Go to most recent revision | Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 3915 | Serge | 1 | |
| 2 | |||
| 3 | |||
| 4 | use32 |
||
| 5 | |||
| 6 | |||
| 7 | db 'MENUET02' |
||
| 8 | |||
| 9 | dd __start |
||
| 10 | dd __iend |
||
| 11 | dd __bssend |
||
| 12 | dd __stack |
||
| 13 | dd __cmdline |
||
| 14 | dd __pgmname |
||
| 15 | dd 0x0 |
||
| 16 | dd __idata_start |
||
| 17 | dd __idata_end |
||
| 18 | dd main |
||
| 19 | |||
| 20 | IMAGE_DOS_SIGNATURE equ 0x5A4D |
||
| 21 | |||
| 22 | IMAGE_FILE_MACHINE_I386 equ 0x014c |
||
| 23 | IMAGE_NT_OPTIONAL_HDR32_MAGIC equ 0x10B |
||
| 24 | IMAGE_NT_HEADERS32_SIZE equ 0xF8 |
||
| 25 | |||
| 26 | |||
| 27 | |||
| 28 | |||
| 29 | .e_lfanew equ 0x3C |
||
| 30 | |||
| 31 | .FileHeader.NumberOfSections equ 0x06 |
||
| 32 | |||
| 33 | .OptionalHeader.ImageBase equ 0x34 |
||
| 34 | |||
| 35 | .FileAlignment equ 0x3C |
||
| 36 | |||
| 37 | .OptionalHeader.SizeOfImage equ 0x50 |
||
| 38 | |||
| 39 | |||
| 40 | .VirtualAddress equ 0x0C |
||
| 41 | |||
| 42 | .PointerToRawData equ 0x14 |
||
| 43 | |||
| 44 | .OptionalHeader.RelocDataDirectory.VirtualAddress equ 0xA0 |
||
| 45 | |||
| 46 | |||
| 47 | .SizeOfBlock equ 0x04 |
||
| 48 | |||
| 49 | |||
| 50 | |||
| 51 | |||
| 52 | mov ecx, STACK_SIZE |
||
| 53 | add ecx, 4095 |
||
| 54 | and ecx, -4096 |
||
| 55 | int 0x40 |
||
| 56 | test eax, eax |
||
| 57 | jz .exit |
||
| 58 | |||
| 59 | add ecx, eax |
||
| 60 | |||
| 61 | mov [fs:12], ecx |
||
| 62 | mov esp, ecx |
||
| 63 | |||
| 64 | sub esp, 1024 |
||
| 65 | |||
| 66 | mov ebx, esp |
||
| 67 | mov ecx, -1 |
||
| 68 | int 0x40 |
||
| 69 | |||
| 70 | mov eax, [ebx+30] |
||
| 71 | |||
| 72 | add esp, 1024 |
||
| 73 | |||
| 74 | mov eax, 68 |
||
| 75 | |||
| 76 | mov ecx, libc_path |
||
| 77 | int 0x40 |
||
| 78 | test eax, eax |
||
| 79 | jz .exit |
||
| 80 | |||
| 81 | push edx |
||
| 82 | |||
| 83 | |||
| 84 | .validate_pe: |
||
| 85 | |||
| 86 | cmp edx, 0x3F |
||
| 87 | |||
| 88 | cmp word [eax], IMAGE_DOS_SIGNATURE |
||
| 89 | jne .exit |
||
| 90 | |||
| 91 | mov edx, [eax+.e_lfanew] |
||
| 92 | |||
| 93 | jz .exit |
||
| 94 | |||
| 95 | add edx, eax ;edx = nt header |
||
| 96 | |||
| 97 | |||
| 98 | cmp dword [edx], IMAGE_NT_SIGNATURE |
||
| 99 | |||
| 100 | |||
| 101 | cmp word [edx+0x04], IMAGE_FILE_MACHINE_I386 |
||
| 102 | |||
| 103 | |||
| 104 | cmp word [edx+0x18], IMAGE_NT_OPTIONAL_HDR32_MAGIC |
||
| 105 | |||
| 106 | |||
| 107 | mov ecx, [edx+.SectionAlignment] |
||
| 108 | |||
| 109 | ja .l1 |
||
| 110 | |||
| 111 | cmp ecx, [edx+.FileAlignment] |
||
| 112 | |||
| 113 | |||
| 114 | jmp @F |
||
| 115 | |||
| 116 | cmp ecx, [edx+.FileAlignment] |
||
| 117 | jb .exit |
||
| 118 | @@: |
||
| 119 | test ecx, ecx |
||
| 120 | jz .exit |
||
| 121 | |||
| 122 | lea eax, [ecx-1] |
||
| 123 | |||
| 124 | jnz .exit |
||
| 125 | |||
| 126 | mov ecx, [edx+.FileAlignment] |
||
| 127 | |||
| 128 | jz .exit |
||
| 129 | |||
| 130 | lea ebx, [ecx-1] |
||
| 131 | |||
| 132 | jnz .exit |
||
| 133 | |||
| 134 | cmp word [edx+.FileHeader.NumberOfSections], 96 |
||
| 135 | |||
| 136 | |||
| 137 | .create_image: |
||
| 138 | |||
| 139 | mov ecx, [edx+.OptionalHeader.SizeOfImage] |
||
| 140 | |||
| 141 | mov ebx, 12 |
||
| 142 | int 0x40 |
||
| 143 | |||
| 144 | mov ebp, eax |
||
| 145 | |||
| 146 | jz .exit_2 |
||
| 147 | |||
| 148 | mov ecx, [edx+.OptionalHeader.SizeOfHeaders] |
||
| 149 | |||
| 150 | mov edi, eax |
||
| 151 | shr ecx, 2 ;copy header |
||
| 152 | rep movsd |
||
| 153 | |||
| 154 | lea eax, [edx+IMAGE_NT_HEADERS32_SIZE] ;eax = MAGE_SECTION_HEADER |
||
| 155 | |||
| 156 | test ebx, ebx |
||
| 157 | jz @F |
||
| 158 | |||
| 159 | .copy_loop: |
||
| 160 | |||
| 161 | test ecx, ecx |
||
| 162 | jz .next_section |
||
| 163 | |||
| 164 | mov esi, [eax+.PointerToRawData] |
||
| 165 | |||
| 166 | jz .next_section |
||
| 167 | |||
| 168 | add esi, [esp] |
||
| 169 | |||
| 170 | add edi, ebp |
||
| 171 | shr ecx, 2 |
||
| 172 | rep movsd |
||
| 173 | ;copy section |
||
| 174 | .next_section: |
||
| 175 | add eax, 0x28 |
||
| 176 | dec ebx |
||
| 177 | jnz .copy_loop |
||
| 178 | @@: |
||
| 179 | push edx |
||
| 180 | |||
| 181 | mov esi, [edx+.OptionalHeader.RelocDataDirectory.Size] |
||
| 182 | |||
| 183 | jz .call_libc |
||
| 184 | |||
| 185 | mov ebx, ebp |
||
| 186 | |||
| 187 | mov edx, [edx+.OptionalHeader.RelocDataDirectory.VirtualAddress] |
||
| 188 | lea ecx, [ebp+edx] ;IMAGE_BASE_RELOCATION |
||
| 189 | mov eax, [ecx+.SizeOfBlock] |
||
| 190 | test eax, eax |
||
| 191 | jz .unmap_relocs |
||
| 192 | |||
| 193 | mov esi, ebx |
||
| 194 | |||
| 195 | push esi |
||
| 196 | align 4 |
||
| 197 | .loop_block: |
||
| 198 | sub eax, 8 |
||
| 199 | lea edx, [ecx+8] ;entry |
||
| 200 | shr eax, 1 |
||
| 201 | jz .next_block |
||
| 202 | lea edi, [ecx+eax*2+8] ;last entry |
||
| 203 | align 4 |
||
| 204 | .loop_reloc: |
||
| 205 | |||
| 206 | mov si, [edx] |
||
| 207 | |||
| 208 | and eax, 0FFFh |
||
| 209 | add eax, [ecx] ;offset |
||
| 210 | shr si, 12 ;reloc type |
||
| 211 | dec si |
||
| 212 | jnz @F |
||
| 213 | |||
| 214 | .type_1: |
||
| 215 | |||
| 216 | add [eax+ebp], si |
||
| 217 | jmp .next_entry |
||
| 218 | @@: |
||
| 219 | dec si |
||
| 220 | jnz @F |
||
| 221 | |||
| 222 | .type_2: |
||
| 223 | |||
| 224 | jmp .next_entry |
||
| 225 | @@: |
||
| 226 | dec si |
||
| 227 | jnz .next_entry |
||
| 228 | |||
| 229 | .type_3: |
||
| 230 | |||
| 231 | .next_entry: |
||
| 232 | add edx, 2 |
||
| 233 | cmp edx, edi |
||
| 234 | jne .loop_reloc |
||
| 235 | .next_block: |
||
| 236 | add ecx, [ecx+.SizeOfBlock] |
||
| 237 | mov eax, [ecx+.SizeOfBlock] |
||
| 238 | test eax, eax |
||
| 239 | jnz .loop_block |
||
| 240 | |||
| 241 | add esp, 4 |
||
| 242 | |||
| 243 | mov esi, [edx+.OptionalHeader.RelocDataDirectory.Size] |
||
| 244 | mov edx, [edx+.OptionalHeader.RelocDataDirectory.VirtualAddress] |
||
| 245 | |||
| 246 | .unmap_relocs: |
||
| 247 | |||
| 248 | mov eax, 68 |
||
| 249 | mov ecx, ebp |
||
| 250 | int 0x40 |
||
| 251 | |||
| 252 | .call_libc: |
||
| 253 | |||
| 254 | push ebp |
||
| 255 | |||
| 256 | add ebp, [ebp+edx+0x28] |
||
| 257 | |||
| 258 | call ebp |
||
| 259 | |||
| 260 | .exit_2: |
||
| 261 | |||
| 262 | or eax, -1 |
||
| 263 | int 0x40 |
||
| 264 | |||
| 265 | libc_path db '/kolibrios/lib/libc.dll',0 |
||
| 266 |