?? rlp.asm
字號:
MOV FirstSectionOffset,EAX
MOV EAX,RawSize
MOV FirstSectionSize,EAX
MOV FirstSection,1
POPAD
.endif
MOV DWORD PTR[ESI],EDI
ADD ESI,4
MOV EAX,VirtualOffset
; ADD EAX,ImageBase
MOV DWORD PTR[ESI],EAX
ADD ESI,4
MOV EAX,RawSize
ADD EAX,1024
MOV OutMemBuffSize,EAX
INVOKE VirtualAlloc,NULL,EAX,MEM_COMMIT,PAGE_EXECUTE_READWRITE
MOV OutMemBuff,EAX
INVOKE CompressSection,OutMemBuff,CompressSectionOffset,RawSize
ADD EAX,4
MOV PackedSize,EAX
ADD EDI,PackedSize
PUSH PackedSize
PUSH OutMemBuff
CALL WriteData
INVOKE VirtualFree,OutMemBuff,OutMemBuffSize,MEM_DECOMMIT
.elseif EAX == 2
NOP
.elseif EAX == 3
.if oStripRSRC == 0
CALL RSRCPack
.endif
CALL initProgress
MOV DWORD PTR[ESI],EDI
ADD ESI,4
MOV EAX,VirtualOffset
; ADD EAX,ImageBase
MOV DWORD PTR[ESI],EAX
ADD ESI,4
MOV EAX,RawSize
ADD EAX,1024
MOV OutMemBuffSize,EAX
INVOKE VirtualAlloc,NULL,EAX,MEM_COMMIT,PAGE_EXECUTE_READWRITE
MOV OutMemBuff,EAX
INVOKE CompressSection,OutMemBuff,CompressSectionOffset,RawSize
ADD EAX,4
MOV PackedSize,EAX
ADD EDI,PackedSize
PUSH PackedSize
PUSH OutMemBuff
CALL WriteData
INVOKE VirtualFree,OutMemBuff,OutMemBuffSize,MEM_DECOMMIT
INVOKE VirtualFree,pRSRC,pSize,MEM_DECOMMIT
.elseif EAX == 4
MOV DWORD PTR[ESI],EDI
ADD ESI,4
MOV EAX,VirtualOffset
; ADD EAX,ImageBase
MOV DWORD PTR[ESI],EAX
ADD ESI,4
INVOKE CompressRelocations,CompressSectionOffset,RawSize
MOV RawSize,EBX
MOV CompressSectionOffset,EAX
MOV EAX,RawSize
ADD EAX,1024
MOV OutMemBuffSize,EAX
INVOKE VirtualAlloc,NULL,EAX,MEM_COMMIT,PAGE_EXECUTE_READWRITE
MOV OutMemBuff,EAX
INVOKE CompressSection,OutMemBuff,CompressSectionOffset,RawSize
ADD EAX,4
MOV PackedSize,EAX
ADD EDI,PackedSize
PUSH PackedSize
PUSH OutMemBuff
CALL WriteData
INVOKE VirtualFree,OutMemBuff,OutMemBuffSize,MEM_DECOMMIT
INVOKE VirtualFree,CompressSectionOffset,RawSize,MEM_DECOMMIT
.else
ADD EDI,RawSize
PUSH RawSize
PUSH CompressSectionOffset
CALL WriteData
.endif
.endif
ADD CurrentSectionOffset,28h
DEC CurrentSectionNumber
.endw
.endif
;------------------------------------------------------------------
; Fix packed file PEHeader
;
;
MOV EBX,hPackedFileBuff
ADD EBX,3Ch
ADD BX,WORD PTR[EBX] ;WinME/98/95 compatibility!
SUB BX,3Ch ;
MOV PEHeader,EBX
MOV EAX,TimeDateStamp
MOV DWORD PTR[EBX+8h],EAX
MOV EAX,Characteristics
MOV DWORD PTR[EBX+16h],EAX
MOV EAX,SubSytem
MOV WORD PTR[EBX+5Ch],AX
MOV EAX,ImageBase
MOV DWORD PTR[EBX+34h],EAX
.if Shareable == 1
PUSH EBX
ADD BX,WORD PTR[EBX+14h]
ADD EBX,18h
MOV DWORD PTR[EBX+24h],070000020h
POP EBX
.endif
MOV EAX,DelayImportTable
MOV DWORD PTR[EBX+0E0h],EAX
MOV EAX,DelayImportTableSize
MOV DWORD PTR[EBX+0E4h],EAX
CALL FixPackedHeader
;------------------------------------------------------------------
; Pack export table
;
.if oExportTable == 0 || IsDll == 1
MOV EAX,FileMapVA
ADD EAX,3Ch
ADD AX,WORD PTR[EAX] ;WinME/98/95 compatibility!
SUB AX,3Ch
MOV EBX,DWORD PTR[EAX+78h]
MOV ECX,DWORD PTR[EAX+7Ch]
.if EBX > 0 && ECX > 0
PUSH offset szPackingExport
CALL _show_log_message
MOV orgExportAddr,EBX
MOV orgExportSize,ECX
ADD EBX,ImageBase
INVOKE ConvertVA2FO,FileMapVA,EBX
MOV EBX,EAX
ADD EBX,FileMapVA
PUSHAD
MOV ExportTableBuffSize,ECX
INVOKE VirtualAlloc,NULL,ECX,MEM_COMMIT,PAGE_EXECUTE_READWRITE
MOV ExportTableBuff,EAX
POPAD
INVOKE RtlMoveMemory,ExportTableBuff,EBX,ExportTableBuffSize
MOV EAX,hPackedFilePos
INVOKE ConvertFO2VA,hPackedFileBuff,EAX
MOV ESI,EAX
MOV EAX,hPackedFileBuff
ADD EAX,3Ch
ADD AX,WORD PTR[EAX] ;WinME/98/95 compatibility!
SUB AX,3Ch ;
ADD EAX,78h
MOV DWORD PTR[EAX],ESI
MOV ECX,orgExportSize
MOV DWORD PTR[EAX+4],ECX
MOV EAX,ExportTableBuff
MOV EBX,DWORD PTR[EAX+32] ;Name Pointer RVA
SUB EBX,orgExportAddr
ADD EBX,ExportTableBuff
MOV ECX,DWORD PTR[EAX+24] ;Number of Name Pointers
.while ECX > 0
MOV EDX,DWORD PTR[EBX]
SUB EDX,orgExportAddr
ADD EDX,ESI
MOV DWORD PTR[EBX],EDX
ADD EBX,4
DEC ECX
.endw
MOV EBX,DWORD PTR[EAX+12] ;Name RVA
SUB EBX,orgExportAddr
ADD EBX,ESI
MOV DWORD PTR[EAX+12],EBX
MOV EBX,DWORD PTR[EAX+28] ;Export Address Table RVA
SUB EBX,orgExportAddr
ADD EBX,ESI
MOV DWORD PTR[EAX+28],EBX
MOV EBX,DWORD PTR[EAX+32] ;Name Pointer RVA
SUB EBX,orgExportAddr
ADD EBX,ESI
MOV DWORD PTR[EAX+32],EBX
MOV EBX,DWORD PTR[EAX+36] ;Ordinal Table RVA
SUB EBX,orgExportAddr
ADD EBX,ESI
MOV DWORD PTR[EAX+36],EBX
PUSH ExportTableBuffSize
PUSH ExportTableBuff
CALL WriteData
INVOKE VirtualFree,ExportTableBuff,ExportTableBuffSize,MEM_DECOMMIT
CALL FixPackedHeader
.endif
.endif
;------------------------------------------------------------------
; Copy STUB and fill it with data / aplib
;
.if Compressor == 1
MOV EAX,hPackedFilePos
MOV STUB_OEP,EAX
MOV STUB_OEP_OFFSET,EAX
.if IsDll == 0
MOV EAX,offset __STUB_END
SUB EAX,offset __STUB_START
PUSH EAX
PUSH offset __STUB_START
CALL WriteData
.else
MOV EAX,offset __STUB_END
SUB EAX,offset __DLL_STUB_START
PUSH EAX
PUSH offset __DLL_STUB_START
CALL WriteData
.endif
MOV EAX,hPackedFilePos
MOV EDX,offset STUB_DATA
ADD EDX,12 ;SectionData pointer
MOV ECX,ImageBase
MOV EBX,offset PackedSectionTable
.while DWORD PTR[EBX] != 0
INVOKE ConvertFO2VA,hPackedFileBuff,DWORD PTR[EBX]
MOV DWORD PTR[EDX],EAX
; ADD DWORD PTR[EDX],ECX
ADD EDX,4
MOV EAX,DWORD PTR[EBX+4]
MOV DWORD PTR[EDX],EAX
ADD EDX,4
ADD EBX,8
.endw
SUB EDX,offset STUB_DATA
ADD EDX,4
PUSH EDX
PUSH offset STUB_DATA
CALL WriteData
.endif
;------------------------------------------------------------------
; Copy STUB and fill it with data / lzma
;
.if Compressor == 2
MOV EAX,hPackedFilePos
MOV STUB_OEP,EAX
MOV STUB_OEP_OFFSET,EAX
.if IsDll == 0
MOV EAX,offset __L_STUB_END
SUB EAX,offset __L_STUB_START
PUSH EAX
PUSH offset __L_STUB_START
CALL WriteData
.else
MOV EAX,offset __L_STUB_END
SUB EAX,offset __L_DLL_STUB_START
PUSH EAX
PUSH offset __L_DLL_STUB_START
CALL WriteData
.endif
MOV EAX,hPackedFilePos
MOV EDX,offset STUB_DATA
ADD EDX,12 ;SectionData pointer
MOV ECX,ImageBase
MOV EBX,offset PackedSectionTable
.while DWORD PTR[EBX] != 0
INVOKE ConvertFO2VA,hPackedFileBuff,DWORD PTR[EBX]
MOV DWORD PTR[EDX],EAX
; ADD DWORD PTR[EDX],ECX
ADD EDX,4
MOV EAX,DWORD PTR[EBX+4]
MOV DWORD PTR[EDX],EAX
ADD EDX,4
ADD EBX,8
.endw
SUB EDX,offset STUB_DATA
ADD EDX,4
PUSH EDX
PUSH offset STUB_DATA
CALL WriteData
.endif
;------------------------------------------------------------------
; Copy IAT / aplib
;
.if Compressor == 1
MOV EAX,APINameBuff
SUB EAX,APINameBuff_Base
MOV RawSize,EAX
MOV EBX,DLLNameBuff
MOV BYTE PTR[EBX],1
INC DLLNameBuff
INVOKE RtlMoveMemory,DLLNameBuff,APINameBuff_Base,RawSize
MOV EAX,DLLNameBuff
SUB EAX,DLLNameBuff_Base
ADD RawSize,EAX
INVOKE aP_max_packed_size,RawSize
MOV OutMemBuffSize,EAX
INVOKE VirtualAlloc,NULL,EAX,MEM_COMMIT,PAGE_EXECUTE_READWRITE
MOV OutMemBuff,EAX
INVOKE aP_workmem_size,RawSize
MOV WorkMemSize,EAX
INVOKE VirtualAlloc,NULL,EAX,MEM_COMMIT,PAGE_EXECUTE_READWRITE
MOV WorkMemBuff,EAX
INVOKE aP_pack,DLLNameBuff_Base,OutMemBuff,RawSize,WorkMemBuff,NULL,NULL
ADD EAX,4
MOV PackedSize,EAX
INVOKE VirtualFree,WorkMemBuff,WorkMemSize,MEM_DECOMMIT
PUSH PackedSize
PUSH OutMemBuff
CALL WriteData
INVOKE VirtualFree,OutMemBuff,OutMemBuffSize,MEM_DECOMMIT
CALL FixPackedHeader
.endif
;------------------------------------------------------------------
; Copy IAT / lzma
;
.if Compressor == 2
MOV EAX,APINameBuff
SUB EAX,APINameBuff_Base
MOV RawSize,EAX
MOV EBX,DLLNameBuff
MOV BYTE PTR[EBX],1
INC DLLNameBuff
INVOKE RtlMoveMemory,DLLNameBuff,APINameBuff_Base,RawSize
MOV EAX,DLLNameBuff
SUB EAX,DLLNameBuff_Base
ADD RawSize,EAX
MOV EAX,RawSize
ADD EAX,1024
MOV OutMemBuffSize,EAX
INVOKE VirtualAlloc,NULL,EAX,MEM_COMMIT,PAGE_EXECUTE_READWRITE
MOV OutMemBuff,EAX
INVOKE CompressSection,OutMemBuff,DLLNameBuff_Base,RawSize
ADD EAX,4
MOV PackedSize,EAX
PUSH PackedSize
PUSH OutMemBuff
CALL WriteData
INVOKE VirtualFree,OutMemBuff,OutMemBuffSize,MEM_DECOMMIT
CALL FixPackedHeader
.endif
;------------------------------------------------------------------
; Copy TLS
;
;
.if oStripTLS == 0
MOV EBX,FileMapVA
ADD EBX,3Ch
ADD BX,WORD PTR[EBX] ;WinME/98/95 compatibility!
SUB BX,3Ch ;
MOV PEHeader,EBX
MOV EBX,SizeOfImage
ADD EBX,1000h
MOV ECX,hPackedFilePos
SUB ECX,hPackedFileBuff
SUB ECX,200h
ADD ECX,EBX
MOV EBX,PEHeader
MOV ESI,DWORD PTR[EBX+0C0h]
MOV EDI,DWORD PTR[EBX+0C4h]
ADD ESI,ImageBase
INVOKE ConvertVA2FO,FileMapVA,ESI
ADD EAX,FileMapVA
MOV ESI,EAX
.if ESI > 0 && EDI > 0
PUSH EDI
PUSH ESI
CALL WriteData
.endif
MOV EBX,hPackedFileBuff
ADD EBX,3Ch
ADD BX,WORD PTR[EBX] ;WinME/98/95 compatibility!
SUB BX,3Ch ;
MOV PEHeader,EBX
.if ESI > 0 && EDI > 0
MOV EAX,PEHeader
MOV DWORD PTR[EAX+0C0h],ECX
MOV DWORD PTR[EAX+0C4h],EDI
.if Shareable == 1
PUSH EAX
ADD AX,WORD PTR[EAX+14h]
ADD EAX,18h
MOV DWORD PTR[EAX+24h],0F0000020h
POP EAX
.else
PUSH EAX
ADD AX,WORD PTR[EAX+14h]
ADD EAX,18h
MOV DWORD PTR[EAX+24h],0E0000020h
POP EAX
.endif
.endif
.endif
CALL FixPackedHeader
;------------------------------------------------------------------
; Fix OEP and IAT / aplib
;
.if Compressor == 1 && IsDll == 0
INVOKE ConvertFO2VA,hPackedFileBuff,STUB_OEP
MOV EBX,PEHeader
ADD EBX,28h
MOV DWORD PTR[EBX],EAX
MOV ESI,EAX
ADD ESI,ImageBase
MOV EDX,STUB_OEP_OFFSET
LEA EBX,DWORD PTR[EDX+((offset __kernel32 - offset __STUB_START))]
LEA ECX,DWORD PTR[EDX+((offset __dllName - offset __STUB_START))]
INVOKE ConvertFO2VA,hPackedFileBuff,EBX
MOV DWORD PTR[ECX],EAX
LEA EBX,DWORD PTR[EDX+((offset __locloadlib - offset __STUB_START))]
LEA ECX,DWORD PTR[EDX+((offset __FirstThunk - offset __STUB_START))]
INVOKE ConvertFO2VA,hPackedFileBuff,EBX
MOV DWORD PTR[ECX],EAX
LEA EBX,DWORD PTR[EDX+((offset __loadlib - offset __STUB_START))-2]
LEA ECX,DWORD PTR[EDX+((offset __locloadlib - offset __STUB_START))]
INVOKE ConvertFO2VA,hPackedFileBuff,EBX
MOV DWORD PTR[ECX],EAX
LEA EBX,DWORD PTR[EDX+((offset __gpa - offset __STUB_START))-2]
LEA ECX,DWORD PTR[EDX+((offset __locgpa - offset __STUB_START))]
INVOKE ConvertFO2VA,hPackedFileBuff,EBX
MOV DWORD PTR[ECX],EAX
LEA EBX,DWORD PTR[EDX+((offset __va - offset __STUB_START))-2]
LEA ECX,DWORD PTR[EDX+((offset __locva - offset __STUB_START))]
INVOKE ConvertFO2VA,hPackedFileBuff,EBX
MOV DWORD PTR[ECX],EAX
LEA EBX,DWORD PTR[EDX+((offset __vf - offset __STUB_START))-2]
?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -