@@ -1,3 +1,7 @@

+Sun Jul 16 21:42:58 CEST 2006 (acab)

+------------------------------------

+  * libclamav: added support for wwpack32 - not yet activated

+

 Sat Jul 15 21:33:22 BST 2006 (njh)

 ----------------------------------

   * libclamav/message.c:	Some HTML.Phishing.Bank-1 were getting through,

@@ -92,6 +92,8 @@ libclamav_la_SOURCES = \

 	rebuildpe.h \

 	petite.c \

 	petite.h \

+	wwunpack.c \

+	wwunpack.h \

 	fsg.c \

 	fsg.h \

 	line.c \

@@ -82,11 +82,11 @@ am_libclamav_la_OBJECTS = matcher-ac.lo matcher-bm.lo matcher.lo \

 	filetypes.lo blob.lo mbox.lo message.lo snprintf.lo table.lo \

 	text.lo ole2_extract.lo vba_extract.lo msexpand.lo pe.lo \

 	cabd.lo lzxd.lo mszipd.lo qtmd.lo system.lo upx.lo htmlnorm.lo \

-	chmunpack.lo rebuildpe.lo petite.lo fsg.lo line.lo untar.lo \

-	unzip.lo special.lo binhex.lo is_tar.lo tnef.lo unrar15.lo \

-	unrarvm.lo unrar.lo unrarfilter.lo unrarppm.lo unrar20.lo \

-	unrarcmd.lo pdf.lo spin.lo yc.lo elf.lo sis.lo uuencode.lo \

-	pst.lo

+	chmunpack.lo rebuildpe.lo petite.lo wwunpack.lo fsg.lo line.lo \

+	untar.lo unzip.lo special.lo binhex.lo is_tar.lo tnef.lo \

+	unrar15.lo unrarvm.lo unrar.lo unrarfilter.lo unrarppm.lo \

+	unrar20.lo unrarcmd.lo pdf.lo spin.lo yc.lo elf.lo sis.lo \

+	uuencode.lo pst.lo

 libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS)

 DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)

 depcomp = $(SHELL) $(top_srcdir)/depcomp

@@ -291,6 +291,8 @@ libclamav_la_SOURCES = \

 	rebuildpe.h \

 	petite.c \

 	petite.h \

+	wwunpack.c \

+	wwunpack.h \

 	fsg.c \

 	fsg.h \

 	line.c \

@@ -459,6 +461,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/upx.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uuencode.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vba_extract.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/wwunpack.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/yc.Plo@am__quote@

 .c.o:

@@ -41,6 +41,9 @@

 #include "spin.h"

 #include "upx.h"

 #include "yc.h"

+#ifdef WWP32

+#include "wwunpack.h"

+#endif

 #include "scanners.h"

 #include "rebuildpe.h"

 #include "str.h"

@@ -374,7 +377,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

     if(!pe_plus) { /* PE */

 	if(read(desc, &optional_hdr32, sizeof(struct pe_image_optional_hdr32)) != sizeof(struct pe_image_optional_hdr32)) {

-	    cli_dbgmsg("Can't optional file header\n");

+	    cli_dbgmsg("Can't read optional file header\n");

 	    if(DETECT_BROKEN) {

 		if(ctx->virname)

 		    *ctx->virname = "Broken.Executable";

@@ -1557,8 +1560,10 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	    free(src);

 	    free(section_hdr);

-	    if(!(tempfile = cli_gentemp(NULL)))

+	    if(!(tempfile = cli_gentemp(NULL))) {

+	        free(dest);

 		return CL_EMEM;

+	    }

 	    if((ndesc = open(tempfile, O_RDWR|O_CREAT|O_TRUNC, S_IRWXU)) < 0) {

 		cli_dbgmsg("UPX/FSG: Can't create file %s\n", tempfile);

@@ -1654,8 +1659,11 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 		}

 	    }

-	    if(!(tempfile = cli_gentemp(NULL)))

-		return CL_EMEM;

+	    if(!(tempfile = cli_gentemp(NULL))) {

+	      free(dest);

+	      free(section_hdr);

+	      return CL_EMEM;

+	    }

 	    if((ndesc = open(tempfile, O_RDWR|O_CREAT|O_TRUNC, S_IRWXU)) < 0) {

 		cli_dbgmsg("Petite: Can't create file %s\n", tempfile);

@@ -1733,8 +1741,11 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	    return CL_EIO;

 	}

-	if(!(tempfile = cli_gentemp(NULL)))

-	    return CL_EMEM;

+	if(!(tempfile = cli_gentemp(NULL))) {

+	  free(spinned);

+	  free(section_hdr);

+	  return CL_EMEM;

+	}

 	if((ndesc = open(tempfile, O_RDWR|O_CREAT|O_TRUNC, S_IRWXU)) < 0) {

 	    cli_dbgmsg("PESpin: Can't create file %s\n", tempfile);

@@ -1799,8 +1810,11 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	    return CL_EIO;

 	  }

-	  if(!(tempfile = cli_gentemp(NULL)))

-	      return CL_EMEM;

+	  if(!(tempfile = cli_gentemp(NULL))) {

+	    free(spinned);

+	    free(section_hdr);

+	    return CL_EMEM;

+	  }

 	  if((ndesc = open(tempfile, O_RDWR|O_CREAT|O_TRUNC, S_IRWXU)) < 0) {

 	    cli_dbgmsg("yC: Can't create file %s\n", tempfile);

@@ -1844,6 +1858,130 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	}

     }

+#ifdef WWP32

+    /* WWPack */

+

+    if(nsections > 1 &&

+       EC32(section_hdr[nsections-1].SizeOfRawData)>0x2b1 &&

+       EC32(optional_hdr32.AddressOfEntryPoint) == EC32(section_hdr[nsections - 1].VirtualAddress) &&

+       EC32(section_hdr[nsections - 1].VirtualAddress)+EC32(section_hdr[nsections - 1].SizeOfRawData) == max &&

+       memcmp(buff, "\x53\x55\x8b\xe8\x33\xdb\xeb", 7) == 0 &&

+       memcmp(buff+0x68, "\xe8\x00\x00\x00\x00\x58\x2d\x6d\x00\x00\x00\x50\x60\x33\xc9\x50\x58\x50\x50", 19) == 0)  {

+      uint32_t headsize=EC32(section_hdr[nsections - 1].PointerToRawData);

+      char *dest, *wwp;

+

+      for(i = 0 ; i < nsections-1; i++) {

+	uint32_t offset = cli_rawaddr(EC32(section_hdr[i].VirtualAddress), section_hdr, nsections, &err);

+	if (!err && offset<headsize) headsize=offset;

+      }

+      

+      dsize = max-min+headsize-EC32(section_hdr[nsections - 1].SizeOfRawData);

+

+      if(ctx->limits && ctx->limits->maxfilesize && dsize > ctx->limits->maxfilesize) {

+	cli_dbgmsg("WWPack: Size exceeded (dsize: %u, max: %lu)\n", dsize, ctx->limits->maxfilesize);

+	free(section_hdr);

+	if(BLOCKMAX) {

+	  *ctx->virname = "PE.WWPack.ExceededFileSize";

+	  return CL_VIRUS;

+	} else {

+	  return CL_CLEAN;

+	}

+      }

+

+      if((dest = (char *) cli_calloc(dsize, sizeof(char))) == NULL) {

+	cli_dbgmsg("WWPack: Can't allocate %d bytes\n", dsize);

+	free(section_hdr);

+	return CL_EMEM;

+      }

+      memset(dest, 0, dsize);

+

+      lseek(desc, 0, SEEK_SET);

+      if((size_t) read(desc, dest, headsize) != headsize) {

+	cli_dbgmsg("WWPack: Can't read %d bytes from headers\n", headsize);

+	free(dest);

+	free(section_hdr);

+	return CL_EIO;

+      }

+

+      for(i = 0 ; i < nsections-1; i++) {

+	if(section_hdr[i].SizeOfRawData) {

+	  uint32_t offset = cli_rawaddr(EC32(section_hdr[i].VirtualAddress), section_hdr, nsections, &err);

+	  

+	  if(err || lseek(desc, offset, SEEK_SET) == -1 || (unsigned int) read(desc, dest + headsize + EC32(section_hdr[i].VirtualAddress) - min, EC32(section_hdr[i].SizeOfRawData)) != EC32(section_hdr[i].SizeOfRawData)) {

+	    free(dest);

+	    free(section_hdr);

+	    return CL_EIO;

+	  }

+	}

+      }

+

+      if((wwp = (char *) cli_calloc(EC32(section_hdr[nsections - 1].SizeOfRawData), sizeof(char))) == NULL) {

+	cli_dbgmsg("WWPack: Can't allocate %d bytes\n", EC32(section_hdr[nsections - 1].SizeOfRawData));

+	free(dest);

+	free(section_hdr);

+	return CL_EMEM;

+      }

+

+      lseek(desc, EC32(section_hdr[nsections - 1].PointerToRawData), SEEK_SET);      

+      if((size_t) read(desc, wwp, EC32(section_hdr[nsections - 1].SizeOfRawData)) != EC32(section_hdr[nsections - 1].SizeOfRawData)) {

+	cli_dbgmsg("WWPack: Can't read %d bytes from wwpack sect\n", EC32(section_hdr[nsections - 1].SizeOfRawData));

+	free(dest);

+	free(wwp);

+	free(section_hdr);

+	return CL_EIO;

+      }

+

+      if (!wwunpack(dest, dsize, headsize, min, EC32(section_hdr[nsections-1].VirtualAddress),  e_lfanew, wwp, EC32(section_hdr[nsections - 1].SizeOfRawData), nsections-1)) {

+	

+	free(wwp);

+

+	if(!(tempfile = cli_gentemp(NULL)))

+	  return CL_EMEM;

+

+	if((ndesc = open(tempfile, O_RDWR|O_CREAT|O_TRUNC, S_IRWXU)) < 0) {

+	  cli_dbgmsg("WWPack: Can't create file %s\n", tempfile);

+	  free(tempfile);

+	  free(dest);

+	  free(section_hdr);

+	  return CL_EIO;

+	}

+

+	if((unsigned int) write(ndesc, dest, dsize) != dsize) {

+	  cli_dbgmsg("UPX/FSG: Can't write %d bytes\n", dsize);

+	  close(ndesc);

+	  free(tempfile);

+	  free(dest);

+	  free(section_hdr);

+	  return CL_EIO;

+	}

+

+	free(dest);

+	cli_dbgmsg("WWPack: Unpacked and rebuilt executable saved in %s\n", tempfile);

+	fsync(ndesc);

+	lseek(ndesc, 0, SEEK_SET);

+

+	if(cli_magic_scandesc(ndesc, ctx) == CL_VIRUS) {

+	  free(section_hdr);

+	  close(ndesc);

+	  if(!cli_leavetemps_flag)

+	    unlink(tempfile);

+	  free(tempfile);

+	  return CL_VIRUS;

+	}

+

+	close(ndesc);

+	if(!cli_leavetemps_flag)

+	  unlink(tempfile);

+	free(tempfile);

+      } else {

+	free(wwp);

+	free(dest);

+	cli_dbgmsg("WWPpack: Decompression failed\n");

+      }

+    }

+#endif

+

+

     /* to be continued ... */

     free(section_hdr);

new file mode 100644

@@ -0,0 +1,361 @@

+/*

+ *  Copyright (C) 2006 aCaB <acab@clamav.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License as published by

+ *  the Free Software Foundation; either version 2 of the License, or

+ *  (at your option) any later version.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

+ *  MA 02110-1301, USA.

+ */

+

+/*

+** wwunpack.c

+** 09/07/2k6 - Campioni del mondo!!!

+** 14/07/2k6 - RCE'ed + standalone sect unpacker

+** 15/07/2k6 - Merge started

+** 17/07/2k6 - Rebuild

+**

+*/

+

+/*

+** Unpacks+rebuilds WWPack32 1.20

+**

+** Just boooooring stuff, blah.

+**

+*/

+

+

+/*

+** TODO:

+**

+** use cli_readint32

+** add bound checks

+** check eax vs al

+**

+*/

+

+#ifdef WWP32

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include <stdio.h>

+#include <stdlib.h>

+#include <sys/types.h>

+#include <sys/stat.h>

+#include <unistd.h>

+#include <string.h>

+

+#include "cltypes.h"

+#include "pe.h"

+#include "rebuildpe.h"

+#include "others.h"

+#include "wwunpack.h"

+

+static void getbits(uint8_t X, uint32_t *eax, uint32_t *bitmap, uint8_t *bits, char **src) {

+  *eax=*bitmap>>(32-X);

+  if (*bits>X) {

+    *bitmap<<=X;

+    *bits-=X;

+  } else if (*bits<X) {

+    X-=*bits;

+    *eax>>=X;

+    *bitmap=*(uint32_t *)(*src);

+    *src+=4;

+    *eax<<=X;

+    *eax|=*bitmap>>(32-X);

+    *bitmap<<=X;

+    *bits=32-X;

+  } else {

+    *bitmap=*(uint32_t *)(*src);

+    *src+=4;

+    *bits=32;

+  }

+}

+

+

+static void wunpsect(char *src, char *dst) {

+  uint32_t bitmap, eax;

+  uint8_t bits;

+  unsigned int lostbit, getmorestuff;

+  uint16_t backbytes;

+  uint16_t backsize;

+  uint8_t oal;

+

+  eax=bitmap=*(uint32_t *)src;

+  src+=4;

+  bits=32;

+

+

+  while (1) {

+    lostbit=bitmap>>31;

+    bitmap<<=1;

+    bits--;

+    if (!lostbit && bits) {

+      *dst++=*src++;

+      continue;

+    }

+    

+    if (!bits) {

+      eax=bitmap=*(uint32_t *)src;

+      bits=32;

+      src+=4;

+      if (!lostbit) {

+	*dst++=*src++;

+	continue;

+      }

+    }

+    

+    getbits(2, &eax, &bitmap, &bits, &src);

+    

+    if ((eax&0xff)>=3) {

+      /* 50ff - two_bytes */

+      uint8_t fetchbits;

+      

+      getbits(2, &eax, &bitmap, &bits, &src);

+      fetchbits=(eax&0xff)+5;

+      eax--;

+      if ((int16_t)(eax&0xffff)<=0) {

+	/* 5113 */

+	backbytes=1<<fetchbits;

+	backbytes=(backbytes&0xff00)|((backbytes-31)&0xff);

+      } else {

+	/* 511b */

+	fetchbits++;

+	backbytes=1<<fetchbits;

+	backbytes-=0x9f;

+      }

+      /* 5125 */

+      getbits(fetchbits, &eax, &bitmap, &bits, &src);

+      if ((eax&0xffff)==0x1ff) break;

+      eax&=0xffff;

+      backbytes+=eax;

+      *dst=*(dst-backbytes);

+      dst++;

+      *dst=*(dst-backbytes);

+      dst++;

+      continue;

+    }

+

+    /* 5143 - more_backbytes */      

+    oal=eax&0xff;

+    getmorestuff=1;

+    /* FIXME: pushf */

+    

+    getbits(3, &eax, &bitmap, &bits, &src);

+    if ((eax&0xff)<=3) {

+      lostbit=0;

+      if ((eax&0xff)==3) {

+	/* next_bit_or_reseed */

+	lostbit=bitmap>>31;

+	bitmap<<=1;

+	bits--;

+	if (!bits) { 

+	  bitmap=*(uint32_t *)src;

+	  bits=32;

+	  src+=4;

+	}

+      }

+      eax=eax+lostbit+5;

+      /* FIXME: jmp more_bb_commondock */

+    } else { /* >3 */

+      /* 5160 - more_bb_morethan3 */

+      if ((eax&0xff)==4) {

+	/* next_bit_or_reseed */

+	lostbit=bitmap>>31;

+	bitmap<<=1;

+	bits--;

+	if (!bits) { 

+	  bitmap=*(uint32_t *)src;

+	  bits=32;

+	  src+=4;

+	}

+	eax=eax+lostbit+6;

+	/* FIXME: jmp more_bb_commondock */

+      } else { /* !=4 */

+	eax+=7;

+	if ((eax&0xff)>=0x0d) {

+	  getmorestuff=0; /* jmp more_bb_PASTcommondock */

+	  if ((eax&0xff)==0x0d) {

+	    /* 5179  */

+	    getbits(0x0e, &eax, &bitmap, &bits, &src);

+	    eax+=0x1fe1;

+	  } else {

+	    /* 516c */

+	    getbits(0x0f, &eax, &bitmap, &bits, &src);

+	    eax+=0x5fe1;

+	  }

+	  /* FIXME: jmp more_bb_PASTcommondock */

+	} /* al >= 0d */

+      } /* al != 4 */

+    } /* >3 */

+    

+    if (getmorestuff) {

+      /* 5192 - more_bb_commondock */

+      uint16_t bk=(1<<(eax&0xff))-0x1f;

+      getbits((eax&0xff), &eax, &bitmap, &bits, &src);

+      eax+=bk;

+    }

+    

+    /* 51a7 - more_bb_pastcommondock */

+    eax&=0xffff;

+    backbytes=eax;

+    backsize=3+(oal!=1); /* FIXME: move up and remove oal */

+    

+    if (oal<1) { /* overrides backsize */

+      /* 51bb - more_bb_again */

+      

+      /* next_bit_or_reseed */

+      lostbit=bitmap>>31;

+      bitmap<<=1;

+      bits--;

+      if (!bits) { 

+	bitmap=*(uint32_t *)src;

+	bits=32;

+	src+=4;

+      }

+      if (!lostbit) {

+	/* 51c2 */

+	/* next_bit_or_reseed */

+	lostbit=bitmap>>31;

+	bitmap<<=1;

+	bits--;

+	if (!bits) { 

+	  bitmap=*(uint32_t *)src;

+	  bits=32;

+	  src+=4;

+	}

+	eax=5+lostbit;

+	/* FIXME: jmp setsize_and_backcopy */

+      } else {

+	/* 51ce - more_bb_again_and_again */

+	getbits(3, &eax, &bitmap, &bits, &src);

+	if (eax&0xff) {

+	  /* 51e6 */

+	  eax+=6;

+	  /* FIXME: jmp setsize_and_backcopy */

+	} else {

+	  getbits(4, &eax, &bitmap, &bits, &src);

+	  if (eax&0xff) {

+	    /* 51e4 */

+	    eax+=7+6;

+	    /* FIXME: jmp setsize_and_backcopy */

+	  } else {

+	    /* 51ea - OMGWTF */

+	    uint8_t c=4;

+	    uint16_t d=0x0d;

+	    

+	    while ( 1 ) {

+	      if (c!=7){

+		d+=2;

+		d<<=1;

+		d--;

+		

+		/* next_bit_or_reseed */

+		lostbit=bitmap>>31;

+		bitmap<<=1;

+		bits--;

+		if (!bits) { 

+		  bitmap=*(uint32_t *)src;

+		  bits=32;

+		  src+=4;

+		}

+		c++;

+		if (!lostbit) continue;

+		getbits(c, &eax, &bitmap, &bits, &src);

+		d+=eax&0xff;

+		eax&=0xffffff00;

+		eax|=d&0xff;

+	      } else {

+		getbits(14, &eax, &bitmap, &bits, &src);

+	      }

+	      break;

+	    } /* while */

+	  } /* OMGWTF */

+	} /* eax&0xff */

+      } /* lostbit */

+	/* 521b - setsize_and_backcopy */

+      backsize=eax&0xffff;

+    }

+

+    /* 521e - backcopy */

+    while(backsize--){

+      *dst=*(dst-backbytes);

+      dst++;

+    }

+

+  } /* while true */

+  

+}

+

+int wwunpack(char *exe, uint32_t exesz, uint32_t headsize, uint32_t min, uint32_t wwprva, uint32_t e_lfanew, char *wwp, uint32_t wwpsz, uint16_t sects) {

+  char *stuff=wwp+0x2a1, *packed, *unpacked;

+  uint32_t rva, csize;

+

+  cli_dbgmsg("in wwunpack\n");

+

+

+  while(1) {

+    if (!CLI_ISCONTAINED(wwp, wwpsz, stuff, 17)) {

+      cli_dbgmsg("WWPack: next chunk out ouf file, giving up.\n");

+      return 1;

+    }

+    if ((csize=cli_readint32(stuff+8)*4)!=cli_readint32(stuff+12)+4) {

+      cli_dbgmsg("WWPack: inconsistent/hacked data, go figure!\n");

+      return 1;

+    }

+    rva = wwprva-cli_readint32(stuff);

+    if((packed = (char *) cli_calloc(csize, sizeof(char))) == NULL) {

+      cli_dbgmsg("WWPack: Can't allocate %d bytes\n", csize);

+      return 1;

+    }

+    unpacked=exe+headsize+rva-min;

+    if (!CLI_ISCONTAINED(exe, exesz, unpacked, csize)) {

+      cli_dbgmsg("WWPack: packed data out of bounds, giving up.\n");

+      return 1;

+    }

+    memcpy(packed, unpacked, csize);

+    wunpsect(packed, unpacked);

+    free(packed);

+    if (!stuff[16]) break;

+    stuff+=17;

+  }

+

+  stuff=exe+e_lfanew;

+  stuff[6]=sects&0xff;

+  stuff[7]=sects>>8;

+

+  csize=cli_readint32(wwp+0x295)+wwprva+0x299;

+  cli_dbgmsg("WWPack: found OEP @%x\n", csize);

+  cli_writeint32(stuff+0x28, csize);

+

+#define VAALIGN(s) (((s)/0x1000+((s)%0x1000!=0))*0x1000)

+#define FIXVS(v, r) (VAALIGN((r>v)?r:v))

+

+  stuff+=0xf8;

+  while (sects--) {

+    uint32_t v=cli_readint32(stuff+8);

+    uint32_t r=cli_readint32(stuff+16);

+    csize=FIXVS(v, r);

+    cli_writeint32(stuff+8, csize);

+    cli_writeint32(stuff+16, csize);

+    cli_writeint32(stuff+20, cli_readint32(stuff+12)-min+headsize);

+    stuff+=0x28;

+  }

+  memset(stuff, 0, 0x28);

+

+  cli_dbgmsg("WWPack: Successfully rebuilt\n", csize);

+  return 0;

+}

+

+#endif

new file mode 100644

@@ -0,0 +1,28 @@

+/*

+ *  Copyright (C) 2006 aCaB <acab@clamav.net>

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License as published by

+ *  the Free Software Foundation; either version 2 of the License, or

+ *  (at your option) any later version.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

+ *  MA 02110-1301, USA.

+ */

+

+#ifndef __WWP32_H

+#define __WWP32_H

+

+#include "cltypes.h"

+#include "rebuildpe.h"

+

+int wwunpack(char *, uint32_t, uint32_t, uint32_t, uint32_t, uint32_t, char *, uint32_t, uint16_t);

+

+#endif