git-svn: trunk@1808
aCaB authored on 2006/01/10 09:46:40... | ... |
@@ -47,24 +47,9 @@ |
47 | 47 |
#include "pe.h" |
48 | 48 |
#include "rebuildpe.h" |
49 | 49 |
#include "others.h" |
50 |
-#include "fsg.h" |
|
51 | 50 |
|
52 |
-#if WORDS_BIGENDIAN == 0 |
|
53 |
-#define EC16(v) (v) |
|
54 |
-#define EC32(v) (v) |
|
55 |
-#else |
|
56 |
-static inline uint16_t EC16(uint16_t v) |
|
57 |
-{ |
|
58 |
- return ((v >> 8) + (v << 8)); |
|
59 |
-} |
|
60 | 51 |
|
61 |
-static inline uint32_t EC32(uint32_t v) |
|
62 |
-{ |
|
63 |
- return ((v >> 24) | ((v & 0x00FF0000) >> 8) | ((v & 0x0000FF00) << 8) | (v << 24)); |
|
64 |
-} |
|
65 |
-#endif |
|
66 |
- |
|
67 |
-static int doubledl(char **scur, uint8_t *mydlptr, char *buffer, int buffersize) |
|
52 |
+static int doubledl(char **scur, uint8_t *mydlptr, char *buffer, uint32_t buffersize) |
|
68 | 53 |
{ |
69 | 54 |
unsigned char mydl = *mydlptr; |
70 | 55 |
unsigned char olddl = mydl; |
... | ... |
@@ -119,8 +104,6 @@ static int unfsg(char *source, char *dest, int ssize, int dsize, char **endsrc, |
119 | 119 |
return -1; |
120 | 120 |
*cdst++=0x00; |
121 | 121 |
continue; |
122 |
- } else { |
|
123 |
- /* repne movsb - FIXME dont remove for now */ |
|
124 | 122 |
} |
125 | 123 |
} else { |
126 | 124 |
/* 18f */ |
... | ... |
@@ -187,7 +170,7 @@ static int unfsg(char *source, char *dest, int ssize, int dsize, char **endsrc, |
187 | 187 |
} |
188 | 188 |
lostbit = 0; |
189 | 189 |
} |
190 |
- if ((backsize > (uint32_t)(dest + dsize - cdst)) || (backbytes > (uint32_t)(cdst - dest))) |
|
190 |
+ if (!CLI_ISCONTAINED(dest, dsize, cdst, backsize) || !CLI_ISCONTAINED(dest, dsize, cdst-backbytes, backsize)) |
|
191 | 191 |
return -1; |
192 | 192 |
while(backsize--) { |
193 | 193 |
*cdst=*(cdst-backbytes); |
... | ... |
@@ -208,11 +191,10 @@ static int unfsg(char *source, char *dest, int ssize, int dsize, char **endsrc, |
208 | 208 |
return 0; |
209 | 209 |
} |
210 | 210 |
|
211 |
- |
|
212 | 211 |
int unfsg_200(char *source, char *dest, int ssize, int dsize, uint32_t rva, uint32_t base, uint32_t ep, int file) { |
213 | 212 |
char *fake, *tsrc; |
214 | 213 |
struct SECTION section; // Yup, just one ;) |
215 |
- |
|
214 |
+ |
|
216 | 215 |
if ( unfsg(source, dest, ssize, dsize, &fake, &fake) ) return -1; |
217 | 216 |
|
218 | 217 |
section.raw=0; |
... | ... |
@@ -167,7 +167,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
167 | 167 |
char sname[9], buff[4096], *tempfile; |
168 | 168 |
unsigned int i, found, upx_success = 0, min = 0, max = 0, err, broken = 0; |
169 | 169 |
unsigned int ssize = 0, dsize = 0, dll = 0, pe_plus = 0; |
170 |
- int (*upxfn)(char *, int , char *, int *, uint32_t, uint32_t, uint32_t) = NULL; |
|
170 |
+ int (*upxfn)(char *, uint32_t, char *, uint32_t *, uint32_t, uint32_t, uint32_t) = NULL; |
|
171 | 171 |
char *src = NULL, *dest = NULL; |
172 | 172 |
int ndesc, ret; |
173 | 173 |
|
... | ... |
@@ -58,7 +58,6 @@ |
58 | 58 |
#include "pe.h" |
59 | 59 |
#include "rebuildpe.h" |
60 | 60 |
#include "others.h" |
61 |
-#include "petite.h" |
|
62 | 61 |
|
63 | 62 |
#if WORDS_BIGENDIAN == 0 |
64 | 63 |
#define EC32(v) (v) |
... | ... |
@@ -69,7 +68,9 @@ static inline uint32_t EC32(uint32_t v) |
69 | 69 |
} |
70 | 70 |
#endif |
71 | 71 |
|
72 |
-static int doubledl(char **scur, uint8_t *mydlptr, char *buffer, int buffersize) |
|
72 |
+#define MAX(a,b) ((a > b) ? a : b) |
|
73 |
+ |
|
74 |
+static int doubledl(char **scur, uint8_t *mydlptr, char *buffer, uint32_t buffersize) |
|
73 | 75 |
{ |
74 | 76 |
unsigned char mydl = *mydlptr; |
75 | 77 |
unsigned char olddl = mydl; |
... | ... |
@@ -86,7 +87,7 @@ static int doubledl(char **scur, uint8_t *mydlptr, char *buffer, int buffersize) |
86 | 86 |
return (olddl>>7)&1; |
87 | 87 |
} |
88 | 88 |
|
89 |
-int petite_inflate2x_1to9(char *buf, uint32_t minrva, int bufsz, struct pe_image_section_hdr *sections, int sectcount, uint32_t Imagebase, uint32_t pep, int desc, int version, uint32_t ResRva, uint32_t ResSize) |
|
89 |
+int petite_inflate2x_1to9(char *buf, uint32_t minrva, uint32_t bufsz, struct pe_image_section_hdr *sections, unsigned int sectcount, uint32_t Imagebase, uint32_t pep, int desc, int version, uint32_t ResRva, uint32_t ResSize) |
|
90 | 90 |
{ |
91 | 91 |
char *adjbuf = buf - minrva; |
92 | 92 |
char *packed = NULL; |
... | ... |
@@ -119,7 +120,7 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, int bufsz, struct pe_image |
119 | 119 |
uint32_t size, srva; |
120 | 120 |
int backbytes, oldback, backsize, addsize; |
121 | 121 |
|
122 |
- if ( packed < buf || packed >= buf+bufsz-4) { |
|
122 |
+ if ( ! CLI_ISCONTAINED(buf, bufsz, packed, 4)) { |
|
123 | 123 |
if (usects) |
124 | 124 |
free(usects); |
125 | 125 |
return -1; |
... | ... |
@@ -170,26 +171,28 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, int bufsz, struct pe_image |
170 | 170 |
if (enc_ep) { |
171 | 171 |
uint32_t virtaddr = pep + 5 + Imagebase, tmpep; |
172 | 172 |
int rndm = 0, dummy = 1; |
173 |
- uint32_t *thunk = (uint32_t*)(adjbuf+irva); |
|
174 |
- uint32_t *imports; |
|
173 |
+ char *thunk = adjbuf+irva; |
|
174 |
+ char *imports; |
|
175 | 175 |
|
176 | 176 |
if ( version == 2 ) { /* 2.2 onley */ |
177 | 177 |
|
178 |
- while ( (char *)thunk >=buf && (char *)thunk<buf+bufsz-4 && dummy ) { |
|
178 |
+ while ( dummy && CLI_ISCONTAINED(buf, bufsz, thunk, 4) ) { |
|
179 | 179 |
uint32_t api; |
180 | 180 |
|
181 |
- if (! *thunk ) { |
|
181 |
+ if (! cli_readint32(thunk)) { |
|
182 | 182 |
workdone = 1; |
183 | 183 |
break; |
184 | 184 |
} |
185 | 185 |
|
186 |
- imports = (uint32_t *) (adjbuf + EC32(*thunk++)); |
|
186 |
+ imports = adjbuf + cli_readint32(thunk); |
|
187 |
+ thunk+=4; |
|
187 | 188 |
dummy = 0; |
188 | 189 |
|
189 |
- while ( (char *)imports >=buf && (char *)imports<buf+bufsz-4 ) { |
|
190 |
- dummy = 0; |
|
190 |
+ while ( CLI_ISCONTAINED(buf, bufsz, imports, 4)) { |
|
191 |
+ dummy = 0; |
|
191 | 192 |
|
192 |
- if ( ! (api = EC32(*imports++)) ) { |
|
193 |
+ imports+=4; |
|
194 |
+ if ( ! (api = cli_readint32(imports-4)) ) { |
|
193 | 195 |
dummy = 1; |
194 | 196 |
break; |
195 | 197 |
} |
... | ... |
@@ -220,7 +223,7 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, int bufsz, struct pe_image |
220 | 220 |
/* Let's compact data */ |
221 | 221 |
for (t = 0; t < j ; t++) { |
222 | 222 |
usects[t].raw = (usects[t-1].raw + usects[t-1].rsz)*(t>0); |
223 |
- if (usects[t].rsz != 0) |
|
223 |
+ if (usects[t].rsz != 0 && CLI_ISCONTAINED(buf, bufsz, buf + usects[t].raw, usects[t].rsz)) |
|
224 | 224 |
memmove(buf + usects[t].raw, adjbuf + usects[t].rva, usects[t].rsz); |
225 | 225 |
} |
226 | 226 |
|
... | ... |
@@ -249,7 +252,7 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, int bufsz, struct pe_image |
249 | 249 |
- 1 time for the all_the_rest section |
250 | 250 |
*/ |
251 | 251 |
|
252 |
- if ( packed < buf || packed >= buf+bufsz-12) { |
|
252 |
+ if ( ! CLI_ISCONTAINED(buf, bufsz, packed+4, 8) ) { |
|
253 | 253 |
if (usects) |
254 | 254 |
free(usects); |
255 | 255 |
return -1; |
... | ... |
@@ -259,7 +262,7 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, int bufsz, struct pe_image |
259 | 259 |
ssrc = adjbuf + cli_readint32(packed+4) - (size-1)*4; |
260 | 260 |
ddst = adjbuf + cli_readint32(packed+8) - (size-1)*4; |
261 | 261 |
|
262 |
- if ( ssrc < buf || size*4 >= buf + bufsz - ssrc || ddst < buf || size*4 >= buf + bufsz - ddst ) { |
|
262 |
+ if ( !CLI_ISCONTAINED(buf, bufsz, ssrc, size*4) || !CLI_ISCONTAINED(buf, bufsz, ddst, size*4) ) { |
|
263 | 263 |
if (usects) |
264 | 264 |
free(usects); |
265 | 265 |
return -1; |
... | ... |
@@ -275,15 +278,15 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, int bufsz, struct pe_image |
275 | 275 |
|
276 | 276 |
/* Unpak each original section in turn */ |
277 | 277 |
|
278 |
- if ( packed < buf || packed >= buf+bufsz-16) { |
|
278 |
+ if ( ! CLI_ISCONTAINED(buf, bufsz, packed+4, 8)) { |
|
279 | 279 |
if (usects) |
280 | 280 |
free(usects); |
281 | 281 |
return -1; |
282 | 282 |
} |
283 | 283 |
|
284 | 284 |
size = cli_readint32(packed+4); /* How many bytes to unpack */ |
285 |
+ thisrva=cli_readint32(packed+8); /* RVA of the original section */ |
|
285 | 286 |
packed += 0x10; |
286 |
- thisrva=cli_readint32(packed-8); /* RVA of the original section */ |
|
287 | 287 |
|
288 | 288 |
/* Alloc 1 more struct */ |
289 | 289 |
if ( ! (tmpsct = realloc(usects, sizeof(struct SECTION) * (j+1))) ) { |
... | ... |
@@ -350,7 +353,7 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, int bufsz, struct pe_image |
350 | 350 |
* func to get called instead... ehehe very smart ;) |
351 | 351 |
*/ |
352 | 352 |
|
353 |
- if ( ddst < buf || ddst >= buf+bufsz-1 || ssrc < buf || ssrc >= buf+bufsz-1 ) { |
|
353 |
+ if ( !CLI_ISCONTAINED(buf, bufsz, ssrc, 1) || !CLI_ISCONTAINED(buf, bufsz, ddst, 1)) { |
|
354 | 354 |
free(usects); |
355 | 355 |
return -1; |
356 | 356 |
} |
... | ... |
@@ -368,7 +371,7 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, int bufsz, struct pe_image |
368 | 368 |
return -1; |
369 | 369 |
} |
370 | 370 |
if (!oob) { |
371 |
- if ( ddst < buf || ddst >= buf+bufsz-1 || ssrc < buf || ssrc >= buf+bufsz-1 ) { |
|
371 |
+ if ( !CLI_ISCONTAINED(buf, bufsz, ssrc, 1) || !CLI_ISCONTAINED(buf, bufsz, ddst, 1) ) { |
|
372 | 372 |
free(usects); |
373 | 373 |
return -1; |
374 | 374 |
} |
... | ... |
@@ -438,7 +441,7 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, int bufsz, struct pe_image |
438 | 438 |
} |
439 | 439 |
backsize+=addsize; |
440 | 440 |
size-=backsize; |
441 |
- if(backsize < 0 || backbytes >= 0 || (buf - ddst > backbytes - backsize) || (ddst - buf >= bufsz - backsize)) { |
|
441 |
+ if(!CLI_ISCONTAINED(buf, bufsz, ddst, backsize) || !CLI_ISCONTAINED(buf, bufsz, ddst+backbytes, backsize)) { |
|
442 | 442 |
free(usects); |
443 | 443 |
return -1; |
444 | 444 |
} |
... | ... |
@@ -455,36 +458,46 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, int bufsz, struct pe_image |
455 | 455 |
* We've done version adjustments already, see above |
456 | 456 |
*/ |
457 | 457 |
|
458 |
- if ( j && |
|
459 |
- ( /* LONG MAGIC = 33C05E64 8B188B1B 8D63D65D */ |
|
460 |
- ( (usects[j-1].rsz > grown ) && |
|
461 |
- cli_readint32(ddst-grown+5+0x4f) == 0x645ec033 && |
|
462 |
- cli_readint32(ddst-grown+5+0x4f+4) == 0x1b8b188b ) |
|
463 |
- || |
|
464 |
- /* This crap is ugly! Gotta make it all pretty one day or another */ |
|
465 |
- ( (usects[j-1].rsz > grown+skew ) && |
|
458 |
+ if ( j ) { |
|
459 |
+ int strippetite=0; |
|
460 |
+ uint32_t reloc; |
|
461 |
+ |
|
462 |
+ /* LONG MAGIC = 33C05E64 8B188B1B 8D63D65D */ |
|
463 |
+ if ( usects[j-1].rsz > grown && |
|
464 |
+ CLI_ISCONTAINED(buf, bufsz, ddst-grown+5+0x4f, 8) && |
|
465 |
+ cli_readint32(ddst-grown+5+0x4f) == 0x645ec033 && |
|
466 |
+ cli_readint32(ddst-grown+5+0x4f+4) == 0x1b8b188b |
|
467 |
+ ) { |
|
468 |
+ reloc = 0; |
|
469 |
+ strippetite = 1; |
|
470 |
+ } |
|
471 |
+ if ( !strippetite && |
|
472 |
+ usects[j-1].rsz > grown+skew && |
|
473 |
+ CLI_ISCONTAINED(buf, bufsz, ddst-grown+5+0x4f-skew, 8) && |
|
466 | 474 |
cli_readint32(ddst-grown+5+0x4f-skew) == 0x645ec033 && |
467 |
- cli_readint32(ddst-grown+5+0x4f+4-skew) == 0x1b8b188b ) |
|
468 |
- ) |
|
469 |
- ) |
|
470 |
- { |
|
475 |
+ cli_readint32(ddst-grown+5+0x4f+4-skew) == 0x1b8b188b |
|
476 |
+ ) { |
|
477 |
+ reloc = skew; /* If the original exe had a .reloc were skewed */ |
|
478 |
+ strippetite = 1; |
|
479 |
+ } |
|
480 |
+ |
|
481 |
+ if (strippetite && CLI_ISCONTAINED(buf, bufsz, ddst-grown+0x0f-8-reloc, 8)) { |
|
471 | 482 |
uint32_t test1, test2; |
472 |
- /* If the original exe had a .reloc were skewed */ |
|
473 |
- int reloc = skew*(cli_readint32(ddst-grown+5+0x4f-skew) == 0x645ec033); |
|
474 | 483 |
|
475 | 484 |
/* REMINDER: DON'T BPX IN HERE U DUMBASS!!!!!!!!!!!!!!!!!!!!!!!! */ |
476 | 485 |
test1 = cli_readint32(ddst-grown+0x0f-8-reloc)^0x9d6661aa; |
477 | 486 |
test2 = cli_readint32(ddst-grown+0x0f-4-reloc)^0xe908c483; |
487 |
+ |
|
478 | 488 |
cli_dbgmsg("Petite: Found petite code in sect%d(%x). Let's strip it.\n", j-1, usects[j-1].rva); |
479 |
- if (test1 == test2) { |
|
489 |
+ if (test1 == test2 && CLI_ISCONTAINED(buf, bufsz, ddst-grown+0x0f-reloc, 0x1c0-0x0f+4)) { |
|
480 | 490 |
irva = cli_readint32(ddst-grown+0x121-reloc); |
481 | 491 |
enc_ep = cli_readint32(ddst-grown+0x0f-reloc)^test1; |
482 | 492 |
mangled = ((uint32_t) cli_readint32(ddst-grown+0x1c0-reloc) != 0x90909090); /* FIXME: Magic's too short??? */ |
483 | 493 |
cli_dbgmsg("Petite: Encrypted EP: %x | Array of imports: %x\n",enc_ep, irva); |
484 | 494 |
} |
485 | 495 |
usects[j-1].rsz -= grown+reloc; |
486 |
- |
|
487 |
- } |
|
496 |
+ } |
|
497 |
+ } |
|
488 | 498 |
check4resources++; |
489 | 499 |
} /* outer else */ |
490 | 500 |
} /* while true */ |
... | ... |
@@ -70,11 +70,12 @@ |
70 | 70 |
|
71 | 71 |
/* PE from UPX */ |
72 | 72 |
|
73 |
-int pefromupx (char *src, char *dst, int *dsize, uint32_t ep, uint32_t upx0, uint32_t upx1, uint32_t magic) |
|
73 |
+int pefromupx (char *src, char *dst, uint32_t *dsize, uint32_t ep, uint32_t upx0, uint32_t upx1, uint32_t magic) |
|
74 | 74 |
{ |
75 | 75 |
char *imports, *sections, *pehdr, *newbuf; |
76 |
- int sectcnt, upd=1, realstuffsz; |
|
77 |
- int foffset=0xd0+0xf8; |
|
76 |
+ int sectcnt, upd=1; |
|
77 |
+ uint32_t realstuffsz; |
|
78 |
+ uint32_t foffset=0xd0+0xf8; |
|
78 | 79 |
|
79 | 80 |
if((dst == NULL) || (src == NULL)) |
80 | 81 |
return 0; |
... | ... |
@@ -83,17 +84,17 @@ int pefromupx (char *src, char *dst, int *dsize, uint32_t ep, uint32_t upx0, uin |
83 | 83 |
|
84 | 84 |
realstuffsz = imports-dst; |
85 | 85 |
|
86 |
- if ( realstuffsz < 0 || realstuffsz > *dsize ) { |
|
86 |
+ if (realstuffsz >= *dsize ) { |
|
87 | 87 |
cli_dbgmsg("UPX: wrong realstuff size - giving up rebuild\n"); |
88 | 88 |
return 0; |
89 | 89 |
} |
90 | 90 |
|
91 | 91 |
pehdr = imports; |
92 |
- while (pehdr+7 < dst+*dsize && cli_readint32(pehdr)) { |
|
92 |
+ while (CLI_ISCONTAINED(dst, *dsize, pehdr, 8) && cli_readint32(pehdr)) { |
|
93 | 93 |
pehdr+=8; |
94 |
- while(pehdr+1 < dst+*dsize && *pehdr) { |
|
94 |
+ while(CLI_ISCONTAINED(dst, *dsize, pehdr, 2) && *pehdr) { |
|
95 | 95 |
pehdr++; |
96 |
- while (pehdr+1 < dst+*dsize && *pehdr) |
|
96 |
+ while (CLI_ISCONTAINED(dst, *dsize, pehdr, 2) && *pehdr) |
|
97 | 97 |
pehdr++; |
98 | 98 |
pehdr++; |
99 | 99 |
} |
... | ... |
@@ -101,7 +102,7 @@ int pefromupx (char *src, char *dst, int *dsize, uint32_t ep, uint32_t upx0, uin |
101 | 101 |
} |
102 | 102 |
|
103 | 103 |
pehdr+=4; |
104 |
- if (pehdr+0xf8 > dst+*dsize) { |
|
104 |
+ if (!CLI_ISCONTAINED(dst, *dsize, pehdr, 0xf8)) { |
|
105 | 105 |
cli_dbgmsg("UPX: sections out of bounds - giving up rebuild\n"); |
106 | 106 |
return 0; |
107 | 107 |
} |
... | ... |
@@ -124,7 +125,7 @@ int pefromupx (char *src, char *dst, int *dsize, uint32_t ep, uint32_t upx0, uin |
124 | 124 |
|
125 | 125 |
foffset+=0x28*sectcnt; |
126 | 126 |
|
127 |
- if (pehdr + 0xf8 + 0x28*sectcnt >= dst + *dsize) { |
|
127 |
+ if (!CLI_ISCONTAINED(dst, *dsize, sections, 0x28*sectcnt)) { |
|
128 | 128 |
cli_dbgmsg("UPX: Not enough space for all sects - giving up rebuild\n"); |
129 | 129 |
return 0; |
130 | 130 |
} |
... | ... |
@@ -137,7 +138,7 @@ int pefromupx (char *src, char *dst, int *dsize, uint32_t ep, uint32_t upx0, uin |
137 | 137 |
vsize=(((vsize/0x1000)+1)*0x1000); /* FIXME: get bounds from header */ |
138 | 138 |
|
139 | 139 |
/* Within bounds ? */ |
140 |
- if ( urva < upx0 || urva + vsize > upx0 + realstuffsz) { |
|
140 |
+ if (!CLI_ISCONTAINED(upx0, realstuffsz, urva, vsize)) { |
|
141 | 141 |
cli_dbgmsg("UPX: Sect %d out of bounds - giving up rebuild\n", upd); |
142 | 142 |
return 0; |
143 | 143 |
} |
... | ... |
@@ -193,26 +194,12 @@ int pefromupx (char *src, char *dst, int *dsize, uint32_t ep, uint32_t upx0, uin |
193 | 193 |
static int doubleebx(char *src, int32_t *myebx, int *scur, int ssize) |
194 | 194 |
{ |
195 | 195 |
int32_t oldebx = *myebx; |
196 |
-#if WORDS_BIGENDIAN == 1 |
|
197 |
- char *pt; |
|
198 |
- int32_t shift, i = 0; |
|
199 |
-#endif |
|
200 | 196 |
|
201 | 197 |
*myebx*=2; |
202 | 198 |
if ( !(oldebx & 0x7fffffff)) { |
203 |
- if (*scur<0 || ssize-*scur<4) |
|
199 |
+ if (! CLI_ISCONTAINED(src, ssize, src+*scur, 4)) |
|
204 | 200 |
return -1; |
205 |
-#if WORDS_BIGENDIAN == 0 |
|
206 |
- oldebx = *(int*)(src+*scur); |
|
207 |
-#else |
|
208 |
- oldebx = 0; |
|
209 |
- pt = src + *scur; |
|
210 |
- for(shift = 0; shift < 32; shift += 8) { |
|
211 |
- oldebx |= (pt[i] & 0xff ) << shift; |
|
212 |
- i++; |
|
213 |
- } |
|
214 |
-#endif |
|
215 |
- |
|
201 |
+ oldebx = cli_readint32(src+*scur); |
|
216 | 202 |
*myebx = oldebx*2+1; |
217 | 203 |
*scur+=4; |
218 | 204 |
} |
... | ... |
@@ -221,10 +208,10 @@ static int doubleebx(char *src, int32_t *myebx, int *scur, int ssize) |
221 | 221 |
|
222 | 222 |
/* [inflate] */ |
223 | 223 |
|
224 |
-int upx_inflate2b(char *src, int ssize, char *dst, int *dsize, uint32_t upx0, uint32_t upx1, uint32_t ep) |
|
224 |
+int upx_inflate2b(char *src, uint32_t ssize, char *dst, uint32_t *dsize, uint32_t upx0, uint32_t upx1, uint32_t ep) |
|
225 | 225 |
{ |
226 | 226 |
int32_t backbytes, unp_offset = -1, myebx = 0; |
227 |
- int scur=0, dcur=0, i, backsize,oob; |
|
227 |
+ int scur=0, dcur=0, i, backsize, oob; |
|
228 | 228 |
|
229 | 229 |
while (1) { |
230 | 230 |
while ((oob = doubleebx(src, &myebx, &scur, ssize)) == 1) { |
... | ... |
@@ -248,7 +235,7 @@ int upx_inflate2b(char *src, int ssize, char *dst, int *dsize, uint32_t upx0, ui |
248 | 248 |
break; |
249 | 249 |
} |
250 | 250 |
|
251 |
- backsize = 0; |
|
251 |
+ backsize = 0; |
|
252 | 252 |
backbytes-=3; |
253 | 253 |
|
254 | 254 |
if ( backbytes >= 0 ) { |
... | ... |
@@ -282,7 +269,7 @@ int upx_inflate2b(char *src, int ssize, char *dst, int *dsize, uint32_t upx0, ui |
282 | 282 |
backsize+=2; |
283 | 283 |
} |
284 | 284 |
|
285 |
- if ( (unsigned int)unp_offset < 0xfffff300 ) |
|
285 |
+ if ( (uint32_t)unp_offset < 0xfffff300 ) |
|
286 | 286 |
backsize++; |
287 | 287 |
|
288 | 288 |
backsize++; |
... | ... |
@@ -296,7 +283,7 @@ int upx_inflate2b(char *src, int ssize, char *dst, int *dsize, uint32_t upx0, ui |
296 | 296 |
} |
297 | 297 |
|
298 | 298 |
|
299 |
- if ( ep - upx1 + 0x108 <= (uint32_t)ssize-5 && /* Wondering how we got so far?! */ |
|
299 |
+ if ( ep - upx1 + 0x108 <= ssize-5 && /* Wondering how we got so far?! */ |
|
300 | 300 |
src[ep - upx1 + 0x106] == '\x8d' && /* lea edi, ... */ |
301 | 301 |
src[ep - upx1 + 0x107] == '\xbe' ) /* ... [esi + offset] */ |
302 | 302 |
return pefromupx (src, dst, dsize, ep, upx0, upx1, 0x108); |
... | ... |
@@ -305,7 +292,7 @@ int upx_inflate2b(char *src, int ssize, char *dst, int *dsize, uint32_t upx0, ui |
305 | 305 |
return 0; |
306 | 306 |
} |
307 | 307 |
|
308 |
-int upx_inflate2d(char *src, int ssize, char *dst, int *dsize, uint32_t upx0, uint32_t upx1, uint32_t ep) |
|
308 |
+int upx_inflate2d(char *src, uint32_t ssize, char *dst, uint32_t *dsize, uint32_t upx0, uint32_t upx1, uint32_t ep) |
|
309 | 309 |
{ |
310 | 310 |
int32_t backbytes, unp_offset = -1, myebx = 0; |
311 | 311 |
int scur=0, dcur=0, i, backsize, oob; |
... | ... |
@@ -373,7 +360,7 @@ int upx_inflate2d(char *src, int ssize, char *dst, int *dsize, uint32_t upx0, ui |
373 | 373 |
backsize+=2; |
374 | 374 |
} |
375 | 375 |
|
376 |
- if ( (unsigned int)unp_offset < 0xfffffb00 ) |
|
376 |
+ if ( (uint32_t)unp_offset < 0xfffffb00 ) |
|
377 | 377 |
backsize++; |
378 | 378 |
|
379 | 379 |
backsize++; |
... | ... |
@@ -385,7 +372,7 @@ int upx_inflate2d(char *src, int ssize, char *dst, int *dsize, uint32_t upx0, ui |
385 | 385 |
dcur+=backsize; |
386 | 386 |
} |
387 | 387 |
|
388 |
- if ( ep - upx1 + 0x124 <= (uint32_t)ssize-5 ) { /* Wondering how we got so far?! */ |
|
388 |
+ if ( ep - upx1 + 0x124 <= ssize-5 ) { /* Wondering how we got so far?! */ |
|
389 | 389 |
if ( src[ep - upx1 + 0x11a] == '\x8d' && src[ep - upx1 + 0x11b] == '\xbe' ) |
390 | 390 |
return pefromupx (src, dst, dsize, ep, upx0, upx1, 0x11c); |
391 | 391 |
if ( src[ep - upx1 + 0x122] == '\x8d' && src[ep - upx1 + 0x123] == '\xbe' ) |
... | ... |
@@ -395,7 +382,7 @@ int upx_inflate2d(char *src, int ssize, char *dst, int *dsize, uint32_t upx0, ui |
395 | 395 |
return 0; |
396 | 396 |
} |
397 | 397 |
|
398 |
-int upx_inflate2e(char *src, int ssize, char *dst, int *dsize, uint32_t upx0, uint32_t upx1, uint32_t ep) |
|
398 |
+int upx_inflate2e(char *src, uint32_t ssize, char *dst, uint32_t *dsize, uint32_t upx0, uint32_t upx1, uint32_t ep) |
|
399 | 399 |
{ |
400 | 400 |
int32_t backbytes, unp_offset = -1, myebx = 0; |
401 | 401 |
int scur=0, dcur=0, i, backsize, oob; |
... | ... |
@@ -472,7 +459,7 @@ int upx_inflate2e(char *src, int ssize, char *dst, int *dsize, uint32_t upx0, ui |
472 | 472 |
} |
473 | 473 |
} |
474 | 474 |
|
475 |
- if ( (unsigned int)unp_offset < 0xfffffb00 ) |
|
475 |
+ if ( (uint32_t)unp_offset < 0xfffffb00 ) |
|
476 | 476 |
backsize++; |
477 | 477 |
|
478 | 478 |
backsize+=2; |
... | ... |
@@ -484,7 +471,7 @@ int upx_inflate2e(char *src, int ssize, char *dst, int *dsize, uint32_t upx0, ui |
484 | 484 |
dcur+=backsize; |
485 | 485 |
} |
486 | 486 |
|
487 |
- if ( ep - upx1 + 0x130 <= (uint32_t)ssize-5 ) { /* Wondering how we got so far?! */ |
|
487 |
+ if ( ep - upx1 + 0x130 <= ssize-5 ) { /* Wondering how we got so far?! */ |
|
488 | 488 |
if ( src[ep - upx1 + 0x126] == '\x8d' && src[ep - upx1 + 0x127] == '\xbe' ) |
489 | 489 |
return pefromupx (src, dst, dsize, ep, upx0, upx1, 0x128); |
490 | 490 |
if ( src[ep - upx1 + 0x12e] == '\x8d' && src[ep - upx1 + 0x12f] == '\xbe' ) |
... | ... |
@@ -21,8 +21,8 @@ |
21 | 21 |
|
22 | 22 |
#include "cltypes.h" |
23 | 23 |
|
24 |
-int upx_inflate2b(char *, int, char *, int *, uint32_t, uint32_t, uint32_t); |
|
25 |
-int upx_inflate2d(char *, int, char *, int *, uint32_t, uint32_t, uint32_t); |
|
26 |
-int upx_inflate2e(char *, int, char *, int *, uint32_t, uint32_t, uint32_t); |
|
24 |
+int upx_inflate2b(char *, uint32_t, char *, uint32_t *, uint32_t, uint32_t, uint32_t); |
|
25 |
+int upx_inflate2d(char *, uint32_t, char *, uint32_t *, uint32_t, uint32_t, uint32_t); |
|
26 |
+int upx_inflate2e(char *, uint32_t, char *, uint32_t *, uint32_t, uint32_t, uint32_t); |
|
27 | 27 |
|
28 | 28 |
#endif |