win64/pe: filter support added

2024-11-26 22:20:52 +00:00 · 2013-08-27 21:22:21 +02:00 · 2013-08-27 21:22:21 +02:00 · fbc756b531
commit fbc756b531
parent 6c64b06453
7 changed files with 883 additions and 864 deletions
--- a/4
+++ b/4
@ -2,7 +2,9 @@
 User visible changes for UPX
 ==================================================================

-Changes in 3.10 (XX XXX XXXX):
+Changes in 3.10 (XX XXX 2013):
+  * Experimental support added for Windows 64-bit PE files.
+  * bug fixes

 Changes in 3.09 (18 Feb 2013):
  * New option --preserve-build-id for GNU ELF.
--- a/src/p_w64pep.cpp
+++ b/src/p_w64pep.cpp
@ -150,7 +150,7 @@ const int *PackW64Pep::getCompressionMethods(int /*method*/, int /*level*/) cons

 const int *PackW64Pep::getFilters() const
 {
-    static const int filters[] = { FT_END };
+    static const int filters[] = { 0x49, FT_END };
    return filters;
 }

@ -701,7 +701,7 @@ void PackW64Pep::buildLoader(const Filter *ft)
        const unsigned texv = ih.codebase - rvamin;
        assert(ft->calls > 0);
        addLoader(texv ? "PECTTPOS" : "PECTTNUL",NULL);
-        addFilter32(ft->id);
+        addLoader("PEFILTER49");
    }
    if (soimport)
        addLoader("PEIMPORT",
@ -969,13 +969,11 @@ void PackW64Pep::pack(OutputFile *fo)
    //OutputFile::dump("x1", ibuf, usize);

    // some checks for broken linkers - disable filter if necessary
-    bool allow_filter = false;
-/*
-    if (ih.codebase == ih.database
-        || ih.codebase + ih.codesize > ih.imagesize
+    bool allow_filter = true;
+    if (ih.codebase + ih.codesize > ih.imagesize
        || (isection[virta2objnum(ih.codebase,isection,objs)].flags & PEFL_CODE) == 0)
        allow_filter = false;
-*/
+
    const unsigned oam1 = ih.objectalign - 1;

    // FIXME: disabled: the uncompressor would not allocate enough memory
@ -1137,7 +1135,7 @@ void PackW64Pep::pack(OutputFile *fo)
 #endif

 //FIXME    defineDecompressorSymbols();
-//FIXME    defineFilterSymbols(&ft);
+    defineFilterSymbols(&ft);
    linker->defineSymbol("filter_buffer_start", ih.codebase - rvamin);

    // in case of overlapping decompression, this hack is needed,
--- a/src/p_w64pep.h
+++ b/src/p_w64pep.h
@ -41,8 +41,8 @@ public:
    PackW64Pep(InputFile *f);
    virtual ~PackW64Pep();
    virtual int getFormat() const { return UPX_F_WIN64_PEP; }
-    virtual const char *getName() const { return "win64/pep"; }
-    virtual const char *getFullName(const options_t *) const { return "AMD64-win64.pep"; }
+    virtual const char *getName() const { return "win64/pe"; }
+    virtual const char *getFullName(const options_t *) const { return "amd64-win64.pe"; }
    virtual const int *getCompressionMethods(int method, int level) const;
    virtual const int *getFilters() const;

--- a/src/stub/amd64-win64.pep.h
+++ b/src/stub/amd64-win64.pep.h
--- a/src/stub/src/amd64-win64.pep.S
+++ b/src/stub/src/amd64-win64.pep.S
@ -187,6 +187,7 @@ section         NRV2E
 #include "arch/amd64/lzma_d.S"
 #endif

+#undef len
 .intel_syntax noprefix
 // =============
 section         PEMAIN10
@ -207,15 +208,16 @@ section         PECTTPOS
 section         PECTTNUL
                mov     rdi, rsi

-#if 0 //; FIXME use amd_bxx.S
-                cjt32   esi
-#endif
-
-section         ctok32.00
+section         PEFILTER49
                mov     ecx, offset filter_length
-#if 0  //; FIXME
-                ctok32  esi, (offset filter_cto)
-#endif
+                mov     dl, IMM8(filter_cto)
+.att_syntax
+#define esi ebx
+#define rsi rbx
+#include "arch/amd64/bxx.S"
+#undef esi
+#undef rsi
+.intel_syntax noprefix

 // =============
 // ============= IMPORTS
--- a/src/stub/src/arch/amd64/bxx.S
+++ b/src/stub/src/arch/amd64/bxx.S
@ -33,8 +33,10 @@ amdbxx:  # (*f_unf)(xo->buf, out_len, h.b_cto8, h.b_ftid);
 #define cto8 %arg3l /* known to be "%dl" */
 #define ftid %arg4l

+#ifndef NO_METHOD_CHECK
        cmpl $0x49,ftid; jne ckend  # filter: JMP, CALL, 6-byte Jxx
        movq len,%rcx  # byte count
+#endif
        movq ptr,%rsi  # remember start of buffer
        jmp ckstart
 ckloop3:
@ -61,7 +63,9 @@ ckstart:
 ckcount:
        decq %rcx; jnz ckloop3
 ckend:
+#ifndef NO_METHOD_CHECK
        ret
+#endif

 #undef ptr
 #undef len
--- a/src/stub/tmp/amd64-win64.pep.bin.dump
+++ b/src/stub/tmp/amd64-win64.pep.bin.dump
@ -17,33 +17,33 @@ Idx Name          Size      VMA               LMA               File off  Algn
 12 PETLSHAK2     00000004  0000000000000000  0000000000000000  0000019a  2**0  CONTENTS, READONLY
 13 PECTTPOS      00000007  0000000000000000  0000000000000000  0000019e  2**0  CONTENTS, RELOC, READONLY
 14 PECTTNUL      00000003  0000000000000000  0000000000000000  000001a5  2**0  CONTENTS, READONLY
- 15 ctok32.00     00000005  0000000000000000  0000000000000000  000001a8  2**0  CONTENTS, RELOC, READONLY
- 16 PEIMPORT      00000034  0000000000000000  0000000000000000  000001ad  2**0  CONTENTS, RELOC, READONLY
- 17 PEIBYORD      00000002  0000000000000000  0000000000000000  000001e1  2**0  CONTENTS, RELOC, READONLY
- 18 PEK32ORD      00000012  0000000000000000  0000000000000000  000001e3  2**0  CONTENTS, RELOC, READONLY
- 19 PEIMORD1      0000000a  0000000000000000  0000000000000000  000001f5  2**0  CONTENTS, RELOC, READONLY
- 20 PEIMPOR2      00000021  0000000000000000  0000000000000000  000001ff  2**0  CONTENTS, RELOC, READONLY
- 21 PEIERDLL      0000000b  0000000000000000  0000000000000000  00000220  2**0  CONTENTS, READONLY
- 22 PEIEREXE      00000006  0000000000000000  0000000000000000  0000022b  2**0  CONTENTS, RELOC, READONLY
- 23 PEIMDONE      00000004  0000000000000000  0000000000000000  00000231  2**0  CONTENTS, READONLY
- 24 PERELOC1      00000007  0000000000000000  0000000000000000  00000235  2**0  CONTENTS, RELOC, READONLY
- 25 PERELOC2      00000004  0000000000000000  0000000000000000  0000023c  2**0  CONTENTS, READONLY
- 26 PERELOC3      00000030  0000000000000000  0000000000000000  00000240  2**0  CONTENTS, RELOC, READONLY
- 27 REL64BIG      0000000a  0000000000000000  0000000000000000  00000270  2**0  CONTENTS, RELOC, READONLY
- 28 RELOC64J      00000002  0000000000000000  0000000000000000  0000027a  2**0  CONTENTS, RELOC, READONLY
- 29 PERLOHI0      0000000a  0000000000000000  0000000000000000  0000027c  2**0  CONTENTS, RELOC, READONLY
- 30 PERELLO0      0000000b  0000000000000000  0000000000000000  00000286  2**0  CONTENTS, READONLY
- 31 PERELHI0      0000000e  0000000000000000  0000000000000000  00000291  2**0  CONTENTS, READONLY
- 32 PEDEPHAK      0000004b  0000000000000000  0000000000000000  0000029f  2**0  CONTENTS, RELOC, READONLY
- 33 PETLSC        0000001b  0000000000000000  0000000000000000  000002ea  2**0  CONTENTS, RELOC, READONLY
- 34 PEMAIN20      00000004  0000000000000000  0000000000000000  00000305  2**0  CONTENTS, READONLY
- 35 CLEARSTACK    00000010  0000000000000000  0000000000000000  00000309  2**0  CONTENTS, READONLY
- 36 PEMAIN21      00000000  0000000000000000  0000000000000000  00000319  2**0  CONTENTS, READONLY
- 37 PEISDLL9      0000000f  0000000000000000  0000000000000000  00000319  2**0  CONTENTS, READONLY
- 38 PERETURN      00000004  0000000000000000  0000000000000000  00000328  2**0  CONTENTS, READONLY
- 39 PEDOJUMP      00000005  0000000000000000  0000000000000000  0000032c  2**0  CONTENTS, RELOC, READONLY
- 40 PETLSC2       00000028  0000000000000000  0000000000000000  00000331  2**0  CONTENTS, RELOC, READONLY
- 41 UPX1HEAD      00000020  0000000000000000  0000000000000000  00000359  2**0  CONTENTS, READONLY
+ 15 PEFILTER49    0000004e  0000000000000000  0000000000000000  000001a8  2**0  CONTENTS, RELOC, READONLY
+ 16 PEIMPORT      00000034  0000000000000000  0000000000000000  000001f6  2**0  CONTENTS, RELOC, READONLY
+ 17 PEIBYORD      00000002  0000000000000000  0000000000000000  0000022a  2**0  CONTENTS, RELOC, READONLY
+ 18 PEK32ORD      00000012  0000000000000000  0000000000000000  0000022c  2**0  CONTENTS, RELOC, READONLY
+ 19 PEIMORD1      0000000a  0000000000000000  0000000000000000  0000023e  2**0  CONTENTS, RELOC, READONLY
+ 20 PEIMPOR2      00000021  0000000000000000  0000000000000000  00000248  2**0  CONTENTS, RELOC, READONLY
+ 21 PEIERDLL      0000000b  0000000000000000  0000000000000000  00000269  2**0  CONTENTS, READONLY
+ 22 PEIEREXE      00000006  0000000000000000  0000000000000000  00000274  2**0  CONTENTS, RELOC, READONLY
+ 23 PEIMDONE      00000004  0000000000000000  0000000000000000  0000027a  2**0  CONTENTS, READONLY
+ 24 PERELOC1      00000007  0000000000000000  0000000000000000  0000027e  2**0  CONTENTS, RELOC, READONLY
+ 25 PERELOC2      00000004  0000000000000000  0000000000000000  00000285  2**0  CONTENTS, READONLY
+ 26 PERELOC3      00000030  0000000000000000  0000000000000000  00000289  2**0  CONTENTS, RELOC, READONLY
+ 27 REL64BIG      0000000a  0000000000000000  0000000000000000  000002b9  2**0  CONTENTS, RELOC, READONLY
+ 28 RELOC64J      00000002  0000000000000000  0000000000000000  000002c3  2**0  CONTENTS, RELOC, READONLY
+ 29 PERLOHI0      0000000a  0000000000000000  0000000000000000  000002c5  2**0  CONTENTS, RELOC, READONLY
+ 30 PERELLO0      0000000b  0000000000000000  0000000000000000  000002cf  2**0  CONTENTS, READONLY
+ 31 PERELHI0      0000000e  0000000000000000  0000000000000000  000002da  2**0  CONTENTS, READONLY
+ 32 PEDEPHAK      0000004b  0000000000000000  0000000000000000  000002e8  2**0  CONTENTS, RELOC, READONLY
+ 33 PETLSC        0000001b  0000000000000000  0000000000000000  00000333  2**0  CONTENTS, RELOC, READONLY
+ 34 PEMAIN20      00000004  0000000000000000  0000000000000000  0000034e  2**0  CONTENTS, READONLY
+ 35 CLEARSTACK    00000010  0000000000000000  0000000000000000  00000352  2**0  CONTENTS, READONLY
+ 36 PEMAIN21      00000000  0000000000000000  0000000000000000  00000362  2**0  CONTENTS, READONLY
+ 37 PEISDLL9      0000000f  0000000000000000  0000000000000000  00000362  2**0  CONTENTS, READONLY
+ 38 PERETURN      00000004  0000000000000000  0000000000000000  00000371  2**0  CONTENTS, READONLY
+ 39 PEDOJUMP      00000005  0000000000000000  0000000000000000  00000375  2**0  CONTENTS, RELOC, READONLY
+ 40 PETLSC2       00000028  0000000000000000  0000000000000000  0000037a  2**0  CONTENTS, RELOC, READONLY
+ 41 UPX1HEAD      00000020  0000000000000000  0000000000000000  000003a2  2**0  CONTENTS, READONLY
 SYMBOL TABLE:
 0000000000000000 l    d  NRV_HEAD	0000000000000000 NRV_HEAD
 0000000000000000 l    d  PEMAIN10	0000000000000000 PEMAIN10
@ -69,7 +69,7 @@ SYMBOL TABLE:
 0000000000000000 l    d  PETLSHAK2	0000000000000000 PETLSHAK2
 0000000000000000 l    d  PECTTPOS	0000000000000000 PECTTPOS
 0000000000000000 l    d  PECTTNUL	0000000000000000 PECTTNUL
-0000000000000000 l    d  ctok32.00	0000000000000000 ctok32.00
+0000000000000000 l    d  PEFILTER49	0000000000000000 PEFILTER49
 0000000000000000 l    d  PEIMPORT	0000000000000000 PEIMPORT
 0000000000000000 l    d  PEIBYORD	0000000000000000 PEIBYORD
 0000000000000000 l    d  PEK32ORD	0000000000000000 PEK32ORD
@ -102,6 +102,7 @@ SYMBOL TABLE:
 0000000000000000         *UND*	0000000000000000 tls_value
 0000000000000000         *UND*	0000000000000000 filter_buffer_start
 0000000000000000         *UND*	0000000000000000 filter_length
+0000000000000000         *UND*	0000000000000000 filter_cto
 0000000000000000         *UND*	0000000000000000 compressed_imports
 0000000000000000         *UND*	0000000000000000 start_of_imports
 0000000000000000         *UND*	0000000000000000 LoadLibraryA
@ -150,9 +151,10 @@ RELOCATION RECORDS FOR [PECTTPOS]:
 OFFSET           TYPE              VALUE
 0000000000000003 R_X86_64_32S      filter_buffer_start

-RELOCATION RECORDS FOR [ctok32.00]:
+RELOCATION RECORDS FOR [PEFILTER49]:
 OFFSET           TYPE              VALUE
 0000000000000001 R_X86_64_32       filter_length
+0000000000000006 R_X86_64_8        filter_cto

 RELOCATION RECORDS FOR [PEIMPORT]:
 OFFSET           TYPE              VALUE