...
|
...
|
@@ -134,7 +134,7 @@ static char exec86(uint8_t aelle, uint8_t cielle, char *curremu) {
|
134
|
134
|
}
|
135
|
135
|
}
|
136
|
136
|
if ( len!=0x24 || curremu[len]!='\xaa' )
|
137
|
|
- cli_dbgmsg("spin: bad emucode\n"); // FIXME: I should really give up here
|
|
137
|
+ cli_dbgmsg("spin: bad emucode\n"); /* FIXME: I should really give up here */
|
138
|
138
|
return aelle;
|
139
|
139
|
}
|
140
|
140
|
|
...
|
...
|
@@ -263,7 +263,7 @@ static int unfsg(char *source, char *dest, int ssize, int dsize) {
|
263
|
263
|
}
|
264
|
264
|
lostbit = 0;
|
265
|
265
|
}
|
266
|
|
- if ((backsize > dest + dsize - cdst) || (backbytes > cdst - dest))
|
|
266
|
+ if ((backsize > (uint32_t)(dest + dsize - cdst)) || (backbytes > (uint32_t)(cdst - dest)))
|
267
|
267
|
return -1;
|
268
|
268
|
while(backsize--) {
|
269
|
269
|
*cdst=*(cdst-backbytes);
|
...
|
...
|
@@ -323,9 +323,7 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
323
|
323
|
memcpy(spinned, src + EC32(sections[sectcnt].PointerToRawData), EC32(sections[sectcnt].SizeOfRawData));
|
324
|
324
|
ep = spinned + nep - sections[sectcnt].VirtualAddress;
|
325
|
325
|
|
326
|
|
- // ep = src + nep + sections[sectcnt].PointerToRawData - sections[sectcnt].VirtualAddress; // Just a helper
|
327
|
|
-
|
328
|
|
- curr = ep+0xdb; // HELP: as a general rule, can i do char* math or should use monsters like "&ep[0xdb]" instead?
|
|
326
|
+ curr = ep+0xdb; /* HELP: as a general rule, can i do char* math or should use monsters like "&ep[0xdb]" instead? */
|
329
|
327
|
if ( *curr != '\xbb' ) {
|
330
|
328
|
free(spinned);
|
331
|
329
|
cli_dbgmsg("spin: Not spinned or bad version\n");
|
...
|
...
|
@@ -348,10 +346,10 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
348
|
348
|
|
349
|
349
|
cli_dbgmsg("spin: Key8 is %x, Len is %x\n", key8, len);
|
350
|
350
|
|
351
|
|
- if ( ep - spinned >= EC32(sections[sectcnt].SizeOfRawData) - len - 0x1fe5 ) {
|
|
351
|
+ if ( (uint32_t)(ep - spinned) >= EC32(sections[sectcnt].SizeOfRawData) - len - 0x1fe5 ) {
|
352
|
352
|
free(spinned);
|
353
|
353
|
cli_dbgmsg("spin: len out of bounds, giving up\n");
|
354
|
|
- return 1; // Outta bounds - HELP: i suppose i should check for wraps.. not sure though
|
|
354
|
+ return 1; /* Outta bounds - HELP: i suppose i should check for wraps.. not sure though */
|
355
|
355
|
}
|
356
|
356
|
|
357
|
357
|
|
...
|
...
|
@@ -376,7 +374,7 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
376
|
376
|
return 1;
|
377
|
377
|
}
|
378
|
378
|
|
379
|
|
- curr = ep+0x2d5; // 0x2d5+5a0 < 0x3217 - still within bounds (checked by caller)
|
|
379
|
+ curr = ep+0x2d5; /* 0x2d5+5a0 < 0x3217 - still within bounds (checked by caller) */
|
380
|
380
|
cli_dbgmsg("spin: Key is %x, Len is %x\n", key32, len);
|
381
|
381
|
|
382
|
382
|
while ( len-- ) {
|
...
|
...
|
@@ -390,17 +388,17 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
390
|
390
|
curr++;
|
391
|
391
|
}
|
392
|
392
|
|
393
|
|
- len = ssize - cli_readint32(ep+0x429); // sub size, value
|
394
|
|
- if ( len >= ssize ) {
|
|
393
|
+ len = ssize - cli_readint32(ep+0x429); /* sub size, value */
|
|
394
|
+ if ( len >= (uint32_t)ssize ) {
|
395
|
395
|
free(spinned);
|
396
|
396
|
cli_dbgmsg("spin: crc out of bounds, giving up\n");
|
397
|
|
- return 1; // We wrapped
|
|
397
|
+ return 1; /* We wrapped */
|
398
|
398
|
}
|
399
|
399
|
key32 = cli_readint32(ep+0x3217) - summit(src,len);
|
400
|
400
|
|
401
|
401
|
memcpy(src + EC32(sections[sectcnt].PointerToRawData), spinned, EC32(sections[sectcnt].SizeOfRawData));
|
402
|
|
- free(spinned); // done CRC'ing - can have a dirty buffer now
|
403
|
|
- ep = src + nep + sections[sectcnt].PointerToRawData - sections[sectcnt].VirtualAddress; // Fix the helper
|
|
402
|
+ free(spinned); /* done CRC'ing - can have a dirty buffer now */
|
|
403
|
+ ep = src + nep + sections[sectcnt].PointerToRawData - sections[sectcnt].VirtualAddress; /* Fix the helper */
|
404
|
404
|
|
405
|
405
|
bitmap = cli_readint32(ep+0x3207);
|
406
|
406
|
cli_dbgmsg("spin: Key32 is %x - XORbitmap is %x\n", key32, bitmap);
|
...
|
...
|
@@ -412,9 +410,9 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
412
|
412
|
char *ptr = src + EC32(sections[j].PointerToRawData);
|
413
|
413
|
uint32_t keydup = key32;
|
414
|
414
|
|
415
|
|
- if ( EC32(sections[j].PointerToRawData) + size >= ssize ) {
|
|
415
|
+ if ( EC32(sections[j].PointerToRawData) + size >= (uint32_t)ssize ) {
|
416
|
416
|
cli_dbgmsg("spin: sect %d out of file, giving up\n", j);
|
417
|
|
- return 1; // sect outta bounds - HELP: i suppose i should check for wraps.. not sure though
|
|
417
|
+ return 1; /* sect outta bounds - HELP: i suppose i should check for wraps.. not sure though */
|
418
|
418
|
}
|
419
|
419
|
|
420
|
420
|
while (size--) {
|
...
|
...
|
@@ -435,7 +433,7 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
435
|
435
|
cli_dbgmsg("spin: done\n");
|
436
|
436
|
|
437
|
437
|
|
438
|
|
- curr = ep+0x644; // 0x28d3+0x180 < 0x3217 - still within bounds (checked by caller)
|
|
438
|
+ curr = ep+0x644; /* 0x28d3+0x180 < 0x3217 - still within bounds (checked by caller) */
|
439
|
439
|
if ( (len = cli_readint32(curr)) != 0x180) {
|
440
|
440
|
cli_dbgmsg("spin: Not spinned or bad version\n");
|
441
|
441
|
return 1;
|
...
|
...
|
@@ -464,12 +462,11 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
464
|
464
|
}
|
465
|
465
|
|
466
|
466
|
cli_dbgmsg("spin: POLY1 len is %x\n", len);
|
467
|
|
- curr+=0xf; // POLY1
|
468
|
|
-
|
469
|
|
- emu = ep+0x6d4; // Still within bounds
|
|
467
|
+ curr+=0xf; /* POLY1 */
|
|
468
|
+ emu = ep+0x6d4; /* Still within bounds */
|
470
|
469
|
|
471
|
470
|
while (len) {
|
472
|
|
- *emu=exec86(*emu, len-- & 0xff, curr); // unlame POLY1
|
|
471
|
+ *emu=exec86(*emu, len-- & 0xff, curr); /* unlame POLY1 */
|
473
|
472
|
emu++;
|
474
|
473
|
}
|
475
|
474
|
|
...
|
...
|
@@ -480,17 +477,17 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
480
|
480
|
|
481
|
481
|
for (j=0; j<sectcnt; j++) {
|
482
|
482
|
if (bitmap&1) {
|
483
|
|
- uint32_t len = EC32(sections[j].SizeOfRawData);
|
|
483
|
+ uint32_t notthesamelen = EC32(sections[j].SizeOfRawData);
|
484
|
484
|
|
485
|
485
|
emu = src + EC32(sections[j].PointerToRawData);
|
486
|
486
|
|
487
|
|
- if ( emu < src || EC32(sections[j].PointerToRawData) + len >= ssize) { // HELP: Is this enough for me to be within bounds?
|
|
487
|
+ if ( emu < src || EC32(sections[j].PointerToRawData) + notthesamelen >= (uint32_t)ssize) { /* HELP: Is this enough for me to be within bounds? */
|
488
|
488
|
cli_dbgmsg("spin: code to exec is out of file?\n");
|
489
|
489
|
return 1;
|
490
|
490
|
}
|
491
|
491
|
|
492
|
|
- while (len) {
|
493
|
|
- *emu=exec86(*emu, len-- & 0xff, curr);
|
|
492
|
+ while (notthesamelen) {
|
|
493
|
+ *emu=exec86(*emu, notthesamelen-- & 0xff, curr);
|
494
|
494
|
emu++;
|
495
|
495
|
}
|
496
|
496
|
|
...
|
...
|
@@ -510,7 +507,7 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
510
|
510
|
len = 0;
|
511
|
511
|
for (j=0; j<sectcnt; j++) {
|
512
|
512
|
if (bitmap&1) {
|
513
|
|
- if ( (sects[j] = (char *) cli_malloc(EC32(sections[j].VirtualSize)) ) == NULL ) { // FIXME: use "static" maxmalloc @4380b6 instead???
|
|
513
|
+ if ( (sects[j] = (char *) cli_malloc(EC32(sections[j].VirtualSize)) ) == NULL ) { /* FIXME: use "static" maxmalloc @4380b6 instead??? */
|
514
|
514
|
cli_dbgmsg("spin: malloc(%d) failed\n", EC32(sections[j].VirtualSize));
|
515
|
515
|
len = 1;
|
516
|
516
|
break;
|
...
|
...
|
@@ -522,7 +519,7 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
522
|
522
|
len++;
|
523
|
523
|
cli_dbgmsg("spin: Unpack failure\n");
|
524
|
524
|
}
|
525
|
|
- // sections[j].rsz = sections[j].vsz; FIXME: can't hack the caller, gotta find a better way!
|
|
525
|
+ /* sections[j].rsz = sections[j].vsz; FIXME: can't hack the caller, gotta find a better way! */
|
526
|
526
|
} else {
|
527
|
527
|
blobsz+=EC32(sections[j].SizeOfRawData);
|
528
|
528
|
sects[j] = src + EC32(sections[j].PointerToRawData);
|
...
|
...
|
@@ -550,31 +547,29 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
550
|
550
|
/* len = cli_readint32(ep+0x2fc8); -- Using vsizes instead */
|
551
|
551
|
|
552
|
552
|
for (j=0; j<sectcnt; j++) {
|
553
|
|
- if (EC32(sections[j].VirtualAddress) <= key32 && EC32(sections[j].VirtualAddress)+EC32(sections[j].SizeOfRawData) > key32) // HELP: wraps?
|
|
553
|
+ if (EC32(sections[j].VirtualAddress) <= key32 && EC32(sections[j].VirtualAddress)+EC32(sections[j].SizeOfRawData) > key32) /* HELP: wraps? */
|
554
|
554
|
break;
|
555
|
555
|
}
|
556
|
556
|
|
557
|
|
-// cli_dbgmsg("spin: --- %x < %x < %x %d / %d\n", EC32(sections[j].VirtualAddress), key32, EC32(sections[j].VirtualAddress)+EC32(sections[j].SizeOfRawData), j, sectcnt);
|
558
|
|
-
|
559
|
|
- if (j!=sectcnt && ((bitman & (1<<j)) == 0)) { // FIXME: not really sure either the res sect is lamed or just compressed, but this'll save some major headakes
|
|
557
|
+ if (j!=sectcnt && ((bitman & (1<<j)) == 0)) { /* FIXME: not really sure either the res sect is lamed or just compressed, but this'll save some major headakes */
|
560
|
558
|
cli_dbgmsg("spin: Resources (sect%d) appear to be compressed\n\tuncompressed offset %x, len %x\n\tcompressed offset %x, len %x\n", j, EC32(sections[j].VirtualAddress), key32 - EC32(sections[j].VirtualAddress), key32, EC32(sections[j].VirtualSize) - (key32 - EC32(sections[j].VirtualAddress)));
|
561
|
559
|
|
562
|
560
|
if ( (curr=(char *)cli_malloc(EC32(sections[j].VirtualSize))) != NULL ) {
|
563
|
|
- memcpy(curr, src + EC32(sections[j].PointerToRawData), key32 - EC32(sections[j].VirtualAddress)); // Uncompressed part
|
564
|
|
- memset(curr + key32 - EC32(sections[j].VirtualAddress), 0, EC32(sections[j].VirtualSize) - (key32 - EC32(sections[j].VirtualAddress))); // bzero
|
565
|
|
- if ( unfsg(src + EC32(sections[j].PointerToRawData) + key32 - EC32(sections[j].VirtualAddress), curr + key32 - EC32(sections[j].VirtualAddress), EC32(sections[j].SizeOfRawData) - (key32 - EC32(sections[j].VirtualAddress)), EC32(sections[j].VirtualSize) - (key32 - EC32(sections[j].VirtualAddress))) ) { // HELP: i can't read my own line - hope's ok :(
|
|
561
|
+ memcpy(curr, src + EC32(sections[j].PointerToRawData), key32 - EC32(sections[j].VirtualAddress)); /* Uncompressed part */
|
|
562
|
+ memset(curr + key32 - EC32(sections[j].VirtualAddress), 0, EC32(sections[j].VirtualSize) - (key32 - EC32(sections[j].VirtualAddress))); /* bzero */
|
|
563
|
+ if ( unfsg(src + EC32(sections[j].PointerToRawData) + key32 - EC32(sections[j].VirtualAddress), curr + key32 - EC32(sections[j].VirtualAddress), EC32(sections[j].SizeOfRawData) - (key32 - EC32(sections[j].VirtualAddress)), EC32(sections[j].VirtualSize) - (key32 - EC32(sections[j].VirtualAddress))) ) { /* HELP: i can't read my own line - hope's ok :( */
|
566
|
564
|
|
567
|
565
|
free(curr);
|
568
|
566
|
cli_dbgmsg("spin: Failed to grow resources, continuing anyway\n");
|
569
|
567
|
blobsz+=EC32(sections[j].SizeOfRawData);
|
570
|
568
|
} else {
|
571
|
|
- sects[j]=curr; // FIXME: bitman check above should save me from leaks
|
|
569
|
+ sects[j]=curr; /* FIXME: bitman check above should save me from leaks */
|
572
|
570
|
bitman|=1<<j;
|
573
|
571
|
cli_dbgmsg("spin: Resources grown\n");
|
574
|
572
|
blobsz+=EC32(sections[j].VirtualSize);
|
575
|
573
|
}
|
576
|
574
|
} else {
|
577
|
|
- // HELP: malloc failed but i'm too deep into this crap to worry... what to do next?
|
|
575
|
+ /* HELP: malloc failed but i'm too deep into this crap to worry... what to do next? */
|
578
|
576
|
blobsz+=EC32(sections[j].SizeOfRawData);
|
579
|
577
|
}
|
580
|
578
|
} else {
|
...
|
...
|
@@ -583,7 +578,7 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
583
|
583
|
}
|
584
|
584
|
|
585
|
585
|
|
586
|
|
- bitmap=bitman; // save as a free() bitmap
|
|
586
|
+ bitmap=bitman; /* save as a free() bitmap */
|
587
|
587
|
|
588
|
588
|
if ( (ep = (char *) cli_malloc(blobsz)) != NULL ) {
|
589
|
589
|
struct SECTION *rebhlp;
|
...
|
...
|
@@ -603,8 +598,11 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
603
|
603
|
bitmap = bitmap >>1 & 0x7fffffff;
|
604
|
604
|
}
|
605
|
605
|
|
606
|
|
- if ( (to = rebuildpe(ep, rebhlp, sectcnt, 0x400000, 0x1000, 0, 0))) { // HELP: should i bother fixing those values? the rebuilt exe is completely broken anyway.
|
607
|
|
- write(desc, to, 0x148+0x80+0x28*j+rebhlp[j-1].raw+rebhlp[j-1].rsz);
|
|
606
|
+ if ( (to = rebuildpe(ep, rebhlp, sectcnt, 0x400000, 0x1000, 0, 0))) { /* HELP: should i bother fixing those values? the rebuilt exe is completely broken anyway. */
|
|
607
|
+ if (cli_writen(desc, to, 0x148+0x80+0x28*j+rebhlp[j-1].raw+rebhlp[j-1].rsz)==-1) {
|
|
608
|
+ cli_dbgmsg("spin: Cannot write unpacked file\n");
|
|
609
|
+ retval = 1;
|
|
610
|
+ }
|
608
|
611
|
free(to);
|
609
|
612
|
} else {
|
610
|
613
|
cli_dbgmsg("spin: Cannot write unpacked file\n");
|
...
|
...
|
@@ -624,5 +622,5 @@ int unspin(char *src, int ssize, struct pe_image_section_hdr *sections, int sect
|
624
|
624
|
bitman = bitman >>1 & 0x7fffffff;
|
625
|
625
|
}
|
626
|
626
|
free(sects);
|
627
|
|
- return 1; // :(
|
|
627
|
+ return 1; /* :( */
|
628
|
628
|
}
|