jory/upx
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

merge

Browse Source
This commit is contained in:
John Reiser 2010-08-17 11:32:02 -07:00
commit 7451db4a68
6 changed files with 1697 additions and 1683 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/p_w32pe.cpp
View File

@ -298,6 +298,14 @@ void PackW32Pe::processTls(Reloc *rel,const Interval *iv,unsigned newaddr) // pa
//NEW: if we have TLS callbacks to handle, we create a pointer to the new callback chain - Stefan Widmann
tlsp->callbacks = (use_tls_callbacks ? newaddr + sotls + ih.imagebase - 8 : 0);
if(use_tls_callbacks)
{
//set handler offset
set_le32(otls + sotls - 8, tls_handler_offset + ih.imagebase);
//add relocation for TLS handler offset
rel->add(newaddr + sotls - 8, 3);
}
}
/*************************************************************************
@ -1134,8 +1142,8 @@ void PackW32Pe::pack(OutputFile *fo)
if(use_tls_callbacks)
{
//esi is ih.imagebase + rvamin
linker->defineSymbol("tls_callbacks_ptr", tlscb_ptr - (ih.imagebase + rvamin));
linker->defineSymbol("tls_callbacks_off", ic + sotls - 8 - rvamin);
linker->defineSymbol("tls_callbacks_ptr", tlscb_ptr);
//linker->defineSymbol("tls_callbacks_off", ic + sotls - 8 - rvamin);
linker->defineSymbol("tls_module_base", 0u - rvamin);
}
@ -1171,6 +1179,11 @@ void PackW32Pe::pack(OutputFile *fo)
// tls & loadconf are put into section 1
//ic = s1addr + s1size - sotls - soloadconf; //ATTENTION: moved upwards to TLS callback handling - Stefan Widmann
//get address of TLS callback handler
tls_handler_offset = linker->getSymbolOffset("PETLSC2");
//add relocation entry for TLS callback handler
rel.add(tls_handler_offset + 4, 3);
processTls(&rel,&tlsiv,ic);
ODADDR(PEDIR_TLS) = sotls ? ic : 0;
ODSIZE(PEDIR_TLS) = sotls ? 0x18 : 0;

2
src/p_w32pe.h
View File

@ -71,7 +71,7 @@ protected:
unsigned soloadconf;
unsigned tlscb_ptr; //NEW: TLS callback handling - Stefan Widmann
//unsigned tlscb_off; //NEW: TLS callback handling - Stefan Widmann
unsigned tls_handler_offset;
bool isrtm;
bool use_dep_hack;

4
src/pefile.cpp
View File

@ -1751,6 +1751,10 @@ void PeFile::unpack(OutputFile *fo)
oh.headersize = rvamin;
oh.chksum = 0;
//NEW: disable reloc stripping if ASLR is enabled
if(ih.dllflags & IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE)
opt->win32_pe.strip_relocs = false;
// FIXME: ih.flags is checked here because of a bug in UPX 0.92
if ((opt->win32_pe.strip_relocs && !isdll) || (ih.flags & RELOCS_STRIPPED))
{

3272
src/stub/i386-win32.pe.h
View File

File diff suppressed because it is too large Load Diff

58
src/stub/src/i386-win32.pe.S
View File

@ -114,7 +114,7 @@ section PEK32ORD
jmps next_imp
not_kernel32:
section PEIMORD1
movzxw eax, word ptr [edi] //new: "word ptr" - Stefan Widmann
movzxw eax, word ptr [edi]
inc edi
push eax
inc edi
@ -224,21 +224,19 @@ pedep9:
//;NEW: TLS callback support - Stefan Widmann
section PETLSC
lea ebx, [esi + tls_module_base] //;load module base to ebx
lea eax, [esi + tls_callbacks_ptr] //;load pointer to original callback chain
lea edi, [ebx + tls_handler_start] //;load offset of handler
push edi
inc edi //;pointer to original TLS callback chain is to be saved to handler + 2
inc edi
stosd
pop eax
lea edi, [esi + tls_callbacks_off] //;get ptr to first TLS callback entry
stosd //;save the handler ptr to the TLS callback chain
lea ebx, [esi + tls_module_base] //;load module base to ebx
lea edi, [ebx + tls_handler_start + 1] //;load offset of handler
push edi
//;remove jump from TLS handler entry (overwrite displacement)
xor eax, eax
stosb
pop ecx
dec ecx
//;emulate callbacks like PE loader would have done
push 0 //;reserved
push 1 //;DLL_PROCESS_ATTACH
push ebx //;module base alias module handle alias hInstance alias ...
call eax //;contains ptr to callback handler
push eax //;0 - reserved
push 1 //;DLL_PROCESS_ATTACH
push ebx //;module base alias module handle alias hInstance alias ...
call ecx //;contains ptr to callback handler
section PEMAIN20
popa
@ -270,26 +268,26 @@ section PEDOJUMP
section PETLSC2
//;TLS_CALLBACK(hModule, reason, reserved)
tls_handler_start:
push esi
.byte 0xBE //mov esi, XXXXXXXX
tlsc_chain_ptr:
.byte 0, 0, 0, 0
cld //;you never know, this code gets called by the PE loader
jmp end_of_tls_handler //;this jump is patched to EB 00 (jmp $+2) by stub
push esi
mov esi, offset tls_callbacks_ptr //;must be relocated
cld //;you never know, this code gets called by the PE loader
walk_tlsc_chain2:
lodsd
test eax, eax
jz done_callbacks
test eax, eax
jz done_callbacks
//;copy the stack frame, 3 arguments
push 3
pop ecx
push 3
pop ecx
push_loop:
push dword ptr [esp + 0x10] //;4 bytes
loop push_loop
call eax
jmp walk_tlsc_chain2
push dword ptr [esp + 0x10] //;4 bytes
loop push_loop
call eax
jmp walk_tlsc_chain2
done_callbacks:
pop esi
ret 0x0C
pop esi
end_of_tls_handler:
ret 0x0C
// =============
// ============= CUT HERE

27
src/stub/tmp/i386-win32.pe.bin.dump
View File

@ -115,14 +115,14 @@ Idx Name Size VMA LMA File off Algn Flags
110 PERELLO0 0000000a 00000000 00000000 00001a5a 2**0 CONTENTS, READONLY
111 PERELHI0 0000000d 00000000 00000000 00001a64 2**0 CONTENTS, READONLY
112 PEDEPHAK 0000002f 00000000 00000000 00001a71 2**0 CONTENTS, RELOC, READONLY
113 PETLSC 00000025 00000000 00000000 00001aa0 2**0 CONTENTS, RELOC, READONLY
114 PEMAIN20 00000001 00000000 00000000 00001ac5 2**0 CONTENTS, READONLY
115 CLEARSTACK 0000000d 00000000 00000000 00001ac6 2**0 CONTENTS, READONLY
116 PEMAIN21 00000000 00000000 00000000 00001ad3 2**0 CONTENTS, READONLY
117 PERETURN 00000006 00000000 00000000 00001ad3 2**0 CONTENTS, READONLY
118 PEDOJUMP 00000005 00000000 00000000 00001ad9 2**0 CONTENTS, RELOC, READONLY
119 PETLSC2 0000001d 00000000 00000000 00001ade 2**0 CONTENTS, READONLY
120 UPX1HEAD 00000020 00000000 00000000 00001afb 2**0 CONTENTS, READONLY
113 PETLSC 00000018 00000000 00000000 00001aa0 2**0 CONTENTS, RELOC, READONLY
114 PEMAIN20 00000001 00000000 00000000 00001ab8 2**0 CONTENTS, READONLY
115 CLEARSTACK 0000000d 00000000 00000000 00001ab9 2**0 CONTENTS, READONLY
116 PEMAIN21 00000000 00000000 00000000 00001ac6 2**0 CONTENTS, READONLY
117 PERETURN 00000006 00000000 00000000 00001ac6 2**0 CONTENTS, READONLY
118 PEDOJUMP 00000005 00000000 00000000 00001acc 2**0 CONTENTS, RELOC, READONLY
119 PETLSC2 0000001f 00000000 00000000 00001ad1 2**0 CONTENTS, RELOC, READONLY
120 UPX1HEAD 00000020 00000000 00000000 00001af0 2**0 CONTENTS, READONLY
SYMBOL TABLE:
00000000 l d N2BSMA10 00000000 N2BSMA10
00000000 l d N2BFAS11 00000000 N2BFAS11
@ -271,9 +271,8 @@ SYMBOL TABLE:
00000000 *UND* 00000000 vp_size
00000000 *UND* 00000000 swri
00000000 *UND* 00000000 tls_module_base
00000000 *UND* 00000000 tls_callbacks_ptr
00000000 *UND* 00000000 tls_callbacks_off
00000000 *UND* 00000000 original_entry
00000000 *UND* 00000000 tls_callbacks_ptr
RELOCATION RECORDS FOR [PEISDLL1]:
OFFSET TYPE VALUE
@ -575,10 +574,12 @@ OFFSET TYPE VALUE
RELOCATION RECORDS FOR [PETLSC]:
OFFSET TYPE VALUE
00000002 R_386_32 tls_module_base
00000008 R_386_32 tls_callbacks_ptr
0000000e R_386_32 PETLSC2
00000019 R_386_32 tls_callbacks_off
00000008 R_386_32 PETLSC2
RELOCATION RECORDS FOR [PEDOJUMP]:
OFFSET TYPE VALUE
00000001 R_386_PC32 original_entry
RELOCATION RECORDS FOR [PETLSC2]:
OFFSET TYPE VALUE
00000004 R_386_32 tls_callbacks_ptr