@@ -98,7 +98,9 @@

 #define UPX_NRV2B "\x11\xdb\x11\xc9\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9\x11\xc9\x75\x20\x41\x01\xdb"

 #define UPX_NRV2D "\x83\xf0\xff\x74\x78\xd1\xf8\x89\xc5\xeb\x0b\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9"

 #define UPX_NRV2E "\xeb\x52\x31\xc9\x83\xe8\x03\x72\x11\xc1\xe0\x08\x8a\x06\x46\x83\xf0\xff\x74\x75\xd1\xf8\x89\xc5"

-#define UPX_LZMA1 "\x56\x83\xc3\x04\x53\x50\xc7\x03\x03\x00\x02\x00\x90\x90\x90\x55\x57\x56\x53\x83"

+#define UPX_LZMA1_FIRST  "\x56\x83\xc3\x04\x53\x50\xc7\x03"

+#define UPX_LZMA1_SECOND "\x90\x90\x90\x55\x57\x56\x53\x83"

+#define UPX_LZMA0 "\x56\x83\xc3\x04\x53\x50\xc7\x03\x03\x00\x00\x00\x90\x90\x90\x55\x57\x56\x53\x83"

 #define UPX_LZMA2 "\x56\x83\xc3\x04\x53\x50\xc7\x03\x03\x00\x02\x00\x90\x90\x90\x90\x90\x55\x57\x56"

 #define PE_MAXNAMESIZE 256

@@ -4478,9 +4480,10 @@ int cli_scanpe(cli_ctx *ctx)

             }

             if(strictdsize<=dsize)

-                upx_success = upx_inflatelzma(src+skew, ssize-skew, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0;

-        } else if (cli_memstr(UPX_LZMA1, 20, epbuff + 0x39, 20)) {

+                upx_success = upx_inflatelzma(src+skew, ssize-skew, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep, 0x20003) >=0;

+        } else if (cli_memstr(UPX_LZMA1_FIRST, 8, epbuff + 0x39, 8) && cli_memstr(UPX_LZMA1_SECOND, 8, epbuff + 0x45, 8)) {

             uint32_t strictdsize=cli_readint32(epbuff+0x2b), skew = 0;

+            uint32_t properties=cli_readint32(epbuff+0x41);

             if(ssize > 0x15 && epbuff[0] == '\x60' && epbuff[1] == '\xbe') {

                 skew = cli_readint32(epbuff+2) - exe_sections[i + 1].rva - optional_hdr32.ImageBase;

                 if(skew!=0x15)

@@ -4488,7 +4491,7 @@ int cli_scanpe(cli_ctx *ctx)

             }

             if(strictdsize<=dsize)

-                upx_success = upx_inflatelzma(src+skew, ssize-skew, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0;

+                upx_success = upx_inflatelzma(src+skew, ssize-skew, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep, properties) >=0;

         }

         if(!upx_success) {

@@ -543,14 +543,19 @@ int upx_inflate2e(const char *src, uint32_t ssize, char *dst, uint32_t *dsize, u

   return pefromupx (src, ssize, dst, dsize, ep, upx0, upx1, magic, dcur);

 }

-int upx_inflatelzma(const char *src, uint32_t ssize, char *dst, uint32_t *dsize, uint32_t upx0, uint32_t upx1, uint32_t ep) {

+int upx_inflatelzma(const char *src, uint32_t ssize, char *dst, uint32_t *dsize, uint32_t upx0, uint32_t upx1, uint32_t ep, uint32_t properties) {

   struct CLI_LZMA l;

   uint32_t magic[]={0xb16,0xb1e,0};

   unsigned char fake_lzmahdr[5];

   memset(&l, 0, sizeof(l));

   cli_writeint32(fake_lzmahdr + 1, *dsize);

-  *fake_lzmahdr = 3 /* lc */ + 9* ( 5* 2 /* pb */ + 0 /* lp */);

+  uint8_t lc = properties & 0xff;

+  uint8_t pb = (properties >> 16) & 0xff; 

+  if (lc >= 9 || pb >= 5)

+      return 0;

+

+  *fake_lzmahdr = lc + 9* ( 5* pb + 0 /* lp */);

   l.next_in = fake_lzmahdr;

   l.avail_in = 5;

   if(cli_LzmaInit(&l, *dsize) != LZMA_RESULT_OK)

@@ -27,6 +27,6 @@

 int upx_inflate2b(const char *, uint32_t, char *, uint32_t *, uint32_t, uint32_t, uint32_t);

 int upx_inflate2d(const char *, uint32_t, char *, uint32_t *, uint32_t, uint32_t, uint32_t);

 int upx_inflate2e(const char *, uint32_t, char *, uint32_t *, uint32_t, uint32_t, uint32_t);

-int upx_inflatelzma(const char *, uint32_t, char *, uint32_t *, uint32_t, uint32_t, uint32_t);

+int upx_inflatelzma(const char *, uint32_t, char *, uint32_t *, uint32_t, uint32_t, uint32_t, uint32_t);

 #endif