diff --git a/src/stub/i386-darwin.macho-fold.h b/src/stub/i386-darwin.macho-fold.h index a9aa49a8..e6d9aa8d 100644 --- a/src/stub/i386-darwin.macho-fold.h +++ b/src/stub/i386-darwin.macho-fold.h @@ -1,5 +1,5 @@ /* i386-darwin.macho-fold.h - created from i386-darwin.macho-fold.bin, 999 (0x3e7) bytes + created from i386-darwin.macho-fold.bin, 1115 (0x45b) bytes This file is part of the UPX executable compressor. @@ -28,72 +28,79 @@ */ -#define STUB_I386_DARWIN_MACHO_FOLD_SIZE 999 -#define STUB_I386_DARWIN_MACHO_FOLD_ADLER32 0x99dddfb8 -#define STUB_I386_DARWIN_MACHO_FOLD_CRC32 0x2adf8df9 +#define STUB_I386_DARWIN_MACHO_FOLD_SIZE 1115 +#define STUB_I386_DARWIN_MACHO_FOLD_ADLER32 0x71810e47 +#define STUB_I386_DARWIN_MACHO_FOLD_CRC32 0x3b908132 -unsigned char stub_i386_darwin_macho_fold[999] = { -204,141,124, 36,252,141,117, 2,139, 19,137,217, 41,209,139, 89, /* 0x 0 */ - 24,184, 0, 8, 0, 0, 57,216,118, 2,137,195, 41,220, 96,232, /* 0x 10 */ -182, 2, 0, 0,139, 76, 36, 16,141,100, 12, 32,255, 96, 40, 90, /* 0x 20 */ - 15, 52,176, 74,235, 2,176, 1,235, 2,176,153,235, 2,176, 6, /* 0x 30 */ -235, 2,176, 5,235, 2,176,197,235, 2,176, 3, 15,182,192,137, /* 0x 40 */ -225,232,217,255,255,255,115, 3,131,200,255,195, 85,137,229, 87, /* 0x 50 */ - 86,139,125, 8, 83,137,195, 57, 56,139,112, 4,115, 7,106,127, /* 0x 60 */ -232,193,255,255,255,133,255,116, 10,137,249,138, 6, 70,136, 2, /* 0x 70 */ - 66,226,248, 1,123, 4, 41, 59,141,101,244, 91, 94, 95,201,195, /* 0x 80 */ - 85,137,229, 87, 86,137,198, 83,137,211,131,236, 24,139, 69, 8, /* 0x 90 */ -139,125, 12,137, 69,220,131, 58, 0, 15,132,172, 0, 0, 0,141, /* 0x a0 */ - 85,228,137,240,106, 12,232,161,255,255,255,139, 69,228, 90,133, /* 0x b0 */ -192,139, 77,232,117, 19,129,249, 85, 80, 88, 33,117, 15,131, 62, /* 0x c0 */ - 0, 15,132,132, 0, 0, 0,235, 4,133,201,117, 7,106,127,232, /* 0x d0 */ - 82,255,255,255, 57,193,119,245, 59, 3,119,241, 57,193,115, 76, /* 0x e0 */ -137, 69,224, 15,182, 69,236, 80,141, 69,224, 80,255,115, 4, 81, /* 0x f0 */ -255,118, 4,255, 85,220,131,196, 20,133,192,117,208,139, 85,224, /* 0x 100 */ - 59, 85,228,117,200,138, 69,237,132,192,116, 22,133,255,116, 18, /* 0x 110 */ - 15,182,192, 80, 15,182, 69,238, 80, 82,255,115, 4,255,215,131, /* 0x 120 */ -196, 16,139, 69,232, 1, 70, 4, 41, 6,235, 12,139, 83, 4, 81, /* 0x 130 */ -137,240,232, 21,255,255,255, 88,139, 85,228,139, 3, 1, 83, 4, /* 0x 140 */ - 41,208,133,192,137, 3,233, 78,255,255,255,141,101,244, 91, 94, /* 0x 150 */ - 95,201,195, 85,137,229, 87, 86, 83,131,236, 48,137, 69,232,139, /* 0x 160 */ - 69, 8,137, 85,228,139, 85, 12,199, 69,208, 0, 0, 0, 0,137, /* 0x 170 */ - 69,224,139, 69, 20,137, 85,220,139, 85, 24,137, 69,216,139,117, /* 0x 180 */ -232,139, 69,232,137, 85,212, 49,210,131,198, 28,199, 69,204, 0, /* 0x 190 */ - 0, 0, 0, 59, 80, 16, 15,131, 35, 1, 0, 0,139, 6,131,248, /* 0x 1a0 */ - 1, 15,133,234, 0, 0, 0,139, 86, 24,139, 70, 28,139, 78, 36, /* 0x 1b0 */ -137,215, 1,208,137, 85,240,137, 69,200,137,208, 37,255, 15, 0, /* 0x 1c0 */ - 0,137,203, 41,199, 1,195,137, 77,236,116, 55,139, 69,228, 3, /* 0x 1d0 */ - 70, 32,133,201, 80,139, 69,220,117, 3,131,200,255,131,125,224, /* 0x 1e0 */ - 0, 80,117, 9,133,201,184, 18, 0, 0, 0,117, 5,184, 18, 16, /* 0x 1f0 */ - 0, 0, 80,106, 3, 83, 87,232, 58,254,255,255,131,196, 24, 57, /* 0x 200 */ -199,117, 88,131,125,224, 0,116, 36,131,126, 36, 0,116, 30,131, /* 0x 210 */ -126, 32, 0,117, 5,139, 85, 16,137, 58,255,117,212,255,117,216, /* 0x 220 */ -139, 69,224,141, 85,236,232, 85,254,255,255, 89, 88,137,216,141, /* 0x 230 */ - 20, 31,247,216, 37,255, 15, 0, 0,137, 69,196,116, 8,137,193, /* 0x 240 */ -198, 2, 0, 66,226,250,133,219,116, 24,255,118, 44, 83, 87,232, /* 0x 250 */ -206,253,255,255,131,196, 12,133,192,116, 7,106,127,232,196,253, /* 0x 260 */ -255,255,139, 85,196,141, 4, 19,141, 28, 7, 59, 93,200,115, 59, /* 0x 270 */ -106, 0,106,255,104, 18, 16, 0, 0,255,118, 44, 41, 93,200,255, /* 0x 280 */ -117,200, 83,232,174,253,255,255,131,196, 24, 57,195,116, 28,235, /* 0x 290 */ -202,131,232, 4,131,248, 1,119, 18,131,126, 8,255,117, 12,131, /* 0x 2a0 */ -126, 12, 16,117, 6,141, 70, 16,137, 69,208,255, 69,204,139, 85, /* 0x 2b0 */ -232,139, 69,204, 3,118, 4, 59, 66, 16,233,215,254,255,255,139, /* 0x 2c0 */ - 69,208,141,101,244, 91, 94, 95,201,195, 85,137,229, 87, 86, 83, /* 0x 2d0 */ -131,236, 32,199, 69,212, 0, 0, 0, 0,139, 85, 32,139, 69, 24, /* 0x 2e0 */ -139, 93, 16,137, 69,216,139,117, 20,141, 66, 24,137,117,232,137, /* 0x 2f0 */ - 69,240,139, 69, 28,131,232, 24,137, 69,236,139, 66, 24,139, 85, /* 0x 300 */ -240,106, 0,137, 69,228,139, 69,236,137, 85,224,137, 69,220,141, /* 0x 310 */ - 85,228,141, 69,236, 83,232,101,253,255,255,255,117, 12, 83, 49, /* 0x 320 */ -210,255,117, 8,141, 69,220,106,255, 80,137,240,232, 34,254,255, /* 0x 330 */ -255, 49,210,137,199,141, 70, 28,131,196, 28,139, 78, 16, 57,202, /* 0x 340 */ - 15,131,135, 0, 0, 0,131, 56, 14,117,121, 3, 64, 8,106, 0, /* 0x 350 */ -106, 0, 80,232,218,252,255,255,131,196, 12,133,192,137,195,120, /* 0x 360 */ - 21,255,117,212,255,117,216, 86, 83,232,188,252,255,255,131,196, /* 0x 370 */ - 16, 57, 69,216,116, 15,106,127,232,169,252,255,255,139, 64, 8, /* 0x 380 */ -137, 69,212,235,220,129, 62,190,186,254,202,117, 23,141, 70, 8, /* 0x 390 */ - 49,210,139, 78, 4, 57,202,115, 11,131, 56, 7,116,223, 66,131, /* 0x 3a0 */ -192, 20,235,241,106, 0,139, 85,212,106, 0,137,240,106, 0, 83, /* 0x 3b0 */ -106, 0,232,156,253,255,255, 83,137,199,232,111,252,255,255,131, /* 0x 3c0 */ -196, 24,235, 9, 3, 64, 4, 66,233,113,255,255,255,141,101,244, /* 0x 3d0 */ -137,248, 91, 94, 95,201,195 /* 0x 3e0 */ +unsigned char stub_i386_darwin_macho_fold[1115] = { +141,124, 36,252,141,117, 2,139, 19,137,217, 41,209,139, 89, 24, /* 0x 0 */ +184, 0, 8, 0, 0, 57,216,118, 2,137,195, 41,220, 96,232, 16, /* 0x 10 */ + 3, 0, 0,139, 76, 36, 16,141,100, 12, 32,255,112, 40, 41,192, /* 0x 20 */ + 41,201, 41,210, 41,219, 41,237, 41,246, 41,255,195,139, 68, 36, /* 0x 30 */ + 4,139, 76, 36, 8,139, 16, 15,202,137, 16,131,233, 4,141, 64, /* 0x 40 */ + 4,115,242,195, 90, 15, 52,176, 74,235, 2,176, 73,235, 2,176, /* 0x 50 */ + 1,235, 2,176,153,235, 2,176, 6,235, 2,176, 5,235, 2,176, /* 0x 60 */ +197,235, 2,176, 3, 15,182,192,137,225,232,213,255,255,255,115, /* 0x 70 */ + 3,131,200,255,195,144,144,144, 85,137,229, 87, 86,139,125, 8, /* 0x 80 */ + 83,137,195, 57, 56,139,112, 4,115, 7,106,127,232,190,255,255, /* 0x 90 */ +255,133,255,116, 10,137,249,138, 6, 70,136, 2, 66,226,248, 1, /* 0x a0 */ +123, 4, 41, 59,141,101,244, 91, 94, 95,201,195, 85,137,229, 87, /* 0x b0 */ + 86,137,198, 83,137,211,131,236, 24,139, 69, 8,139,125, 12,137, /* 0x c0 */ + 69,220,131, 58, 0, 15,132,172, 0, 0, 0,141, 85,228,137,240, /* 0x d0 */ +106, 12,232,161,255,255,255,139, 69,228, 90,133,192,139, 77,232, /* 0x e0 */ +117, 19,129,249, 85, 80, 88, 33,117, 15,131, 62, 0, 15,132,132, /* 0x f0 */ + 0, 0, 0,235, 4,133,201,117, 7,106,127,232, 79,255,255,255, /* 0x 100 */ + 57,193,119,245, 59, 3,119,241, 57,193,115, 76,137, 69,224, 15, /* 0x 110 */ +182, 69,236, 80,141, 69,224, 80,255,115, 4, 81,255,118, 4,255, /* 0x 120 */ + 85,220,131,196, 20,133,192,117,208,139, 85,224, 59, 85,228,117, /* 0x 130 */ +200,138, 69,237,132,192,116, 22,133,255,116, 18, 15,182,192, 80, /* 0x 140 */ + 15,182, 69,238, 80, 82,255,115, 4,255,215,131,196, 16,139, 69, /* 0x 150 */ +232, 1, 70, 4, 41, 6,235, 12,139, 83, 4, 81,137,240,232, 21, /* 0x 160 */ +255,255,255, 88,139, 85,228,139, 3, 1, 83, 4, 41,208,133,192, /* 0x 170 */ +137, 3,233, 78,255,255,255,141,101,244, 91, 94, 95,201,195, 85, /* 0x 180 */ +137,229, 87, 86, 83,131,236, 48,137, 69,232,139, 69, 8,137, 85, /* 0x 190 */ +228,139, 85, 12,199, 69,208, 0, 0, 0, 0,137, 69,224,139, 69, /* 0x 1a0 */ + 20,137, 85,220,139, 85, 24,137, 69,216,139, 93,232,139, 69,232, /* 0x 1b0 */ +137, 85,212, 49,210,131,195, 28,199, 69,204, 0, 0, 0, 0, 59, /* 0x 1c0 */ + 80, 16, 15,131, 80, 1, 0, 0,139, 3,131,248, 1, 15,133, 23, /* 0x 1d0 */ + 1, 0, 0,139, 83, 24,139, 67, 28,139, 75, 36,137,214, 1,208, /* 0x 1e0 */ +137, 85,240,137, 69,200,137,208, 37,255, 15, 0, 0,137,207, 41, /* 0x 1f0 */ +198, 1,199,137, 77,236,116, 69,139, 69,228, 49,210, 3, 67, 32, /* 0x 200 */ + 82,133,201, 80,139, 69,220,117, 3,131,200,255,131,125,224, 0, /* 0x 210 */ + 80,117, 9,133,201,184, 18, 0, 0, 0,117, 5,184, 18, 16, 0, /* 0x 220 */ + 0,131,125,224, 0, 80,106, 3,137,248,116, 3,141, 71, 3, 80, /* 0x 230 */ + 86,232, 41,254,255,255,131,196, 28, 57,198,117, 88,131,125,224, /* 0x 240 */ + 0,116, 36,131,123, 36, 0,116, 30,131,123, 32, 0,117, 5,139, /* 0x 250 */ + 85, 16,137, 50,255,117,212,255,117,216,141, 85,236,139, 69,224, /* 0x 260 */ +232, 71,254,255,255, 88, 90,137,248,141, 20, 62,247,216, 37,255, /* 0x 270 */ + 15, 0, 0,137, 69,196,116, 8,137,193,198, 2, 0, 66,226,250, /* 0x 280 */ +133,255,116, 24,255,115, 44, 87, 86,232,185,253,255,255,131,196, /* 0x 290 */ + 12,133,192,116, 7,106,127,232,179,253,255,255,139, 85,196,141, /* 0x 2a0 */ + 4, 23, 1,198, 59,117,200,115, 35,106, 0,106, 0,106,255,104, /* 0x 2b0 */ + 18, 16, 0, 0,255,115, 44, 41,117,200,255,117,200, 86,232,156, /* 0x 2c0 */ +253,255,255,131,196, 28, 57,198,116, 58,235,201,131,125,224, 0, /* 0x 2d0 */ +116, 50,141, 71, 3, 37,255, 15, 0, 0,131,248, 3,119, 37, 80, /* 0x 2e0 */ + 86,232,101,253,255,255, 89, 94,235, 26,131,232, 4,131,248, 1, /* 0x 2f0 */ +119, 18,131,123, 8, 1,117, 12,131,123, 12, 16,117, 6,141, 67, /* 0x 300 */ + 16,137, 69,208,255, 69,204,139, 85,232,139, 69,204, 3, 91, 4, /* 0x 310 */ + 59, 66, 16,233,170,254,255,255,139, 69,208,141,101,244, 91, 94, /* 0x 320 */ + 95,201,195, 85,137,229, 87, 86, 83,131,236, 32,199, 69,212, 0, /* 0x 330 */ + 0, 0, 0,139, 85, 32,139, 69, 24,139, 93, 16,137, 69,216,139, /* 0x 340 */ +117, 20,141, 66, 24,137,117,232,137, 69,240,139, 69, 28,131,232, /* 0x 350 */ + 24,137, 69,236,139, 66, 24,139, 85,240,106, 0,137, 69,228,139, /* 0x 360 */ + 69,236,137, 85,224,137, 69,220,141, 85,228,141, 69,236, 83,232, /* 0x 370 */ + 56,253,255,255,255,117, 12, 83, 49,210,255,117, 8,141, 69,220, /* 0x 380 */ +106,255, 80,137,240,232,245,253,255,255, 49,210,137,195,141, 70, /* 0x 390 */ + 28,131,196, 28,139, 78, 16, 57,202, 15,131,162, 0, 0, 0,131, /* 0x 3a0 */ + 56, 14, 15,133,144, 0, 0, 0, 3, 64, 8,106, 0,106, 0, 80, /* 0x 3b0 */ +232,166,252,255,255,131,196, 12,133,192,137,199,120, 25, 49,210, /* 0x 3c0 */ +139, 69,212, 82, 80,255,117,216, 86, 87,232,132,252,255,255,131, /* 0x 3d0 */ +196, 20, 57, 69,216,116, 15,106,127,232,113,252,255,255,139, 91, /* 0x 3e0 */ + 8,137, 93,212,235,216,129, 62,202,254,186,190,117, 42, 15,182, /* 0x 3f0 */ + 70, 7,141, 94, 8,107,192, 20,131,192, 8, 80, 86,232, 43,252, /* 0x 400 */ +255,255, 89, 90, 49,192,139, 86, 4, 57,208,115, 11,131, 59, 7, /* 0x 410 */ +116,204, 64,131,195, 20,235,241,106, 0,139, 85,212,106, 0,137, /* 0x 420 */ +240,106, 0, 87,106, 0,232, 84,253,255,255, 87,137,195,232, 36, /* 0x 430 */ +252,255,255,131,196, 24,235, 9, 3, 64, 4, 66,233, 86,255,255, /* 0x 440 */ +255,141,101,244,137,216, 91, 94, 95,201,195 /* 0x 450 */ }; diff --git a/src/stub/src/i386-darwin.macho-fold.S b/src/stub/src/i386-darwin.macho-fold.S index cb78d170..eae552bb 100644 --- a/src/stub/src/i386-darwin.macho-fold.S +++ b/src/stub/src/i386-darwin.macho-fold.S @@ -58,7 +58,7 @@ i386_ts_fs = 14*4 i386_ts_gs = 15*4 fold_begin: // In: ebx= &total_length - int3 +//// int3 lea edi,[-4+ esp] # &mhdrpp lea esi,[ 2+ ebp] # &f_unfilter mov edx,[ebx] # sz_total @@ -75,7 +75,27 @@ fold_begin: // In: ebx= &total_length call upx_main # Out: eax= &Mach_i386_thread_state of dyld mov ecx,[4*4 + esp] # sz_mhdr lea esp,[8*4 + 1*ecx + esp] # un_alloca - jmp [i386_ts_eip + eax] + push [i386_ts_eip + eax] + sub eax,eax + sub ecx,ecx + sub edx,edx + sub ebx,ebx + sub ebp,ebp + sub esi,esi + sub edi,edi + ret + +bswap: .globl bswap + mov eax,[4+ esp] # ptr + mov ecx,[8+ esp] # len +0: + mov edx,[eax] + .byte 0x0f,0xc8+2 // bswap edx + mov [eax],edx + sub ecx,4 + lea eax,[4+ eax] + jae 0b + ret SYS_exit =1 SYS_fork =2 @@ -86,6 +106,7 @@ SYS_close =6 SYS_pread =153 SYS_mmap =197 +SYS_munmap = 73 SYS_mprotect= 74 sysgo: @@ -95,6 +116,8 @@ sysgo: // lazy jmps enable compression of this code mprotect: .globl mprotect mov al,SYS_mprotect; jmps 2+ 0f; 0: +munmap: .globl munmap + mov al,SYS_munmap; jmps 2+ 0f; 0: exit: .globl exit mov al,SYS_exit; jmps 2+ 0f; 0: pread: .globl pread diff --git a/src/stub/src/i386-darwin.macho-main.c b/src/stub/src/i386-darwin.macho-main.c index 61704ceb..999f5b5d 100644 --- a/src/stub/src/i386-darwin.macho-main.c +++ b/src/stub/src/i386-darwin.macho-main.c @@ -211,10 +211,11 @@ typedef struct { unsigned align; /* shift count; log base 2 */ } Fat_arch; enum e8 { - FAT_MAGIC = 0xcafebabe + FAT_MAGIC = 0xbebafeca // 0xcafebabe in big endian }; enum e9 { CPU_TYPE_I386 = 7, + CPU_TYPE_AMD64 = 0x01000007, CPU_TYPE_POWERPC = 0x00000012, CPU_TYPE_POWERPC64 = 0x01000012 }; @@ -285,7 +286,7 @@ typedef struct { Mach_i386_thread_state state; } Mach_thread_command; enum e6 { - i386_THREAD_STATE = (unsigned)-1 + i386_THREAD_STATE = 1 }; enum e7 { i386_THREAD_STATE_COUNT = sizeof(Mach_i386_thread_state)/4 @@ -303,7 +304,10 @@ typedef union { #define PROT_WRITE 2 #define PROT_EXEC 4 -extern char *mmap(char *, size_t, unsigned, unsigned, int, /*off_t*/size_t); +typedef long long off_t; +extern char *mmap(char *, size_t, unsigned, unsigned, int, off_t); +extern ssize_t pread(int, void *, size_t, off_t); +extern void bswap(void *, unsigned); static Mach_i386_thread_state const * do_xmap( @@ -331,7 +335,9 @@ do_xmap( addr -= frag; mlen += frag; - if (0!=mlen && addr != mmap(addr, mlen, VM_PROT_READ | VM_PROT_WRITE, + // Decompressor can overrun the destination by 3 bytes. [i386 only] + if (0!=mlen && addr != mmap(addr, mlen + (xi ? 3 : 0), + VM_PROT_READ | VM_PROT_WRITE, MAP_FIXED | MAP_PRIVATE | ((xi || 0==sc->filesize) ? MAP_ANON : 0), ((0==sc->filesize) ? -1 : fdi), sc->fileoff + fat_offset) ) { @@ -357,6 +363,12 @@ ERR_LAB err_exit(9); } } + else if (xi) { // cleanup if decompressor overrun crosses page boundary + mlen = ~PAGE_MASK & (3+ mlen); + if (mlen<=3) { // page fragment was overrun buffer only + munmap(addr, mlen); + } + } } else if (LC_UNIXTHREAD==sc->cmd || LC_THREAD==sc->cmd) { Mach_thread_command const *const thrc = (Mach_thread_command const *)sc; @@ -421,8 +433,9 @@ ERR_LAB case MH_MAGIC: break; case FAT_MAGIC: { // stupid Apple: waste code and a page fault on EVERY execve - Fat_header const *const fh = (Fat_header const *)mhdr; - Fat_arch const *fa = (Fat_arch const *)(1+ fh); + Fat_header *const fh = (Fat_header *)mhdr; + Fat_arch *fa = (Fat_arch *)(1+ fh); + bswap(fh, sizeof(*fh) + (fh->nfat_arch>>24)*sizeof(*fa)); for (j= 0; j < fh->nfat_arch; ++j, ++fa) { if (CPU_TYPE_I386==fa->cputype) { fat_offset= fa->offset; diff --git a/src/stub/src/include/darwin.h b/src/stub/src/include/darwin.h index d9d2e19f..a8a0d484 100644 --- a/src/stub/src/include/darwin.h +++ b/src/stub/src/include/darwin.h @@ -85,8 +85,8 @@ typedef size_t uintptr_t; int close(int); void exit(int) __attribute__((__noreturn__,__nothrow__)); int mprotect(void *, size_t, int); +extern int munmap(char *, size_t); int open(char const *, unsigned, unsigned); -ssize_t pread(int, void *, size_t, unsigned); /************************************************************************* diff --git a/src/stub/src/powerpc-darwin.macho-main.c b/src/stub/src/powerpc-darwin.macho-main.c index 7b50e573..053abd94 100644 --- a/src/stub/src/powerpc-darwin.macho-main.c +++ b/src/stub/src/powerpc-darwin.macho-main.c @@ -316,6 +316,7 @@ typedef union { Adjust in mmap(). */ extern char *mmap(char *, size_t, unsigned, unsigned, int, /*off_t*/size_t); +ssize_t pread(int, void *, size_t, /*off_t*/unsigned); // FIXME? static Mach_ppc_thread_state const * do_xmap(