jory/upx
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

TLS handling updated to v2, ASLR fix in unpacking

Browse Source
This commit is contained in:
Stefan Widmann 2010-08-13 17:44:21 +02:00
parent 25902005f6
commit 1d8cb47830
6 changed files with 1981 additions and 1954 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/p_w32pe.cpp
View File

@ -123,6 +123,7 @@ PackW32Pe::PackW32Pe(InputFile *f) : super(f)
isrtm = false; isrtm = false;
use_dep_hack = true; use_dep_hack = true;
use_clear_dirty_stack = true; use_clear_dirty_stack = true;
use_tls_callbacks = false;
} }
@ -200,8 +201,6 @@ void PackW32Pe::processTls(Interval *iv) // pass 1
const tls * const tlsp = (const tls*) (ibuf + IDADDR(PEDIR_TLS)); const tls * const tlsp = (const tls*) (ibuf + IDADDR(PEDIR_TLS));
use_tls_callbacks = false; //NEW - Stefan Widmann
// note: TLS callbacks are not implemented in Windows 95/98/ME // note: TLS callbacks are not implemented in Windows 95/98/ME
if (tlsp->callbacks) if (tlsp->callbacks)
{ {
@ -218,7 +217,7 @@ void PackW32Pe::processTls(Interval *iv) // pass 1
//fprintf(stderr, "TLS callbacks: 0x%0x -> 0x%0x\n", (int)tlsp->callbacks, v); //fprintf(stderr, "TLS callbacks: 0x%0x -> 0x%0x\n", (int)tlsp->callbacks, v);
throwCantPack("TLS callbacks are not supported"); throwCantPack("TLS callbacks are not supported");
} }
#endif #endif
if(v != 0) if(v != 0)
{ {
//count number of callbacks, just for information string - Stefan Widmann //count number of callbacks, just for information string - Stefan Widmann
@ -299,6 +298,14 @@ void PackW32Pe::processTls(Reloc *rel,const Interval *iv,unsigned newaddr) // pa
//NEW: if we have TLS callbacks to handle, we create a pointer to the new callback chain - Stefan Widmann //NEW: if we have TLS callbacks to handle, we create a pointer to the new callback chain - Stefan Widmann
tlsp->callbacks = (use_tls_callbacks ? newaddr + sotls + ih.imagebase - 8 : 0); tlsp->callbacks = (use_tls_callbacks ? newaddr + sotls + ih.imagebase - 8 : 0);
if(use_tls_callbacks)
{
//set handler offset
set_le32(otls + sotls - 8, tls_handler_offset + ih.imagebase);
//add relocation for TLS handler offset
rel->add(newaddr + sotls - 8, 3);
}
} }
/************************************************************************* /*************************************************************************
@ -839,11 +846,11 @@ void PackW32Pe::pack(OutputFile *fo)
} }
} }
//remove certificate directory entry //remove certificate directory entry
if (IDSIZE(PEDIR_SEC)) if (IDSIZE(PEDIR_SEC))
IDSIZE(PEDIR_SEC) = IDADDR(PEDIR_SEC) = 0; IDSIZE(PEDIR_SEC) = IDADDR(PEDIR_SEC) = 0;
//check CLR Runtime Header directory entry //check CLR Runtime Header directory entry
if (IDSIZE(PEDIR_COMRT)) if (IDSIZE(PEDIR_COMRT))
throwCantPack(".NET files (win32/.net) are not yet supported"); throwCantPack(".NET files (win32/.net) are not yet supported");
@ -871,7 +878,7 @@ void PackW32Pe::pack(OutputFile *fo)
#if 0 //subsystem check moved to switch ... case above - Stefan Widmann #if 0 //subsystem check moved to switch ... case above - Stefan Widmann
if (!opt->force && ih.subsystem == 1) if (!opt->force && ih.subsystem == 1)
throwCantPack("subsystem 'native' is not supported (try --force)"); throwCantPack("subsystem 'native' is not supported (try --force)");
#endif #endif
if (ih.filealign < 0x200) if (ih.filealign < 0x200)
throwCantPack("filealign < 0x200 is not yet supported"); throwCantPack("filealign < 0x200 is not yet supported");
@ -1135,8 +1142,8 @@ void PackW32Pe::pack(OutputFile *fo)
if(use_tls_callbacks) if(use_tls_callbacks)
{ {
//esi is ih.imagebase + rvamin //esi is ih.imagebase + rvamin
linker->defineSymbol("tls_callbacks_ptr", tlscb_ptr - (ih.imagebase + rvamin)); linker->defineSymbol("tls_callbacks_ptr", tlscb_ptr);
linker->defineSymbol("tls_callbacks_off", ic + sotls - 8 - rvamin); //linker->defineSymbol("tls_callbacks_off", ic + sotls - 8 - rvamin);
linker->defineSymbol("tls_module_base", 0u - rvamin); linker->defineSymbol("tls_module_base", 0u - rvamin);
} }
@ -1172,6 +1179,11 @@ void PackW32Pe::pack(OutputFile *fo)
// tls & loadconf are put into section 1 // tls & loadconf are put into section 1
//ic = s1addr + s1size - sotls - soloadconf; //ATTENTION: moved upwards to TLS callback handling - Stefan Widmann //ic = s1addr + s1size - sotls - soloadconf; //ATTENTION: moved upwards to TLS callback handling - Stefan Widmann
//get address of TLS callback handler
tls_handler_offset = linker->getSymbolOffset("PETLSC2");
//add relocation entry for TLS callback handler
rel.add(tls_handler_offset + 4, 3);
processTls(&rel,&tlsiv,ic); processTls(&rel,&tlsiv,ic);
ODADDR(PEDIR_TLS) = sotls ? ic : 0; ODADDR(PEDIR_TLS) = sotls ? ic : 0;
ODSIZE(PEDIR_TLS) = sotls ? 0x18 : 0; ODSIZE(PEDIR_TLS) = sotls ? 0x18 : 0;

6
src/p_w32pe.h
View File

@ -63,15 +63,15 @@ protected:
virtual void processTls(Interval *); //NEW: TLS callback handling - Stefan Widmann virtual void processTls(Interval *); //NEW: TLS callback handling - Stefan Widmann
void processTls(Reloc *, const Interval *, unsigned); //NEW: TLS callback handling - Stefan Widmann void processTls(Reloc *, const Interval *, unsigned); //NEW: TLS callback handling - Stefan Widmann
void processLoadConf(Reloc *, const Interval *, unsigned); void processLoadConf(Reloc *, const Interval *, unsigned);
void processLoadConf(Interval *); void processLoadConf(Interval *);
upx_byte *oloadconf; upx_byte *oloadconf;
unsigned soloadconf; unsigned soloadconf;
unsigned tlscb_ptr; //NEW: TLS callback handling - Stefan Widmann unsigned tlscb_ptr; //NEW: TLS callback handling - Stefan Widmann
//unsigned tlscb_off; //NEW: TLS callback handling - Stefan Widmann unsigned tls_handler_offset;
bool isrtm; bool isrtm;
bool use_dep_hack; bool use_dep_hack;
bool use_clear_dirty_stack; bool use_clear_dirty_stack;

4
src/pefile.cpp
View File

@ -1751,6 +1751,10 @@ void PeFile::unpack(OutputFile *fo)
oh.headersize = rvamin; oh.headersize = rvamin;
oh.chksum = 0; oh.chksum = 0;
//NEW: disable reloc stripping if ASLR is enabled
if(ih.dllflags & IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE)
opt->win32_pe.strip_relocs = false;
// FIXME: ih.flags is checked here because of a bug in UPX 0.92 // FIXME: ih.flags is checked here because of a bug in UPX 0.92
if ((opt->win32_pe.strip_relocs && !isdll) || (ih.flags & RELOCS_STRIPPED)) if ((opt->win32_pe.strip_relocs && !isdll) || (ih.flags & RELOCS_STRIPPED))
{ {

3272
src/stub/i386-win32.pe.h
View File

File diff suppressed because it is too large Load Diff

598
src/stub/src/i386-win32.pe.S
View File

@ -1,300 +1,298 @@
/* /*
; i386-win32.pe.S -- loader & decompressor for the w32/pe format ; i386-win32.pe.S -- loader & decompressor for the w32/pe format
; ;
; This file is part of the UPX executable compressor. ; This file is part of the UPX executable compressor.
; ;
; Copyright (C) 1996-2010 Markus Franz Xaver Johannes Oberhumer ; Copyright (C) 1996-2010 Markus Franz Xaver Johannes Oberhumer
; Copyright (C) 1996-2010 Laszlo Molnar ; Copyright (C) 1996-2010 Laszlo Molnar
; All Rights Reserved. ; All Rights Reserved.
; ;
; UPX and the UCL library are free software; you can redistribute them ; UPX and the UCL library are free software; you can redistribute them
; and/or modify them under the terms of the GNU General Public License as ; and/or modify them under the terms of the GNU General Public License as
; published by the Free Software Foundation; either version 2 of ; published by the Free Software Foundation; either version 2 of
; the License, or (at your option) any later version. ; the License, or (at your option) any later version.
; ;
; This program is distributed in the hope that it will be useful, ; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of ; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details. ; GNU General Public License for more details.
; ;
; You should have received a copy of the GNU General Public License ; You should have received a copy of the GNU General Public License
; along with this program; see the file COPYING. ; along with this program; see the file COPYING.
; If not, write to the Free Software Foundation, Inc., ; If not, write to the Free Software Foundation, Inc.,
; 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ; 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
; ;
; Markus F.X.J. Oberhumer Laszlo Molnar ; Markus F.X.J. Oberhumer Laszlo Molnar
; <markus@oberhumer.com> <ml1050@users.sourceforge.net> ; <markus@oberhumer.com> <ml1050@users.sourceforge.net>
; ;
*/ */
#define UPX102 1 #define UPX102 1
#include "arch/i386/macros.S" #include "arch/i386/macros.S"
// ============= // =============
// ============= ENTRY POINT // ============= ENTRY POINT
// ============= // =============
section PEISDLL1 section PEISDLL1
cmpb [esp + 8], 1 cmpb [esp + 8], 1
jnz reloc_end_jmp jnz reloc_end_jmp
section PEMAIN01 section PEMAIN01
pusha pusha
mov esi, offset start_of_compressed // relocated mov esi, offset start_of_compressed // relocated
lea edi, [esi + start_of_uncompressed] lea edi, [esi + start_of_uncompressed]
section PEICONS1 section PEICONS1
incw [edi + icon_offset] incw [edi + icon_offset]
section PEICONS2 section PEICONS2
addw [edi + icon_offset], offset icon_delta addw [edi + icon_offset], offset icon_delta
section PETLSHAK section PETLSHAK
mov dword ptr [edi + tls_address], offset tls_value mov dword ptr [edi + tls_address], offset tls_value
section PEMAIN02 section PEMAIN02
push edi push edi
section PEMAIN03 section PEMAIN03
or ebp, -1 or ebp, -1
// ============= // =============
// ============= DECOMPRESSION // ============= DECOMPRESSION
// ============= // =============
#include "arch/i386/nrv2b_d32.S" #include "arch/i386/nrv2b_d32.S"
#include "arch/i386/nrv2d_d32.S" #include "arch/i386/nrv2d_d32.S"
#include "arch/i386/nrv2e_d32.S" #include "arch/i386/nrv2e_d32.S"
#include "arch/i386/lzma_d.S" #include "arch/i386/lzma_d.S"
// ============= // =============
section PEMAIN10 section PEMAIN10
pop esi // load vaddr pop esi // load vaddr
// ============= // =============
// ============= CALLTRICK // ============= CALLTRICK
// ============= // =============
section PECTTPOS section PECTTPOS
lea edi, [esi + filter_buffer_start] lea edi, [esi + filter_buffer_start]
section PECTTNUL section PECTTNUL
mov edi, esi mov edi, esi
cjt32 esi cjt32 esi
section ctok32.00 section ctok32.00
mov ecx, offset filter_length mov ecx, offset filter_length
ctok32 esi, (offset filter_cto) ctok32 esi, (offset filter_cto)
// ============= // =============
// ============= IMPORTS // ============= IMPORTS
// ============= // =============
section PEIMPORT section PEIMPORT
lea edi, [esi + compressed_imports] lea edi, [esi + compressed_imports]
next_dll: next_dll:
mov eax, [edi] mov eax, [edi]
or eax, eax or eax, eax
jzs imports_done jzs imports_done
mov ebx, [edi+4] // iat mov ebx, [edi+4] // iat
lea eax, [eax + esi + start_of_imports] lea eax, [eax + esi + start_of_imports]
add ebx, esi add ebx, esi
push eax push eax
add edi, 8 add edi, 8
call [esi + LoadLibraryA] call [esi + LoadLibraryA]
xchg eax, ebp xchg eax, ebp
next_func: next_func:
mov al, [edi] mov al, [edi]
inc edi inc edi
or al, al or al, al
jz next_dll jz next_dll
mov ecx, edi // something > 0 mov ecx, edi // something > 0
section PEIBYORD section PEIBYORD
jnss byname jnss byname
section PEK32ORD section PEK32ORD
jpe not_kernel32 jpe not_kernel32
mov eax, [edi] mov eax, [edi]
add edi, 4 add edi, 4
mov eax, [eax + esi + kernel32_ordinals] mov eax, [eax + esi + kernel32_ordinals]
jmps next_imp jmps next_imp
not_kernel32: not_kernel32:
section PEIMORD1 section PEIMORD1
movzxw eax, word ptr [edi] //new: "word ptr" - Stefan Widmann movzxw eax, word ptr [edi]
inc edi inc edi
push eax push eax
inc edi inc edi
.byte 0xb9 // mov ecx,xxxx .byte 0xb9 // mov ecx,xxxx
byname: byname:
section PEIMPOR2 section PEIMPOR2
push edi push edi
dec eax dec eax
repne repne
scasb scasb
push ebp push ebp
call [esi + GetProcAddress] call [esi + GetProcAddress]
or eax, eax or eax, eax
jz imp_failed jz imp_failed
next_imp: next_imp:
mov [ebx], eax mov [ebx], eax
add ebx, 4 add ebx, 4
jmps next_func jmps next_func
imp_failed: imp_failed:
section PEIERDLL section PEIERDLL
popa popa
xor eax, eax xor eax, eax
ret 0x0c ret 0x0c
section PEIEREXE section PEIEREXE
call [esi + ExitProcess] call [esi + ExitProcess]
section PEIMDONE section PEIMDONE
imports_done: imports_done:
// ============= // =============
// ============= RELOCATION // ============= RELOCATION
// ============= // =============
section PERELOC1 section PERELOC1
lea edi, [esi + start_of_relocs] lea edi, [esi + start_of_relocs]
section PERELOC2 section PERELOC2
add edi, 4 add edi, 4
section PERELOC3 section PERELOC3
lea ebx, [esi - 4] lea ebx, [esi - 4]
reloc32 edi, ebx, esi reloc32 edi, ebx, esi
// ============= // =============
// FIXME: depends on that in PERELOC1 edi is set!! // FIXME: depends on that in PERELOC1 edi is set!!
section PERLOHI0 section PERLOHI0
xchg edi, esi xchg edi, esi
lea ecx, [edi + reloc_delt] lea ecx, [edi + reloc_delt]
section PERELLO0 section PERELLO0
.byte 0xA9 .byte 0xA9
rello0: rello0:
add [edi + eax], cx add [edi + eax], cx
lodsd lodsd
or eax, eax or eax, eax
jnz rello0 jnz rello0
// ============= // =============
section PERELHI0 section PERELHI0
shr ecx, 16 shr ecx, 16
.byte 0xA9 .byte 0xA9
relhi0: relhi0:
add [edi + eax], cx add [edi + eax], cx
lodsd lodsd
or eax, eax or eax, eax
jnz relhi0 jnz relhi0
// ============= // =============
section PEDEPHAK section PEDEPHAK
mov ebp, [esi + VirtualProtect] mov ebp, [esi + VirtualProtect]
lea edi, [esi + vp_base] lea edi, [esi + vp_base]
mov ebx, offset vp_size // 0x1000 or 0x2000 mov ebx, offset vp_size // 0x1000 or 0x2000
push eax // provide 4 bytes stack push eax // provide 4 bytes stack
push esp // &lpflOldProtect on stack push esp // &lpflOldProtect on stack
push 4 // PAGE_READWRITE push 4 // PAGE_READWRITE
push ebx push ebx
push edi push edi
call ebp //VirtualProtect call ebp //VirtualProtect
#if 0 #if 0
or eax, eax or eax, eax
jz pedep9 // VirtualProtect failed jz pedep9 // VirtualProtect failed
#endif #endif
lea eax, [edi + swri] lea eax, [edi + swri]
andb [eax], 0x7f // marks UPX0 non writeable andb [eax], 0x7f // marks UPX0 non writeable
andb [eax + 0x28], 0x7f // marks UPX1 non writeable andb [eax + 0x28], 0x7f // marks UPX1 non writeable
#if 0 #if 0
push esp push esp
push 2 // PAGE_READONLY push 2 // PAGE_READONLY
#else #else
pop eax pop eax
push eax push eax
push esp push esp
push eax // restore protection push eax // restore protection
#endif #endif
push ebx push ebx
push edi push edi
call ebp //;VirtualProtect call ebp //;VirtualProtect
pedep9: pedep9:
pop eax //;restore stack pop eax //;restore stack
//;NEW: TLS callback support - Stefan Widmann //;NEW: TLS callback support - Stefan Widmann
section PETLSC section PETLSC
lea ebx, [esi + tls_module_base] //;load module base to ebx lea ebx, [esi + tls_module_base] //;load module base to ebx
lea eax, [esi + tls_callbacks_ptr] //;load pointer to original callback chain lea edi, [ebx + tls_handler_start + 1] //;load offset of handler
lea edi, [ebx + tls_handler_start] //;load offset of handler push edi
push edi //;remove jump from TLS handler entry (overwrite displacement)
inc edi //;pointer to original TLS callback chain is to be saved to handler + 2 xor eax, eax
inc edi stosb
stosd pop ecx
pop eax dec ecx
lea edi, [esi + tls_callbacks_off] //;get ptr to first TLS callback entry //;emulate callbacks like PE loader would have done
stosd //;save the handler ptr to the TLS callback chain push eax //;0 - reserved
//;emulate callbacks like PE loader would have done push 1 //;DLL_PROCESS_ATTACH
push 0 //;reserved push ebx //;module base alias module handle alias hInstance alias ...
push 1 //;DLL_PROCESS_ATTACH call ecx //;contains ptr to callback handler
push ebx //;module base alias module handle alias hInstance alias ...
call eax //;contains ptr to callback handler section PEMAIN20
popa
section PEMAIN20
popa // clear the dirty stack
.macro clearstack128 tmp_reg
// clear the dirty stack local loop
.macro clearstack128 tmp_reg lea \tmp_reg, [esp - 128]
local loop loop:
lea \tmp_reg, [esp - 128] push 0
loop: cmp esp, \tmp_reg
push 0 jnzs loop
cmp esp, \tmp_reg sub esp, -128
jnzs loop .endm
sub esp, -128
.endm section CLEARSTACK
clearstack128 eax
section CLEARSTACK
clearstack128 eax section PEMAIN21
reloc_end_jmp:
section PEMAIN21
reloc_end_jmp: section PERETURN
xor eax, eax
section PERETURN inc eax
xor eax, eax ret 0x0C
inc eax section PEDOJUMP
ret 0x0C jmp original_entry
section PEDOJUMP
jmp original_entry section PETLSC2
//;TLS_CALLBACK(hModule, reason, reserved)
section PETLSC2 tls_handler_start:
//;TLS_CALLBACK(hModule, reason, reserved) jmp end_of_tls_handler //;this jump is patched to EB 00 (jmp $+2) by stub
tls_handler_start: push esi
push esi mov esi, offset tls_callbacks_ptr //;must be relocated
.byte 0xBE //mov esi, XXXXXXXX cld //;you never know, this code gets called by the PE loader
tlsc_chain_ptr: walk_tlsc_chain2:
.byte 0, 0, 0, 0 lodsd
cld //;you never know, this code gets called by the PE loader test eax, eax
walk_tlsc_chain2: jz done_callbacks
lodsd //;copy the stack frame, 3 arguments
test eax, eax push 3
jz done_callbacks pop ecx
//;copy the stack frame, 3 arguments push_loop:
push 3 push dword ptr [esp + 0x10] //;4 bytes
pop ecx loop push_loop
push_loop: call eax
push dword ptr [esp + 0x10] //;4 bytes jmp walk_tlsc_chain2
loop push_loop done_callbacks:
call eax pop esi
jmp walk_tlsc_chain2 end_of_tls_handler:
done_callbacks: ret 0x0C
pop esi
ret 0x0C // =============
// ============= CUT HERE
// ============= // =============
// ============= CUT HERE
// ============= #include "include/header.S"
#include "include/header.S" // vi:ts=8:et:nowrap
// vi:ts=8:et:nowrap

27
src/stub/tmp/i386-win32.pe.bin.dump
View File

@ -115,12 +115,14 @@ Idx Name Size VMA LMA File off Algn Flags
110 PERELLO0 0000000a 00000000 00000000 00001a5a 2**0 CONTENTS, READONLY 110 PERELLO0 0000000a 00000000 00000000 00001a5a 2**0 CONTENTS, READONLY
111 PERELHI0 0000000d 00000000 00000000 00001a64 2**0 CONTENTS, READONLY 111 PERELHI0 0000000d 00000000 00000000 00001a64 2**0 CONTENTS, READONLY
112 PEDEPHAK 0000002f 00000000 00000000 00001a71 2**0 CONTENTS, RELOC, READONLY 112 PEDEPHAK 0000002f 00000000 00000000 00001a71 2**0 CONTENTS, RELOC, READONLY
113 PEMAIN20 00000001 00000000 00000000 00001aa0 2**0 CONTENTS, READONLY 113 PETLSC 00000018 00000000 00000000 00001aa0 2**0 CONTENTS, RELOC, READONLY
114 CLEARSTACK 0000000d 00000000 00000000 00001aa1 2**0 CONTENTS, READONLY 114 PEMAIN20 00000001 00000000 00000000 00001ab8 2**0 CONTENTS, READONLY
115 PEMAIN21 00000000 00000000 00000000 00001aae 2**0 CONTENTS, READONLY 115 CLEARSTACK 0000000d 00000000 00000000 00001ab9 2**0 CONTENTS, READONLY
116 PERETURN 00000006 00000000 00000000 00001aae 2**0 CONTENTS, READONLY 116 PEMAIN21 00000000 00000000 00000000 00001ac6 2**0 CONTENTS, READONLY
117 PEDOJUMP 00000005 00000000 00000000 00001ab4 2**0 CONTENTS, RELOC, READONLY 117 PERETURN 00000006 00000000 00000000 00001ac6 2**0 CONTENTS, READONLY
118 UPX1HEAD 00000020 00000000 00000000 00001ab9 2**0 CONTENTS, READONLY 118 PEDOJUMP 00000005 00000000 00000000 00001acc 2**0 CONTENTS, RELOC, READONLY
119 PETLSC2 0000001f 00000000 00000000 00001ad1 2**0 CONTENTS, RELOC, READONLY
120 UPX1HEAD 00000020 00000000 00000000 00001af0 2**0 CONTENTS, READONLY
SYMBOL TABLE: SYMBOL TABLE:
00000000 l d N2BSMA10 00000000 N2BSMA10 00000000 l d N2BSMA10 00000000 N2BSMA10
00000000 l d N2BFAS11 00000000 N2BFAS11 00000000 l d N2BFAS11 00000000 N2BFAS11
@ -161,6 +163,7 @@ SYMBOL TABLE:
00000000 l d RELOC320 00000000 RELOC320 00000000 l d RELOC320 00000000 RELOC320
00000000 l d RELOC32J 00000000 RELOC32J 00000000 l d RELOC32J 00000000 RELOC32J
00000000 l d PEMAIN21 00000000 PEMAIN21 00000000 l d PEMAIN21 00000000 PEMAIN21
00000000 l d PETLSC2 00000000 PETLSC2
00000000 l d PEISDLL1 00000000 PEISDLL1 00000000 l d PEISDLL1 00000000 PEISDLL1
00000000 l d PEMAIN01 00000000 PEMAIN01 00000000 l d PEMAIN01 00000000 PEMAIN01
00000000 l d PEICONS1 00000000 PEICONS1 00000000 l d PEICONS1 00000000 PEICONS1
@ -236,6 +239,7 @@ SYMBOL TABLE:
00000000 l d PERELLO0 00000000 PERELLO0 00000000 l d PERELLO0 00000000 PERELLO0
00000000 l d PERELHI0 00000000 PERELHI0 00000000 l d PERELHI0 00000000 PERELHI0
00000000 l d PEDEPHAK 00000000 PEDEPHAK 00000000 l d PEDEPHAK 00000000 PEDEPHAK
00000000 l d PETLSC 00000000 PETLSC
00000000 l d PEMAIN20 00000000 PEMAIN20 00000000 l d PEMAIN20 00000000 PEMAIN20
00000000 l d CLEARSTACK 00000000 CLEARSTACK 00000000 l d CLEARSTACK 00000000 CLEARSTACK
00000000 l d PERETURN 00000000 PERETURN 00000000 l d PERETURN 00000000 PERETURN
@ -266,7 +270,9 @@ SYMBOL TABLE:
00000000 *UND* 00000000 vp_base 00000000 *UND* 00000000 vp_base
00000000 *UND* 00000000 vp_size 00000000 *UND* 00000000 vp_size
00000000 *UND* 00000000 swri 00000000 *UND* 00000000 swri
00000000 *UND* 00000000 tls_module_base
00000000 *UND* 00000000 original_entry 00000000 *UND* 00000000 original_entry
00000000 *UND* 00000000 tls_callbacks_ptr
RELOCATION RECORDS FOR [PEISDLL1]: RELOCATION RECORDS FOR [PEISDLL1]:
OFFSET TYPE VALUE OFFSET TYPE VALUE
@ -565,6 +571,15 @@ OFFSET TYPE VALUE
0000000d R_386_32 vp_size 0000000d R_386_32 vp_size
0000001b R_386_32 swri 0000001b R_386_32 swri
RELOCATION RECORDS FOR [PETLSC]:
OFFSET TYPE VALUE
00000002 R_386_32 tls_module_base
00000008 R_386_32 PETLSC2
RELOCATION RECORDS FOR [PEDOJUMP]: RELOCATION RECORDS FOR [PEDOJUMP]:
OFFSET TYPE VALUE OFFSET TYPE VALUE
00000001 R_386_PC32 original_entry 00000001 R_386_PC32 original_entry
RELOCATION RECORDS FOR [PETLSC2]:
OFFSET TYPE VALUE
00000004 R_386_32 tls_callbacks_ptr