmp eax, byte 32
jae L32 ; prevent aliasing by 'btr' when 32<=a_type
btr edx, eax ; no longer need a slot of type eax [Carry only]
cmp eax, 32
jae L32 // prevent aliasing by 'btr' when 32<=a_type
btr edx, eax // no longer need a slot of type eax [Carry only]
L32:
test eax, eax ; AT_NULL ?
test eax, eax // AT_NULL ?
lodsd
stosd
jnz L30 ; a_type != AT_NULL
jnz L30 // a_type != AT_NULL
sub edi, byte 8 ; backup to AT_NULL
add ecx, ecx ; two words per auxv
inc eax ; convert 0 to AT_IGNORE
rep stosd ; allocate and fill
dec eax ; convert AT_IGNORE to AT_NULL
stosd ; re-terminate with AT_NULL
sub edi, 8 // backup to AT_NULL
add ecx, ecx // two words per auxv
inc eax // convert 0 to AT_IGNORE
rep stosd // allocate and fill
dec eax // convert AT_IGNORE to AT_NULL
stosd // re-terminate with AT_NULL
stosd
pop edi ; &auxtab
pop edi // &auxtab
ret
%define __NR_mmap 197
%define __NR_syscall 198
#define __NR_mmap 197
#define __NR_syscall 198
global mmap
mmap:
mmap: .globl mmap
push ebp
mov ebp,esp
xor eax,eax ; 0
push eax ; convert to 64-bit
push dword [7*4+ebp] ; offset
push eax ; pad
push dword [6*4+ebp] ; fd
push dword [5*4+ebp] ; flags
push dword [4*4+ebp] ; prot
push dword [3*4+ebp] ; len
push dword [2*4+ebp] ; addr
push eax ; current thread
xor eax,eax // 0
push eax // convert to 64-bit
push dword ptr [7*4+ebp] // offset
push eax // pad
push dword ptr [6*4+ebp] // fd
push dword ptr [5*4+ebp] // flags
push dword ptr [4*4+ebp] // prot
push dword ptr [3*4+ebp] // len
push dword ptr [2*4+ebp] // addr
push eax // current thread
mov al,__NR_mmap
push eax
push eax ; fake ret.addr
push eax // fake ret.addr
mov al,__NR_syscall
int 0x80
leave
ret
global brk
brk:
brk: .globl brk
ret
global bkpt
bkpt:
bkpt: .globl bkpt
int3
ret
%define __NR_exit 1
%define __NR_read 3
%define __NR_write 4
%define __NR_open 5
%define __NR_close 6
%define __NR_munmap 73
%define __NR_mprotect 74
#define __NR_exit 1
#define __NR_read 3
#define __NR_write 4
#define __NR_open 5
#define __NR_close 6
#define __NR_munmap 73
#define __NR_mprotect 74
global exit
exit:
exit: .globl exit
mov al,__NR_exit
nf_sysgo:
movzx eax,al
int 0x80
ret
global read
read:
read: .globl read
mov al,__NR_read
jmp nf_sysgo
global write
write:
write: .globl write
mov al,__NR_write
jmp nf_sysgo
global open
open:
open: .globl open
mov al,__NR_open
jmp nf_sysgo
global close
close:
close: .globl close
mov al,__NR_close
jmp nf_sysgo
global munmap
munmap:
munmap: .globl munmap
mov al,__NR_munmap
jmp nf_sysgo
global mprotect
mprotect:
mprotect: .globl mprotect
mov al,__NR_mprotect
jmp nf_sysgo
; vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

12
src/stub/src/i386-win32.pe.asm
View File

@ -28,7 +28,7 @@
*/
#define UPX102 1
#include "arch/i386/macros2.ash"
#include "arch/i386/macros2.ash"
CPU 386
@ -57,11 +57,11 @@ section PEMAIN02
// ============= DECOMPRESSION
// =============
//#include "arch/i386/nrv2b_d32.ash"
//#include "arch/i386/nrv2d_d32.ash"
//#include "arch/i386/nrv2e_d32.ash"
#include "arch/i386/nrv2e_d32_2.ash"
//#include "arch/i386/lzma_d.ash"
#include "arch/i386/nrv2b_d32_2.ash"
#include "arch/i386/nrv2d_d32_2.ash"
#include "arch/i386/nrv2e_d32_2.ash"
#define db .byte
#include "arch/i386/lzma_d_2.ash"
// =============
section PEMAIN10

8
src/util.h
View File

@ -124,6 +124,14 @@ int upx_tolower(int c);
#endif
class nocopy
{
nocopy(const nocopy &); // undefined
nocopy& operator=(const nocopy &); // undefined
public:
inline nocopy() {}
};
#endif /* already included */