include 'import32.inc'
include 'proc32.inc'
use32
org 0x0
db 'MENUET02'
dd 0x01
dd __start
dd __iend
dd __bssend
dd __stack
dd __cmdline
dd __pgmname
dd 0x0
dd __idata_start
dd __idata_end
dd main
IMAGE_DOS_SIGNATURE equ 0x5A4D
IMAGE_NT_SIGNATURE equ 0x00004550
IMAGE_FILE_MACHINE_I386 equ 0x014c
IMAGE_NT_OPTIONAL_HDR32_MAGIC equ 0x10B
IMAGE_NT_HEADERS32_SIZE equ 0xF8
__start:
.e_lfanew equ 0x3C
.FileHeader.NumberOfSections equ 0x06
.OptionalHeader.ImageBase equ 0x34
.SectionAlignment equ 0x38
.FileAlignment equ 0x3C
.OptionalHeader.SizeOfImage equ 0x50
.OptionalHeader.SizeOfHeaders equ 0x54
.VirtualAddress equ 0x0C
.SizeOfRawData equ 0x10
.PointerToRawData equ 0x14
.OptionalHeader.RelocDataDirectory.VirtualAddress equ 0xA0
.OptionalHeader.RelocDataDirectory.Size equ 0xA4
.SizeOfBlock equ 0x04
mov eax, 68
mov ebx, 12
mov ecx, STACK_SIZE
add ecx, 4095
and ecx, -4096
int 0x40
test eax, eax
jz .exit
add ecx, eax
mov [fs:8], eax
mov [fs:12], ecx
mov esp, ecx
sub esp, 1024
mov eax, 9
mov ebx, esp
mov ecx, -1
int 0x40
mov eax, [ebx+30]
mov [fs:0], eax
add esp, 1024
mov eax, 68
mov ebx, 27
mov ecx, libc_path
int 0x40
test eax, eax
jz .exit
push edx
push eax
.validate_pe:
cmp edx, 0x3F
jbe .exit
cmp word [eax], IMAGE_DOS_SIGNATURE
jne .exit
mov edx, [eax+.e_lfanew]
test edx, edx
jz .exit
add edx, eax ;edx = nt header
jb .exit
cmp dword [edx], IMAGE_NT_SIGNATURE
jnz .exit
cmp word [edx+0x04], IMAGE_FILE_MACHINE_I386
jnz .exit
cmp word [edx+0x18], IMAGE_NT_OPTIONAL_HDR32_MAGIC
jnz .exit
mov ecx, [edx+.SectionAlignment]
cmp ecx, 4095
ja .l1
cmp ecx, [edx+.FileAlignment]
jne .exit
jmp @F
.l1:
cmp ecx, [edx+.FileAlignment]
jb .exit
@@:
test ecx, ecx
jz .exit
lea eax, [ecx-1]
test ecx, eax
jnz .exit
mov ecx, [edx+.FileAlignment]
test ecx, ecx
jz .exit
lea ebx, [ecx-1]
test ecx, ebx
jnz .exit
cmp word [edx+.FileHeader.NumberOfSections], 96
ja .exit
.create_image:
mov ecx, [edx+.OptionalHeader.SizeOfImage]
mov eax, 68
mov ebx, 12
int 0x40
mov ebp, eax
test eax, eax
jz .exit_2
mov ecx, [edx+.OptionalHeader.SizeOfHeaders]
mov esi, [esp]
mov edi, eax
shr ecx, 2 ;copy header
rep movsd
lea eax, [edx+IMAGE_NT_HEADERS32_SIZE] ;eax = MAGE_SECTION_HEADER
movzx ebx, word [edx+.FileHeader.NumberOfSections]
test ebx, ebx
jz @F
.copy_loop:
mov ecx, [eax+.SizeOfRawData]
test ecx, ecx
jz .next_section
mov esi, [eax+.PointerToRawData]
test esi, esi
jz .next_section
add esi, [esp]
mov edi, [eax+.VirtualAddress]
add edi, ebp
shr ecx, 2
rep movsd
;copy section
.next_section:
add eax, 0x28
dec ebx
jnz .copy_loop
@@:
push edx
mov esi, [edx+.OptionalHeader.RelocDataDirectory.Size]
test esi, esi
jz .call_libc
mov ebx, ebp
sub ebx, [edx+.OptionalHeader.ImageBase] ;delta
mov edx, [edx+.OptionalHeader.RelocDataDirectory.VirtualAddress]
lea ecx, [ebp+edx] ;IMAGE_BASE_RELOCATION
mov eax, [ecx+.SizeOfBlock]
test eax, eax
jz .unmap_relocs
mov esi, ebx
shr esi, 16
push esi
align 4
.loop_block:
sub eax, 8
lea edx, [ecx+8] ;entry
shr eax, 1
jz .next_block
lea edi, [ecx+eax*2+8] ;last entry
align 4
.loop_reloc:
mov si, [edx]
mov eax, esi
and eax, 0FFFh
add eax, [ecx] ;offset
shr si, 12 ;reloc type
dec si
jnz @F
.type_1:
mov esi, [esp]
add [eax+ebp], si
jmp .next_entry
@@:
dec si
jnz @F
.type_2:
add [eax+ebp], bx
jmp .next_entry
@@:
dec si
jnz .next_entry
.type_3:
add [eax+ebp], ebx
.next_entry:
add edx, 2
cmp edx, edi
jne .loop_reloc
.next_block:
add ecx, [ecx+.SizeOfBlock]
mov eax, [ecx+.SizeOfBlock]
test eax, eax
jnz .loop_block
add esp, 4
pop edx
mov esi, [edx+.OptionalHeader.RelocDataDirectory.Size]
mov edx, [edx+.OptionalHeader.RelocDataDirectory.VirtualAddress]
.unmap_relocs:
mov ebx, 26
mov eax, 68
mov ecx, ebp
int 0x40
.call_libc:
push ebp
mov edx, [ebp+0x3C]
add ebp, [ebp+edx+0x28]
call ebp
.exit_2:
.exit:
or eax, -1
int 0x40
libc_path db '/kolibrios/lib/libc.dll',0