diff --git a/src/stub/Makefile b/src/stub/Makefile index ce1eb6b8..ec0c7209 100644 --- a/src/stub/Makefile +++ b/src/stub/Makefile @@ -32,7 +32,7 @@ top_srcdir = ../.. # These are the files we want to create. STUBS = \ - l_armpe.h \ + l_armpea.h l_armpet.h \ l_com.h \ l_djgpp2.h stubify.h \ l_exe.h \ @@ -226,10 +226,8 @@ GCC_AMD64 += -Wall -W -Wcast-align -Wcast-qual -Wwrite-strings -Werror GCC_ARM := arm-9tdmi-linux-gnu-gcc -march=armv4 -nostdinc -MMD GCC_ARM += -Wall -W -Wcast-align -Wcast-qual -Wwrite-strings -Werror -GCC_ARM_T := $(GCC_ARM) -march=armv4t -mthumb-interwork -mthumb -LD_ARM := arm-9tdmi-linux-gnu-ld +GCC_ARM_T := $(GCC_ARM) -march=armv4t OBJCOPY_ARM := arm-9tdmi-linux-gnu-objcopy -BIN2H_WINCE := perl -ne 'print "db\t", join(",", map { sprintf "%\#02x", $$_ } unpack("C*", $$_)), "\n"' # /*********************************************************************** @@ -555,37 +553,15 @@ upxd: l_lx_sep.o l_lx_sep86.asm $(STRIPELF_LINUX_I386) $@ $(BRANDELF) $@ -l_armpe.h: l_armpe.asx l_armpe_s.S l_armpe_c.c arm_nrv2e_d8.S arm_nrv2b_d8.S armv4_n2e_d8.S $(MAKEFILE_LIST) - $(GCC_ARM_T) -c l_armpe_s.S arm_nrv2e_d8.S arm_nrv2b_d8.S - $(GCC_ARM_T) -Os -c l_armpe_c.c -DUCL_DECOMPRESS=thumb_nrv2e_d8 - $(LD_ARM) -o l_armpe_txe.out l_armpe_s.o l_armpe_c.o arm_nrv2e_d8.o - $(OBJCOPY_ARM) --only-section .text -O binary l_armpe_txe.out l_armpe_txe.bin - $(BIN2H_WINCE) l_armpe_txe.ah - $(GCC_ARM_T) -Os -c l_armpe_c.c -DUCL_DECOMPRESS=go_thumb_n2b - $(LD_ARM) -o l_armpe_txb.out l_armpe_s.o l_armpe_c.o arm_nrv2b_d8.o - $(OBJCOPY_ARM) --only-section .text -O binary l_armpe_txb.out l_armpe_txb.bin - $(BIN2H_WINCE) l_armpe_txb.ah - $(GCC_ARM_T) -DSTUB_FOR_DLL -c l_armpe_s.S - $(GCC_ARM_T) -DSTUB_FOR_DLL -Os -c l_armpe_c.c -DUCL_DECOMPRESS=thumb_nrv2e_d8 - $(LD_ARM) -o l_armpe_tde.out l_armpe_s.o l_armpe_c.o arm_nrv2e_d8.o - $(OBJCOPY_ARM) --only-section .text -O binary l_armpe_tde.out l_armpe_tde.bin - $(BIN2H_WINCE) l_armpe_tde.ah - $(GCC_ARM_T) -DSTUB_FOR_DLL -Os -c l_armpe_c.c -DUCL_DECOMPRESS=go_thumb_n2b - $(LD_ARM) -o l_armpe_tdb.out l_armpe_s.o l_armpe_c.o arm_nrv2b_d8.o - $(OBJCOPY_ARM) --only-section .text -O binary l_armpe_tdb.out l_armpe_tdb.bin - $(BIN2H_WINCE) l_armpe_tdb.ah - $(GCC_ARM) -Os -c l_armpe_c.c -DUCL_DECOMPRESS=ucl_nrv2e_decompress_8 - $(GCC_ARM) -c armv4_n2e_d8.S l_armpe_s.S - $(LD_ARM) -o l_armpe_axe.out l_armpe_s.o l_armpe_c.o armv4_n2e_d8.o - $(OBJCOPY_ARM) --only-section .text -O binary l_armpe_axe.out l_armpe_axe.bin - $(BIN2H_WINCE) l_armpe_axe.ah - $(GCC_ARM) -DSTUB_FOR_DLL -Os -c l_armpe_c.c -DUCL_DECOMPRESS=ucl_nrv2e_decompress_8 - $(GCC_ARM) -DSTUB_FOR_DLL -c l_armpe_s.S - $(LD_ARM) -o l_armpe_ade.out l_armpe_s.o l_armpe_c.o armv4_n2e_d8.o - $(OBJCOPY_ARM) --only-section .text -O binary l_armpe_ade.out l_armpe_ade.bin - $(BIN2H_WINCE) l_armpe_ade.ah - $(NASM) -f bin -o $T.bin $< - $(BIN2H) $T.bin nrv_loader $@ +l_armpea.h: l_armpea.S armv4_n2e_d8.S $(MAKEFILE_LIST) + $(GCC_ARM) $T.S -o $T.out -nostdlib + $(OBJCOPY_ARM) --only-section .text -O binary $T.out $T.bin + $(BIN2H) $T.bin nrv_loader_arm $@ + +l_armpet.h: l_armpet.S arm_nrv2e_d8.S arm_nrv2b_d8.S $(MAKEFILE_LIST) + $(GCC_ARM_T) $T.S -o $T.out -nostdlib + $(OBJCOPY_ARM) --only-section .text -O binary $T.out $T.bin + $(BIN2H) $T.bin nrv_loader_thumb $@ # /*********************************************************************** # // dependencies diff --git a/src/stub/l_armpea.S b/src/stub/l_armpea.S index 1d106b6e..13cab594 100644 --- a/src/stub/l_armpea.S +++ b/src/stub/l_armpea.S @@ -77,31 +77,30 @@ SECT(DllStart): bne .Lstart_orig SECT(ExeStart): - stmfd sp!, {r0 - r9, lr} + stmfd sp!, {r0 - r11, lr} DINIT adr r3, SRC0 ldmia r3!, {r0, r1, r2} @ r0=src0, r1=slen, r2=dst0, r3=addr dstl + ldmia r3, {r4, r10, r11} @ r10=LoadLibraryW, r11=GetProcAddressA mov dst0, r2 - DDUMP (#'0') bl ProcessAll mov r0, #4 bl CacheSync - ldmia sp!, {r0 - r9, lr} + ldmia sp!, {r0 - r11, lr} DDONE .Lstart_orig: ldr pc, ENTR CacheSync: - ldr r3, CSYN - ldr pc, [r3] + ldr pc, IATT + 8 SRC0: .ascii "SRC0" @ start of compressed data SRCL: .ascii "SRCL" @ compressed length DST0: .ascii "DST0" @ start of uncompressed data DSTL: .ascii "DSTL" @ uncompressed length +IATT: .ascii "IATT"; .long 0, 0, 0 @ import address table ENTR: .ascii "ENTR" @ original entry point -CSYN: .ascii "CSYN" @ pointer to CacheSync @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ -110,6 +109,7 @@ writefile: stmfd sp!, {r4, r5, r6, r7, lr} mov r1, dst0 sub r2, r8, r1 + add r2, r2, #4096+2048 mov r3, #2 sub sp, sp, #24 mov r4, #0 @@ -331,17 +331,13 @@ get_le32: @ optimized for size mov pc, lr LoadLibraryW: - ldr r3, LLIB - ldr pc, [r3] + mov pc, r10 GetProcAddressA: - ldr r3, GETP - ldr pc, [r3] + mov pc, r11 BIMP: .ascii "BIMP" @ start of import data ONAM: .ascii "ONAM" @ start of dll names -GETP: .ascii "GETP" @ pointer to GetProcAddressA -LLIB: .ascii "LOAD" @ pointer to LoadLibraryW .Lhi_end: add sp, sp, #bufsize diff --git a/src/stub/l_armpea.h b/src/stub/l_armpea.h index 3d52789c..c3c19f9f 100644 --- a/src/stub/l_armpea.h +++ b/src/stub/l_armpea.h @@ -1,4 +1,4 @@ -/* l_armpea.h -- created from l_armpea.bin, 960 (0x3c0) bytes +/* l_armpea.h -- created from l_armpea.bin, 956 (0x3bc) bytes This file is part of the UPX executable compressor. @@ -27,69 +27,69 @@ */ -#define NRV_LOADER_ARM_SIZE 960 -#define NRV_LOADER_ARM_ADLER32 0xc8c97d99 -#define NRV_LOADER_ARM_CRC32 0x464b0667 +#define NRV_LOADER_ARM_SIZE 956 +#define NRV_LOADER_ARM_ADLER32 0x244b77fa +#define NRV_LOADER_ARM_CRC32 0x734be74f -unsigned char nrv_loader_arm[960] = { - 1, 0, 81,227, 7, 0, 0, 26,255, 67, 45,233, 32, 48,143,226, /* 0x 0 */ - 7, 0,179,232, 2,144,160,225, 11, 0, 0,235, 4, 0,160,227, /* 0x 10 */ - 1, 0, 0,235,255, 67,189,232, 20,240,159,229, 20, 48,159,229, /* 0x 20 */ - 0,240,147,229, 83, 82, 67, 48, 83, 82, 67, 76, 68, 83, 84, 48, /* 0x 30 */ - 68, 83, 84, 76, 69, 78, 84, 82, 67, 83, 89, 78, 0, 64, 45,233, /* 0x 40 */ - 0,128,189,232, 64, 0,159,229, 0, 32,160,227, 60,192,159,229, /* 0x 50 */ - 12, 0, 80,225, 14, 0, 0, 10, 3, 48,208,229, 15, 48, 3,226, /* 0x 60 */ - 11, 0, 83,227, 5, 0, 0, 26, 0, 48,144,229,255, 20, 3,226, /* 0x 70 */ - 2, 48, 67,224,255, 52,195,227, 1, 48,131,225, 0, 48,128,229, /* 0x 80 */ - 4, 0,128,226, 1, 32,130,226,240,255,255,234, 70, 73, 66, 83, /* 0x 90 */ - 70, 73, 66, 69, 84, 16,159,229, 4, 0, 73,226, 1, 48,209,228, /* 0x a0 */ - 0, 0, 83,227, 18, 0, 0, 10,240, 0, 83,227,240,192,195, 35, /* 0x b0 */ - 1, 48,209, 37, 12,196,131, 32, 2, 48,209, 36, 12, 52,131, 32, /* 0x c0 */ - 3, 0,128,224, 0, 48,208,229, 12,196,131,224, 1, 48,208,229, /* 0x d0 */ - 12,196,131,224, 2, 48,208,229, 12,196,131,224, 3, 48,208,229, /* 0x e0 */ - 12,196,131,224, 9,192,140,224, 0,192,128,229,234,255,255,234, /* 0x f0 */ - 66, 82, 69, 76, 2,219, 77,226,172, 64,159,229, 4, 0,160,225, /* 0x 100 */ - 30, 0, 0,235, 44, 0, 0, 10,160, 16,159,229, 1, 0,128,224, /* 0x 110 */ - 13, 16,160,225, 1, 32,208,228,178, 32,193,224, 0, 0, 82,227, /* 0x 120 */ -251,255,255, 26, 13, 0,160,225, 27, 0, 0,235, 0, 96,160,225, /* 0x 130 */ - 4, 0,132,226, 17, 0, 0,235, 0, 80,137,224, 8, 64,132,226, /* 0x 140 */ - 1, 0,212,228, 1, 0, 80,227,235,255,255, 74, 4, 0, 0, 26, /* 0x 150 */ - 4, 16,160,225, 1, 0,212,228, 0, 0, 80,227,252,255,255, 26, /* 0x 160 */ - 2, 0, 0,234, 1, 0,212,228, 1, 16,212,228, 1, 20,128,224, /* 0x 170 */ - 6, 0,160,225, 10, 0, 0,235, 4, 0,133,228,239,255,255,234, /* 0x 180 */ - 3, 32,160,227, 2, 48,208,231, 1, 32, 82,226, 1, 20,131,224, /* 0x 190 */ -251,255,255, 90, 1, 0,176,225, 14,240,160,225, 20, 48,159,229, /* 0x 1a0 */ - 0,240,147,229, 8, 48,159,229, 0,240,147,229, 66, 73, 77, 80, /* 0x 1b0 */ - 79, 78, 65, 77, 71, 69, 84, 80, 76, 79, 65, 68, 2,219,141,226, /* 0x 1c0 */ -252, 64, 45,233, 0,112,129,224, 0, 80,224,227, 2, 65,160,227, /* 0x 1d0 */ - 10, 0, 0,234, 24, 0,189,232, 7, 0, 64,224, 3, 32, 66,224, /* 0x 1e0 */ - 0, 32,132,229,240,128,189,232, 1, 64,208,228, 4, 64,164,224, /* 0x 1f0 */ - 4, 76,176,225, 14,240,160,225, 1, 48,208,228, 1, 48,194,228, /* 0x 200 */ - 4, 64,148,224,247,255,255, 11,250,255,255, 42, 1, 16,160,227, /* 0x 210 */ - 3, 0, 0,234, 1, 16, 65,226, 4, 64,148,224,241,255,255, 11, /* 0x 220 */ - 1, 16,161,224, 4, 64,148,224,238,255,255, 11, 1, 16,161,224, /* 0x 230 */ - 4, 64,148,224,235,255,255, 11,245,255,255, 58, 3, 48, 81,226, /* 0x 240 */ - 0, 16,160,227, 6, 0, 0, 58, 1, 80,208,228, 3, 84,133,225, /* 0x 250 */ - 5, 80,240,225,222,255,255, 10,197, 80,176,225, 15, 0, 0, 42, /* 0x 260 */ - 2, 0, 0,234, 4, 64,148,224,222,255,255, 11, 11, 0, 0, 42, /* 0x 270 */ - 1, 16,160,227, 4, 64,148,224,218,255,255, 11, 7, 0, 0, 42, /* 0x 280 */ - 4, 64,148,224,215,255,255, 11, 1, 16,161,224, 4, 64,148,224, /* 0x 290 */ -212,255,255, 11,249,255,255, 58, 4, 16,129,226, 3, 0, 0,234, /* 0x 2a0 */ - 4, 64,148,224,207,255,255, 11, 1, 16,161,224, 2, 16,129,226, /* 0x 2b0 */ - 5, 12,117,227, 0, 0, 0, 42, 1, 16,129,226, 0, 48,210,229, /* 0x 2c0 */ - 5, 48,210,231, 1, 48,194,228, 1, 16, 81,226,251,255,255, 26, /* 0x 2d0 */ -202,255,255,234, 0, 0, 0,235, 85, 80, 88, 33,161,216,208,213, /* 0x 2e0 */ +unsigned char nrv_loader_arm[956] = { + 1, 0, 81,227, 8, 0, 0, 26,255, 79, 45,233, 32, 48,143,226, /* 0x 0 */ + 7, 0,179,232, 16, 12,147,232, 2,144,160,225, 13, 0, 0,235, /* 0x 10 */ + 4, 0,160,227, 1, 0, 0,235,255, 79,189,232, 32,240,159,229, /* 0x 20 */ + 20,240,159,229, 83, 82, 67, 48, 83, 82, 67, 76, 68, 83, 84, 48, /* 0x 30 */ + 68, 83, 84, 76, 73, 65, 84, 84, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 40 */ + 0, 0, 0, 0, 69, 78, 84, 82, 0, 64, 45,233, 0,128,189,232, /* 0x 50 */ + 64, 0,159,229, 0, 32,160,227, 60,192,159,229, 12, 0, 80,225, /* 0x 60 */ + 14, 0, 0, 10, 3, 48,208,229, 15, 48, 3,226, 11, 0, 83,227, /* 0x 70 */ + 5, 0, 0, 26, 0, 48,144,229,255, 20, 3,226, 2, 48, 67,224, /* 0x 80 */ +255, 52,195,227, 1, 48,131,225, 0, 48,128,229, 4, 0,128,226, /* 0x 90 */ + 1, 32,130,226,240,255,255,234, 70, 73, 66, 83, 70, 73, 66, 69, /* 0x a0 */ + 84, 16,159,229, 4, 0, 73,226, 1, 48,209,228, 0, 0, 83,227, /* 0x b0 */ + 18, 0, 0, 10,240, 0, 83,227,240,192,195, 35, 1, 48,209, 37, /* 0x c0 */ + 12,196,131, 32, 2, 48,209, 36, 12, 52,131, 32, 3, 0,128,224, /* 0x d0 */ + 0, 48,208,229, 12,196,131,224, 1, 48,208,229, 12,196,131,224, /* 0x e0 */ + 2, 48,208,229, 12,196,131,224, 3, 48,208,229, 12,196,131,224, /* 0x f0 */ + 9,192,140,224, 0,192,128,229,234,255,255,234, 66, 82, 69, 76, /* 0x 100 */ + 2,219, 77,226,164, 64,159,229, 4, 0,160,225, 30, 0, 0,235, /* 0x 110 */ + 40, 0, 0, 10,152, 16,159,229, 1, 0,128,224, 13, 16,160,225, /* 0x 120 */ + 1, 32,208,228,178, 32,193,224, 0, 0, 82,227,251,255,255, 26, /* 0x 130 */ + 13, 0,160,225, 27, 0, 0,235, 0, 96,160,225, 4, 0,132,226, /* 0x 140 */ + 17, 0, 0,235, 0, 80,137,224, 8, 64,132,226, 1, 0,212,228, /* 0x 150 */ + 1, 0, 80,227,235,255,255, 74, 4, 0, 0, 26, 4, 16,160,225, /* 0x 160 */ + 1, 0,212,228, 0, 0, 80,227,252,255,255, 26, 2, 0, 0,234, /* 0x 170 */ + 1, 0,212,228, 1, 16,212,228, 1, 20,128,224, 6, 0,160,225, /* 0x 180 */ + 9, 0, 0,235, 4, 0,133,228,239,255,255,234, 3, 32,160,227, /* 0x 190 */ + 2, 48,208,231, 1, 32, 82,226, 1, 20,131,224,251,255,255, 90, /* 0x 1a0 */ + 1, 0,176,225, 14,240,160,225, 10,240,160,225, 11,240,160,225, /* 0x 1b0 */ + 66, 73, 77, 80, 79, 78, 65, 77, 2,219,141,226,252, 64, 45,233, /* 0x 1c0 */ + 0,112,129,224, 0, 80,224,227, 2, 65,160,227, 10, 0, 0,234, /* 0x 1d0 */ + 24, 0,189,232, 7, 0, 64,224, 3, 32, 66,224, 0, 32,132,229, /* 0x 1e0 */ +240,128,189,232, 1, 64,208,228, 4, 64,164,224, 4, 76,176,225, /* 0x 1f0 */ + 14,240,160,225, 1, 48,208,228, 1, 48,194,228, 4, 64,148,224, /* 0x 200 */ +247,255,255, 11,250,255,255, 42, 1, 16,160,227, 3, 0, 0,234, /* 0x 210 */ + 1, 16, 65,226, 4, 64,148,224,241,255,255, 11, 1, 16,161,224, /* 0x 220 */ + 4, 64,148,224,238,255,255, 11, 1, 16,161,224, 4, 64,148,224, /* 0x 230 */ +235,255,255, 11,245,255,255, 58, 3, 48, 81,226, 0, 16,160,227, /* 0x 240 */ + 6, 0, 0, 58, 1, 80,208,228, 3, 84,133,225, 5, 80,240,225, /* 0x 250 */ +222,255,255, 10,197, 80,176,225, 15, 0, 0, 42, 2, 0, 0,234, /* 0x 260 */ + 4, 64,148,224,222,255,255, 11, 11, 0, 0, 42, 1, 16,160,227, /* 0x 270 */ + 4, 64,148,224,218,255,255, 11, 7, 0, 0, 42, 4, 64,148,224, /* 0x 280 */ +215,255,255, 11, 1, 16,161,224, 4, 64,148,224,212,255,255, 11, /* 0x 290 */ +249,255,255, 58, 4, 16,129,226, 3, 0, 0,234, 4, 64,148,224, /* 0x 2a0 */ +207,255,255, 11, 1, 16,161,224, 2, 16,129,226, 5, 12,117,227, /* 0x 2b0 */ + 0, 0, 0, 42, 1, 16,129,226, 0, 48,210,229, 5, 48,210,231, /* 0x 2c0 */ + 1, 48,194,228, 1, 16, 81,226,251,255,255, 26,202,255,255,234, /* 0x 2d0 */ + 0, 0, 0,235, 85, 80, 88, 33,161,216,208,213, 0, 0, 0, 0, /* 0x 2e0 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 2f0 */ - 0, 0, 0, 0, 0, 0, 0, 45, 68,108,108, 83,116, 97,114,116, /* 0x 300 */ - 0, 0, 0, 0, 0, 69,120,101, 83,116, 97,114,116, 0, 8, 0, /* 0x 310 */ - 0, 0, 80,114,111, 99,101,115,115, 69,110,100, 0, 80, 0, 0, /* 0x 320 */ - 0, 85,110,102,105,108,116,101,114, 95, 48,120, 53, 48, 0, 84, /* 0x 330 */ - 0, 0, 0, 82,101,108,111, 99,115, 0,164, 0, 0, 0, 73,109, /* 0x 340 */ -112,111,114,116,115, 0, 4, 1, 0, 0,117, 99,108, 95,110,114, /* 0x 350 */ -118, 50,101, 95,100,101, 99,111,109,112,114,101,115,115, 95, 56, /* 0x 360 */ - 0,208, 1, 0, 0, 67, 97,108,108, 50, 69, 0,228, 2, 0, 0, /* 0x 370 */ - 0, 0, 0, 0,231, 2, 0, 0,117, 99,108, 95,110,114,118, 50, /* 0x 380 */ -101, 95,100,101, 99,111,109,112,114,101,115,115, 95, 56, 0, 0, /* 0x 390 */ - 0, 0, 0, 85, 80, 88, 49, 72, 69, 65, 68, 0,232, 2, 0, 0, /* 0x 3a0 */ -101,111,102, 0, 8, 3, 0, 0,255,255,255,255, 8, 3, 0, 0 /* 0x 3b0 */ + 0, 0, 0, 45, 68,108,108, 83,116, 97,114,116, 0, 0, 0, 0, /* 0x 300 */ + 0, 69,120,101, 83,116, 97,114,116, 0, 8, 0, 0, 0, 80,114, /* 0x 310 */ +111, 99,101,115,115, 69,110,100, 0, 92, 0, 0, 0, 85,110,102, /* 0x 320 */ +105,108,116,101,114, 95, 48,120, 53, 48, 0, 96, 0, 0, 0, 82, /* 0x 330 */ +101,108,111, 99,115, 0,176, 0, 0, 0, 73,109,112,111,114,116, /* 0x 340 */ +115, 0, 16, 1, 0, 0,117, 99,108, 95,110,114,118, 50,101, 95, /* 0x 350 */ +100,101, 99,111,109,112,114,101,115,115, 95, 56, 0,204, 1, 0, /* 0x 360 */ + 0, 67, 97,108,108, 50, 69, 0,224, 2, 0, 0, 0, 0, 0, 0, /* 0x 370 */ +227, 2, 0, 0,117, 99,108, 95,110,114,118, 50,101, 95,100,101, /* 0x 380 */ + 99,111,109,112,114,101,115,115, 95, 56, 0, 0, 0, 0, 0, 85, /* 0x 390 */ + 80, 88, 49, 72, 69, 65, 68, 0,228, 2, 0, 0,101,111,102, 0, /* 0x 3a0 */ + 4, 3, 0, 0,255,255,255,255, 4, 3, 0, 0 /* 0x 3b0 */ }; diff --git a/src/stub/l_armpet.S b/src/stub/l_armpet.S index f5df6dd0..f840adc4 100644 --- a/src/stub/l_armpet.S +++ b/src/stub/l_armpet.S @@ -29,6 +29,8 @@ */ +#define DEBUG 0 + // magic for the UPX linker #define SECT(n) .text 1; .asciz #n; .long n - _start; .text 0; n @@ -51,25 +53,25 @@ SECT(DllStart): bne .Lstart_orig SECT(ExeStart): - stmfd sp!, {r0 - r9, lr} + stmfd sp!, {r0 - r11, lr} - @ touch all pages in ARM mode - this seems to be required + @ access all pages in ARM mode - this seems to be required @ otherwise the THUMB mode stuff fails adr r3, SRC0 - ldmia r3, {r5, r6, r7} @ r5=src0, r6=slen, r7=dst0, r3=addr src0 - add r5, pc, #4096 -.L01: + ldmia r3, {r5, r6, r7, r9, r10, r11, ip} @ r5=src0, r7=dst0 + add r5, pc, #4096 @ r3=addr src0, r10=LoadLibraryW +.L01: @ r11=GetProcAddressA, ip=CacheSync ldr r6, [r7] add r7, r7, #4096 cmp r7, r5 bls .L01 - adr ip, ProcessAll + 1 + adr r4, ProcessAll + 1 mov lr, pc - bx ip + bx r4 - ldmfd sp!, {r0 - r9, lr} + ldmfd sp!, {r0 - r11, lr} .Lstart_orig: ldr ip, ENTR bx ip @@ -78,18 +80,16 @@ SRC0: .ascii "SRC0" @ start of compressed data SRCL: .ascii "SRCL" @ compressed length DST0: .ascii "DST0" @ start of uncompressed data DSTL: .ascii "DSTL" @ uncompressed length +IATT: .ascii "IATT"; .long 0, 0, 0 @ import address table ENTR: .ascii "ENTR" @ original entry point -CSYN: .ascii "CSYN" @ pointer to CacheSync .thumb ProcessAll: - ldmia r3!, {r0, r1, r2, r5, r6, r7} @ r0=src0, r1=slen, r2=dst0, r7=csyn - sub r3, #12 + ldmia r3!, {r0, r1, r2} @ r0=src0, r1=slen, r2=dst0, r3=addr dstl mov dst0, r2 - ldr r7, [r7] - mov r6, #4 @ parameter of CacheSync - push {r6, r7, lr} + mov r4, ip @ CacheSync + push {r4, lr} .align 2 @@ uncompress/unfilter/imports/relocs are copied here by the upx linker @@ -223,7 +223,6 @@ SECT(Imports): mov r0, sp bl LoadLibraryW - mov dll, r0 add r0, imp, #4 bl get_le32 @@ -275,21 +274,15 @@ get_le32: @ optimized for size mov r0, r2 @ sets the Z flag if zero bx lr -GetProcAddressA: - ldr r3, GETP -.Lcallr3: - ldr r3, [r3] - bx r3 - LoadLibraryW: - ldr r3, LLIB - b .Lcallr3 + bx r10 + +GetProcAddressA: + bx r11 .align 2 BIMP: .ascii "BIMP" @ start of import data ONAM: .ascii "ONAM" @ start of dll names -GETP: .ascii "GETP" @ pointer to GetProcAddressA -LLIB: .ascii "LOAD" @ pointer to LoadLibraryW .Lhi_end: mov sp, r7 @@ -297,9 +290,10 @@ LLIB: .ascii "LOAD" @ pointer to LoadLibraryW @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ SECT(ProcessEnd): - pop {r0, r1, r2} @ r0=4, r1=csyn, r2=lr + pop {r1, r2} @ r1=CacheSync, r2=lr + mov r0, #4 @ parameter of CacheSync mov lr, r2 - bx r1 @ jump to CacheSync + bx r1 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ diff --git a/src/stub/l_armpet.h b/src/stub/l_armpet.h index 19d8c8eb..f5af45f6 100644 --- a/src/stub/l_armpet.h +++ b/src/stub/l_armpet.h @@ -28,34 +28,34 @@ #define NRV_LOADER_THUMB_SIZE 1004 -#define NRV_LOADER_THUMB_ADLER32 0x937c5418 -#define NRV_LOADER_THUMB_CRC32 0x0ad93fb1 +#define NRV_LOADER_THUMB_ADLER32 0xeb414d89 +#define NRV_LOADER_THUMB_CRC32 0xbbf6b423 unsigned char nrv_loader_thumb[1004] = { - 1, 0, 81,227, 11, 0, 0, 26,255, 67, 45,233, 44, 48,143,226, /* 0x 0 */ -224, 0,147,232, 1, 90,143,226, 0, 96,151,229, 1,122,135,226, /* 0x 10 */ - 5, 0, 87,225,251,255,255,154, 41,192,143,226, 15,224,160,225, /* 0x 20 */ - 28,255, 47,225,255, 67,189,232, 16,192,159,229, 28,255, 47,225, /* 0x 30 */ + 1, 0, 81,227, 11, 0, 0, 26,255, 79, 45,233, 44, 48,143,226, /* 0x 0 */ +224, 30,147,232, 1, 90,143,226, 0, 96,151,229, 1,122,135,226, /* 0x 10 */ + 5, 0, 87,225,251,255,255,154, 53, 64,143,226, 15,224,160,225, /* 0x 20 */ + 20,255, 47,225,255, 79,189,232, 32,192,159,229, 28,255, 47,225, /* 0x 30 */ 83, 82, 67, 48, 83, 82, 67, 76, 68, 83, 84, 48, 68, 83, 84, 76, /* 0x 40 */ - 69, 78, 84, 82, 67, 83, 89, 78,231,203, 12, 59,145, 70, 63,104, /* 0x 50 */ - 4, 38,192,181, 11, 72, 0, 34, 11, 76, 15, 37,255, 38, 54, 6, /* 0x 60 */ -247, 67,160, 66, 18,208,195,120, 43, 64, 11, 43, 6,209, 3,104, /* 0x 70 */ - 25, 28, 49, 64,155, 26, 59, 64, 11, 67, 3, 96, 4, 48, 1, 50, /* 0x 80 */ -239,231, 0, 0, 70, 73, 66, 83, 70, 73, 66, 69, 14, 72, 74, 70, /* 0x 90 */ - 17, 31, 3,120, 1, 48, 0, 43, 24,208,240, 43, 8,211, 15, 36, /* 0x a0 */ - 28, 64, 67,120, 36, 2,228, 24, 3,120, 2, 48, 36, 2, 27, 25, /* 0x b0 */ -201, 24, 0, 37, 75, 93, 36, 2,228, 24, 1, 53, 4, 45,249,209, /* 0x c0 */ -164, 24, 12, 96,229,231, 0, 0, 66, 82, 69, 76,111, 70,255,176, /* 0x d0 */ -255,176,255,176,255,176, 29, 76, 32, 28, 0,240, 42,248, 61,208, /* 0x e0 */ - 27, 73, 64, 24,105, 70, 2,120, 1, 48, 10,128, 2, 49, 0, 42, /* 0x f0 */ -249,209,104, 70, 0,240, 40,248, 6, 28, 32, 29, 0,240, 25,248, /* 0x 100 */ - 77, 70, 45, 24, 8, 52, 32,120, 1, 52, 1, 40,228,212, 5,209, /* 0x 110 */ - 33, 28, 32,120, 1, 52, 0, 40,251,209, 4,224, 32,120, 97,120, /* 0x 120 */ - 2, 52, 9, 2, 9, 24, 48, 28, 0,240, 11,248, 40, 96, 4, 53, /* 0x 130 */ -233,231, 3, 33, 67, 92, 18, 2,210, 24, 1, 57,250,213, 16, 28, /* 0x 140 */ -112, 71, 4, 75, 27,104, 24, 71, 3, 75,251,231, 66, 73, 77, 80, /* 0x 150 */ - 79, 78, 65, 77, 71, 69, 84, 80, 76, 79, 65, 68,189, 70, 7,188, /* 0x 160 */ -150, 70, 8, 71, 1,192,143,226, 28,255, 47,225, 9, 24,254,181, /* 0x 170 */ + 73, 65, 84, 84, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 50 */ + 69, 78, 84, 82, 7,203,145, 70,100, 70, 16,181, 11, 72, 0, 34, /* 0x 60 */ + 11, 76, 15, 37,255, 38, 54, 6,247, 67,160, 66, 18,208,195,120, /* 0x 70 */ + 43, 64, 11, 43, 6,209, 3,104, 25, 28, 49, 64,155, 26, 59, 64, /* 0x 80 */ + 11, 67, 3, 96, 4, 48, 1, 50,239,231, 0, 0, 70, 73, 66, 83, /* 0x 90 */ + 70, 73, 66, 69, 14, 72, 74, 70, 17, 31, 3,120, 1, 48, 0, 43, /* 0x a0 */ + 24,208,240, 43, 8,211, 15, 36, 28, 64, 67,120, 36, 2,228, 24, /* 0x b0 */ + 3,120, 2, 48, 36, 2, 27, 25,201, 24, 0, 37, 75, 93, 36, 2, /* 0x c0 */ +228, 24, 1, 53, 4, 45,249,209,164, 24, 12, 96,229,231, 0, 0, /* 0x d0 */ + 66, 82, 69, 76,111, 70,255,176,255,176,255,176,255,176, 28, 76, /* 0x e0 */ + 32, 28, 0,240, 42,248, 55,208, 26, 73, 64, 24,105, 70, 2,120, /* 0x f0 */ + 1, 48, 10,128, 2, 49, 0, 42,249,209,104, 70, 0,240, 37,248, /* 0x 100 */ + 6, 28, 32, 29, 0,240, 25,248, 77, 70, 45, 24, 8, 52, 32,120, /* 0x 110 */ + 1, 52, 1, 40,228,212, 5,209, 33, 28, 32,120, 1, 52, 0, 40, /* 0x 120 */ +251,209, 4,224, 32,120, 97,120, 2, 52, 9, 2, 9, 24, 48, 28, /* 0x 130 */ + 0,240, 12,248, 40, 96, 4, 53,233,231, 3, 33, 67, 92, 18, 2, /* 0x 140 */ +210, 24, 1, 57,250,213, 16, 28,112, 71, 80, 71, 88, 71, 0, 0, /* 0x 150 */ + 66, 73, 77, 80, 79, 78, 65, 77,189, 70, 6,188, 4, 32,150, 70, /* 0x 160 */ + 8, 71, 0, 0, 1,192,143,226, 28,255, 47,225, 9, 24,254,181, /* 0x 170 */ 1, 36,101, 66,228, 7, 13, 39, 63, 2, 15,224, 26,188, 64, 26, /* 0x 180 */ 210, 26, 34, 96,240,188, 2,188, 8, 71, 4,120,100, 65, 1, 48, /* 0x 190 */ 36, 6,247, 70, 3,120, 1, 48, 19,112, 1, 50, 36, 25,254, 70, /* 0x 1a0 */ @@ -82,10 +82,10 @@ unsigned char nrv_loader_thumb[1004] = { 0, 0, 0, 0, 0, 45, 0, 0, 68,108,108, 83,116, 97,114,116, /* 0x 2f0 */ 0, 0, 0, 0, 0, 69,120,101, 83,116, 97,114,116, 0, 8, 0, /* 0x 300 */ 0, 0, 85,110,102,105,108,116,101,114, 95, 48,120, 53, 48, 0, /* 0x 310 */ -100, 0, 0, 0, 82,101,108,111, 99,115, 0,156, 0, 0, 0, 73, /* 0x 320 */ -109,112,111,114,116,115, 0,220, 0, 0, 0, 80,114,111, 99,101, /* 0x 330 */ -115,115, 69,110,100, 0,110, 1, 0, 0,100,117,109,109,121, 48, /* 0x 340 */ - 0,116, 1, 0, 0,103,111, 95,116,104,117,109, 98, 95,110, 50, /* 0x 350 */ +108, 0, 0, 0, 82,101,108,111, 99,115, 0,164, 0, 0, 0, 73, /* 0x 320 */ +109,112,111,114,116,115, 0,228, 0, 0, 0, 80,114,111, 99,101, /* 0x 330 */ +115,115, 69,110,100, 0,106, 1, 0, 0,100,117,109,109,121, 48, /* 0x 340 */ + 0,114, 1, 0, 0,103,111, 95,116,104,117,109, 98, 95,110, 50, /* 0x 350 */ 98, 0,124, 1, 0, 0, 67, 97,108,108, 50, 66, 0, 20, 2, 0, /* 0x 360 */ 0, 0, 0, 0, 0, 23, 2, 0, 0,103,111, 95,116,104,117,109, /* 0x 370 */ 98, 95,110, 50, 98, 0, 0, 0, 0, 0,100,117,109,109,121, 49, /* 0x 380 */ diff --git a/src/stub/util/armpe/armpe_tester.c b/src/stub/util/armpe/armpe_tester.c index 6d6b8d6f..4830613c 100644 --- a/src/stub/util/armpe/armpe_tester.c +++ b/src/stub/util/armpe/armpe_tester.c @@ -280,7 +280,7 @@ static int import(void) if (ih.ddirs[PEDIR_IMPORT].vaddr == 0) return print("no imports?\n"); void *imports = vaddr + ih.ddirs[PEDIR_IMPORT].vaddr; - void *coredll_imports = vaddr + get_le32(imports); + void *coredll_imports = vaddr + get_le32(imports + 16); set_le32(coredll_imports, (unsigned) loadlibraryw); set_le32(coredll_imports + 4, (unsigned) getprocaddressa); set_le32(coredll_imports + 8, (unsigned) cachesync);