From 76ddf6b8dad8b98f46a8f47ddfa1e3f536069961 Mon Sep 17 00:00:00 2001 From: Kornel Pal Date: Wed, 22 Dec 2021 02:58:09 +0100 Subject: [PATCH] PE: Add position independent decompressor stub for i386 --- src/p_w32pe.cpp | 14 +++++++++----- src/p_w64pep.cpp | 4 +++- src/pefile.cpp | 1 + src/pefile.h | 1 + src/stub/src/i386-win32.pe.S | 7 +++++++ 5 files changed, 21 insertions(+), 6 deletions(-) diff --git a/src/p_w32pe.cpp b/src/p_w32pe.cpp index c9584836..6a346935 100644 --- a/src/p_w32pe.cpp +++ b/src/p_w32pe.cpp @@ -110,14 +110,17 @@ void PackW32Pe::buildLoader(const Filter *ft) // prepare loader initLoader(stub_i386_win32_pe, sizeof(stub_i386_win32_pe), 2); - addLoader(isdll ? "PEISDLL1" : "", - "PEMAIN01", + if (isdll) + addLoader("PEISDLL1"); + addLoader("PEMAIN01", + use_stub_relocs ? "PESOCREL" : "PESOCPIC", + "PESOUNC0", icondir_count > 1 ? (icondir_count == 2 ? "PEICONS1" : "PEICONS2") : "", tmp_tlsindex ? "PETLSHAK" : "", "PEMAIN02", ph.first_offset_found == 1 ? "PEMAIN03" : "", getDecompressorSections(), - /*multipass ? "PEMULTIP" : */ "", + //multipass ? "PEMULTIP" : "", "PEMAIN10", nullptr ); @@ -255,7 +258,7 @@ void PackW32Pe::defineSymbols(unsigned ncsection, unsigned upxsection, const unsigned esi0 = s1addr + ic; linker->defineSymbol("start_of_uncompressed", 0u - esi0 + rvamin); - linker->defineSymbol("start_of_compressed", esi0 + ih.imagebase); + linker->defineSymbol("start_of_compressed", use_stub_relocs ? esi0 + ih.imagebase : esi0); if (use_tls_callbacks) { @@ -270,7 +273,8 @@ void PackW32Pe::defineSymbols(unsigned ncsection, unsigned upxsection, void PackW32Pe::addNewRelocations(Reloc &rel, unsigned base) { - rel.add(base + linker->getSymbolOffset("PEMAIN01") + 2, 3); + if (use_stub_relocs) + rel.add(base + linker->getSymbolOffset("PESOCREL") + 1, 3); } void PackW32Pe::setOhDataBase(const pe_section_t *osection) diff --git a/src/p_w64pep.cpp b/src/p_w64pep.cpp index 5ef28833..bb509a9e 100644 --- a/src/p_w64pep.cpp +++ b/src/p_w64pep.cpp @@ -47,7 +47,9 @@ static const **************************************************************************/ PackW64Pep::PackW64Pep(InputFile *f) : super(f) -{} +{ + use_stub_relocs = false; +} PackW64Pep::~PackW64Pep() diff --git a/src/pefile.cpp b/src/pefile.cpp index f319a936..86ebdd62 100644 --- a/src/pefile.cpp +++ b/src/pefile.cpp @@ -117,6 +117,7 @@ PeFile::PeFile(InputFile *f) : super(f) use_dep_hack = true; use_clear_dirty_stack = true; + use_stub_relocs = true; isrtm = false; } diff --git a/src/pefile.h b/src/pefile.h index ce97741b..501c1da2 100644 --- a/src/pefile.h +++ b/src/pefile.h @@ -214,6 +214,7 @@ protected: bool isrtm; bool use_dep_hack; bool use_clear_dirty_stack; + bool use_stub_relocs; static unsigned virta2objnum (unsigned, pe_section_t *, unsigned); diff --git a/src/stub/src/i386-win32.pe.S b/src/stub/src/i386-win32.pe.S index 98b1d123..c8995953 100644 --- a/src/stub/src/i386-win32.pe.S +++ b/src/stub/src/i386-win32.pe.S @@ -40,7 +40,14 @@ section PEISDLL1 jnz reloc_end_jmp section PEMAIN01 pusha +section PESOCREL mov esi, offset start_of_compressed // relocated +section PESOCPIC + call get_eip +get_eip: + pop eax + lea esi, [eax + start_of_compressed - get_eip] +section PESOUNC0 lea edi, [esi + start_of_uncompressed] section PEICONS1 incw [edi + icon_offset]