diff --git a/src/stub/l_w32pe.asm b/src/stub/l_w32pe.asm index 6b3fdb07..c73b3e54 100644 --- a/src/stub/l_w32pe.asm +++ b/src/stub/l_w32pe.asm @@ -201,29 +201,34 @@ relhi0: ; ============= %ifdef __PEDEPHAK__ - push edx - mov edx, esp ; provide 4 bytes for lpflOldProtect - mov ebp, [esi + 'VPRO'] ; VirtualProtect - mov ebx, 0x1000 lea edi, [esi + 'IMGB'] - push edx + mov ebx, 0x1000 + + push eax ; provide 4 bytes stack + + push esp ; &lpflOldProtect on stack push byte 4 ; PAGE_READWRITE push ebx push edi call ebp -; FIXME: does VirtualProtect clobber any registers ??? - and byte [edi + 'SWRI'], 0x7f - push edx + %if 1 + push esp push byte 2 ; PAGE_READONLY + %else + pop eax + push eax + push esp + push eax ; restore protection + %endif push ebx push edi call ebp - pop edx ; restore stack + pop eax ; restore stack %endif; __PEDEPHAX__ ; __PEMAIN20__ diff --git a/src/stub/l_w32pe.h b/src/stub/l_w32pe.h index 83b260a1..5aae7493 100644 --- a/src/stub/l_w32pe.h +++ b/src/stub/l_w32pe.h @@ -28,8 +28,8 @@ #define NRV_LOADER_SIZE 4222 -#define NRV_LOADER_ADLER32 0x5168ec5c -#define NRV_LOADER_CRC32 0xcef81a07 +#define NRV_LOADER_ADLER32 0x5ca7eae1 +#define NRV_LOADER_CRC32 0xb06887df unsigned char nrv_loader[4222] = { 128,124, 36, 8, 1, 15,133, 0, 0, 0, 0, 96,190, 69, 83, 73, /* 0x 0 */ @@ -102,12 +102,12 @@ unsigned char nrv_loader[4222] = { 224, 16,102,139, 7,131,199, 2, 9,192,117, 0,139, 7,131,199, /* 0x 430 */ 4,235, 0,135,254,141,143, 68, 69, 76, 84,169,102, 1, 12, 7, /* 0x 440 */ 173, 9,192,117,247,193,233, 16,169,102, 1, 12, 7,173, 9,192, /* 0x 450 */ -117,247, 82,137,226,139,174, 86, 80, 82, 79,187, 0, 16, 0, 0, /* 0x 460 */ -141,190, 73, 77, 71, 66, 82,106, 4, 83, 87,255,213,128,167, 83, /* 0x 470 */ - 87, 82, 73,127, 82,106, 2, 83, 87,255,213, 90, 97, 49,192, 64, /* 0x 480 */ -194, 12, 0,233, 74, 77, 80, 79, 85, 80, 88, 33,161,216,208,213, /* 0x 490 */ +117,247,139,174, 86, 80, 82, 79,141,190, 73, 77, 71, 66,187, 0, /* 0x 460 */ + 16, 0, 0, 80, 84,106, 4, 83, 87,255,213,128,167, 83, 87, 82, /* 0x 470 */ + 73,127, 84,106, 2, 83, 87,255,213, 88, 97, 49,192, 64,194, 12, /* 0x 480 */ + 0,233, 74, 77, 80, 79, 85, 80, 88, 33,161,216,208,213, 0, 0, /* 0x 490 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x 4a0 */ - 0, 0, 0, 0, 0, 0, 0, 45, 80, 69, 73, 83, 68, 76, 76, 49, /* 0x 4b0 */ + 0, 0, 0, 0, 0, 45, 0, 0, 80, 69, 73, 83, 68, 76, 76, 49, /* 0x 4b0 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 11, 0, 0, 0, 80, 69, 77, /* 0x 4c0 */ 65, 73, 78, 50, 48, 0, 1, 0, 0, 0, 80, 69, 77, 65, 73, 78, /* 0x 4d0 */ 48, 49, 0, 11, 0, 0, 0, 80, 69, 73, 67, 79, 78, 83, 49, 0, /* 0x 4e0 */ @@ -290,10 +290,10 @@ unsigned char nrv_loader[4222] = { 90, 0, 85, 4, 0, 0, 80, 69, 82, 69, 76, 72, 73, 48, 0, 85, /* 0x ff0 */ 4, 0, 0, 80, 69, 82, 69, 76, 72, 73, 90, 0, 98, 4, 0, 0, /* 0x1000 */ 80, 69, 68, 69, 80, 72, 65, 75, 0, 98, 4, 0, 0, 80, 69, 68, /* 0x1010 */ - 69, 80, 72, 65, 88, 0,140, 4, 0, 0, 80, 69, 77, 65, 73, 78, /* 0x1020 */ - 50, 48, 0,140, 4, 0, 0, 80, 69, 82, 69, 84, 85, 82, 78, 0, /* 0x1030 */ -141, 4, 0, 0, 80, 69, 68, 79, 74, 85, 77, 80, 0,147, 4, 0, /* 0x1040 */ - 0, 80, 69, 68, 85, 77, 77, 89, 51, 0,152, 4, 0, 0, 85, 80, /* 0x1050 */ - 88, 49, 72, 69, 65, 68, 0,152, 4, 0, 0, 80, 69, 84, 72, 69, /* 0x1060 */ - 69, 78, 68, 0,184, 4, 0, 0,255,255,255,255,184, 4 /* 0x1070 */ + 69, 80, 72, 65, 88, 0,138, 4, 0, 0, 80, 69, 77, 65, 73, 78, /* 0x1020 */ + 50, 48, 0,138, 4, 0, 0, 80, 69, 82, 69, 84, 85, 82, 78, 0, /* 0x1030 */ +139, 4, 0, 0, 80, 69, 68, 79, 74, 85, 77, 80, 0,145, 4, 0, /* 0x1040 */ + 0, 80, 69, 68, 85, 77, 77, 89, 51, 0,150, 4, 0, 0, 85, 80, /* 0x1050 */ + 88, 49, 72, 69, 65, 68, 0,150, 4, 0, 0, 80, 69, 84, 72, 69, /* 0x1060 */ + 69, 78, 68, 0,182, 4, 0, 0,255,255,255,255,182, 4 /* 0x1070 */ };