Master/upx
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Mach-o MH_EXECUTE rewrite; work-in-progress

Browse Source 
The stub for amd64 gets to upx_main()
	modified:   stub/src/amd64-darwin.macho-entry.S
	modified:   stub/src/amd64-darwin.macho-fold.S
	plus .h .bin.dump .map
This commit is contained in:
John Reiser
2017-12-09 20:18:39 -08:00
parent c6d6378005
commit 64557bee43
6 changed files with 887 additions and 831 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/stub/amd64-darwin.macho-entry.h
+611 -605
View File
File diff suppressed because it is too large Load Diff
src/stub/amd64-darwin.macho-fold.h
+89 -88
View File
@@ -1,5 +1,5 @@
/* amd64-darwin.macho-fold.h
created from amd64-darwin.macho-fold.bin, 1400 (0x578) bytes
created from amd64-darwin.macho-fold.bin, 1424 (0x590) bytes
This file is part of the UPX executable compressor.
@@ -31,97 +31,98 @@
*/
#define STUB_AMD64_DARWIN_MACHO_FOLD_SIZE 1400
#define STUB_AMD64_DARWIN_MACHO_FOLD_ADLER32 0x45325109
#define STUB_AMD64_DARWIN_MACHO_FOLD_CRC32 0x3fb2bf6b
#define STUB_AMD64_DARWIN_MACHO_FOLD_SIZE 1424
#define STUB_AMD64_DARWIN_MACHO_FOLD_ADLER32 0x54c558f7
#define STUB_AMD64_DARWIN_MACHO_FOLD_CRC32 0xae5d84a8
unsigned char stub_amd64_darwin_macho_fold[1400] = {
unsigned char stub_amd64_darwin_macho_fold[1424] = {
/* 0x0000 */ 232, 74, 0, 0, 0,131,249, 73,117, 68, 83, 87, 72,141, 76, 55,
/* 0x0010 */ 253, 94, 86, 91,235, 47, 72, 57,206,115, 50, 86, 94,172, 60,128,
/* 0x0020 */ 114, 10, 60,143,119, 6,128,126,254, 15,116, 6, 44,232, 60, 1,
/* 0x0030 */ 119,228, 72, 57,206,115, 22, 86,173, 40,208,117,223, 95, 15,200,
/* 0x0040 */ 41,248, 1,216,171, 72, 57,206,115, 3,172,235,223, 91,195, 65,
/* 0x0050 */ 89, 72,137,223,139, 51, 72, 41,247,106, 0,184, 0, 8, 0, 0,
/* 0x0060 */ 139, 79, 24, 57,193, 15, 66,200, 73,137,232, 73,137,228, 72, 41,
/* 0x0070 */ 204, 72,137,226, 65, 84,232,147, 3, 0, 0, 76,137,228,255,160,
/* 0x0080 */ 128, 0, 0, 0,139, 7, 15,200,137, 7,131,238, 4, 72,141,127,
/* 0x0090 */ 4,119,241,195,176, 4,235, 2,176, 1,235, 2,176, 74,235, 2,
/* 0x00a0 */ 176, 73,235, 2,176,153,235, 2,176, 6,235, 2,176, 5,235, 2,
/* 0x00b0 */ 176,197,235, 2,176, 3, 15,182,192, 13, 0, 0, 0, 2, 73,137,
/* 0x00c0 */ 202, 15, 5,115, 4, 72,131,200,255,195,144,144, 81, 72, 57, 23,
/* 0x00d0 */ 76,139, 71, 8, 72,141, 74,255,115, 10,191,127, 0, 0, 0,232,
/* 0x00e0 */ 180,255,255,255, 72,131,249,255,116, 17, 65, 15,182, 0, 72,255,
/* 0x00f0 */ 201, 73,255,192,136, 6, 72,255,198,235,233, 72, 1, 87, 8, 72,
/* 0x0100 */ 41, 23, 88,195, 65, 85, 73,137,213, 65, 84, 73,137,204, 85, 72,
/* 0x0110 */ 137,253, 83, 72,137,243, 72,131,236, 40, 72,131, 62, 0, 15,132,
/* 0x0120 */ 212, 0, 0, 0, 72,141,116, 36, 16,186, 12, 0, 0, 0, 72,137,
/* 0x0130 */ 239,232,150,255,255,255,139, 84, 36, 16,139,116, 36, 20,133,210,
/* 0x0140 */ 117, 21,129,254, 85, 80, 88, 33,117, 17, 72,131,125, 0, 0, 15,
/* 0x0150 */ 132,163, 0, 0, 0,235, 4,133,246,117, 10,191,127, 0, 0, 0,
/* 0x0160 */ 232, 51,255,255,255, 57,214,119,242,137,208, 72, 59, 3,119,235,
/* 0x0170 */ 57,214, 72,139, 67, 8,115, 90, 68, 15,182, 68, 36, 24,137, 84,
/* 0x0180 */ 36, 12, 72,141, 76, 36, 12, 72,139,125, 8, 72,137,194, 65,255,
/* 0x0190 */ 213,133,192,117,198,139,116, 36, 12, 59,116, 36, 16,117,188, 15,
/* 0x01a0 */ 182, 76, 36, 25,132,201, 15,149,194, 49,192, 77,133,228, 15,149,
/* 0x01b0 */ 192,133,194,116, 15, 15,182, 84, 36, 26, 15,182,201, 72,139,123,
/* 0x01c0 */ 8, 65,255,212,139, 68, 36, 20, 72, 1, 69, 8, 72, 41, 69, 0,
/* 0x01d0 */ 235, 13,137,242, 72,137,239, 72,137,198,232,237,254,255,255,139,
/* 0x01e0 */ 84, 36, 16, 72,139, 3, 72, 1, 83, 8, 72, 41,208, 72,133,192,
/* 0x01f0 */ 72,137, 3,233, 38,255,255,255, 72,131,196, 40, 91, 93, 65, 92,
/* 0x0200 */ 65, 93,195, 65, 87, 73,137,215, 65, 86, 65, 85, 73,137,253, 73,
/* 0x0210 */ 131,197, 32, 65, 84, 85, 83, 72,131,236, 88, 72,139,132, 36,144,
/* 0x0220 */ 0, 0, 0, 72,137,124, 36, 56,137,116, 36, 52,137, 76, 36, 48,
/* 0x0230 */ 76,137, 68, 36, 40, 76,137, 76, 36, 32, 72,137, 68, 36, 24, 49,
/* 0x0240 */ 192, 59, 71, 16, 72,199, 68, 36, 16, 0, 0, 0, 0,199, 68, 36,
/* 0x0250 */ 12, 0, 0, 0, 0, 15,131,159, 1, 0, 0, 65,139, 69, 0,131,
/* 0x0260 */ 248, 25, 15,133, 81, 1, 0, 0, 73,139, 85, 32, 72,133,210, 15,
/* 0x0270 */ 132, 68, 1, 0, 0, 73,139, 69, 48, 72,137, 68, 36, 64, 73,139,
/* 0x0280 */ 125, 24, 73,137,196, 72,137,251, 72,137,253, 72,137,124, 36, 72,
/* 0x0290 */ 129,227,255, 15, 0, 0, 76,141, 52, 23, 72, 41,221, 73, 1,220,
/* 0x02a0 */ 116, 70, 77,133,255, 76,137,230,116, 7, 73,141,116, 36, 3,235,
/* 0x02b0 */ 10, 72,133,192,185, 18, 0, 0, 0,117, 5,185, 18, 16, 0, 0,
/* 0x02c0 */ 65,131,200,255, 68,139, 76, 36, 52, 72,133,192, 68, 15, 69, 68,
/* 0x02d0 */ 36, 48, 69, 3, 77, 40,186, 3, 0, 0, 0, 72,137,239,232,205,
/* 0x02e0 */ 253,255,255, 72, 57,197,117,110, 77,133,255,116, 45, 73,131,125,
/* 0x02f0 */ 48, 0,116, 38, 73,131,125, 40, 0,117, 8, 72,139, 84, 36, 40,
/* 0x0300 */ 72,137, 42, 72,139, 76, 36, 24, 72,139, 84, 36, 32, 72,141,116,
/* 0x0310 */ 36, 64, 76,137,255,232,234,253,255,255, 76,137,227, 74,141, 84,
/* 0x0320 */ 37, 0, 72,247,219,129,227,255, 15, 0, 0, 72,137,216, 72,133,
/* 0x0330 */ 219,116, 11,198, 2, 0, 72,255,194, 72,255,200,235,243, 77,133,
/* 0x0340 */ 228,116, 29, 65,139, 85, 60, 76,137,230, 72,137,239,232, 74,253,
/* 0x0350 */ 255,255,133,192,116, 10,191,127, 0, 0, 0,232, 56,253,255,255,
/* 0x0360 */ 73,141, 4, 28, 72, 1,197, 76, 57,245,115, 42, 72,133,237,116,
/* 0x0370 */ 109, 65,139, 85, 60, 73, 41,238, 69, 49,201, 65,131,200,255,185,
/* 0x0380 */ 18, 16, 0, 0, 76,137,246, 72,137,239,232, 33,253,255,255, 72,
/* 0x0390 */ 57,197,116, 74,235,192, 77,133,255,116, 67, 73,131,196, 3, 65,
/* 0x03a0 */ 129,228,255, 15, 0, 0, 73,131,252, 3,119, 50, 76,137,230, 72,
/* 0x03b0 */ 137,239,232,233,252,255,255,235, 37,131,232, 4,131,248, 1,119,
/* 0x03c0 */ 29, 72,184, 4, 0, 0, 0, 42, 0, 0, 0, 73, 57, 69, 8, 73,
/* 0x03d0 */ 141, 85, 16, 72, 15, 69, 84, 36, 16, 72,137, 84, 36, 16, 65,139,
/* 0x03e0 */ 69, 4,255, 68, 36, 12,139, 84, 36, 12, 73, 1,197, 72,139, 68,
/* 0x03f0 */ 36, 56, 59, 80, 16,233, 91,254,255,255, 72,139, 68, 36, 16, 72,
/* 0x0400 */ 131,196, 88, 91, 93, 65, 92, 65, 93, 65, 94, 65, 95,195, 65, 86,
/* 0x0410 */ 73,137,206, 49,201, 65, 85, 69, 49,237, 65, 84, 77,137,204, 85,
/* 0x0420 */ 72,137,213, 72,141, 87, 24, 83, 76,137,195, 72,131,236, 64,139,
/* 0x0430 */ 127, 24, 72,137,116, 36, 56, 72,139, 68, 36, 56, 72,141,116, 36,
/* 0x0440 */ 16, 72,137, 84, 36, 40, 72,137, 84, 36, 8, 76,137,194, 72,137,
/* 0x0450 */ 108, 36, 24, 72,137,124, 36, 16, 72,141,124, 36, 32, 72,131,232,
/* 0x0460 */ 24, 72,137, 68, 36, 32, 72,137, 4, 36,232,149,252,255,255, 65,
/* 0x0470 */ 83, 73,137,217,131,201,255, 49,246, 72,137,239, 72,141, 84, 36,
/* 0x0480 */ 8, 65, 84, 76,139,132, 36,128, 0, 0, 0,232,115,253,255,255,
/* 0x0490 */ 65, 89, 65, 90,139,117, 16, 72,141, 85, 32, 72,137,195, 49,201,
/* 0x04a0 */ 57,241, 15,131,192, 0, 0, 0,131, 58, 14, 15,133,170, 0, 0,
/* 0x04b0 */ 0,139,122, 8, 49,246, 49,192, 72,141, 60, 58, 49,210,232,233,
/* 0x04c0 */ 251,255,255,133,192, 65,137,196,120, 22, 68,137,233, 76,137,242,
/* 0x04d0 */ 72,137,238, 68,137,231,232,201,251,255,255, 73, 57,198,116, 16,
/* 0x04e0 */ 191,127, 0, 0, 0,232,174,251,255,255, 68,139,107, 8,235,218,
/* 0x04f0 */ 139, 69, 0, 61,202,254,186,190,116, 7, 61,190,186,254,202,117,
/* 0x0500 */ 49, 72, 15,182,117, 7, 72,137,239, 72,141, 93, 8, 72,107,246,
/* 0x0510 */ 20,131,198, 8,232,107,251,255,255,139, 69, 4, 49,201, 57,193,
/* 0x0520 */ 115, 16,129, 59, 7, 0, 0, 1,116,192,255,193, 72,131,195, 20,
/* 0x0530 */ 235,236, 65, 80, 68,137,238, 69, 49,201, 69, 49,192, 68,137,225,
/* 0x0540 */ 106, 0, 49,210, 72,137,239,232,183,252,255,255, 68,137,231, 72,
/* 0x0550 */ 137,195,232, 81,251,255,255, 94, 95,235, 13,139, 66, 4,255,193,
/* 0x0560 */ 72, 1,194,233, 56,255,255,255, 72,131,196, 64, 72,137,216, 91,
/* 0x0570 */ 93, 65, 92, 65, 93, 65, 94,195
/* 0x0050 */ 89, 76,137,247, 76,137,254, 73,137,228,139, 79, 24,184, 0, 8,
/* 0x0060 */ 0, 0, 57,193, 15, 66,200, 73,141, 68, 36, 32, 73,137,232, 72,
/* 0x0070 */ 41,204, 72,137,226, 80,232,171, 3, 0, 0, 76,137,228, 72,139,
/* 0x0080 */ 136,128, 0, 0, 0, 72,137, 76, 36, 24, 80, 93, 95,232, 45, 0,
/* 0x0090 */ 0, 0, 95, 94,184, 73, 0, 0, 2,255,229,139, 7, 15,200,137,
/* 0x00a0 */ 7,131,238, 4, 72,141,127, 4,119,241,195,176, 4,235, 2,176,
/* 0x00b0 */ 1,235, 2,176, 74,235, 2,176, 73,235, 2,176,153,235, 2,176,
/* 0x00c0 */ 6,235, 2,176, 5,235, 2,176,197,235, 2,176, 3, 15,182,192,
/* 0x00d0 */ 13, 0, 0, 0, 2, 73,137,202, 15, 5,115, 4, 72,131,200,255,
/* 0x00e0 */ 195,144,144,144, 81, 72, 57, 23, 76,139, 71, 8, 72,141, 74,255,
/* 0x00f0 */ 115, 10,191,127, 0, 0, 0,232,179,255,255,255, 72,131,249,255,
/* 0x0100 */ 116, 17, 65, 15,182, 0, 72,255,201, 73,255,192,136, 6, 72,255,
/* 0x0110 */ 198,235,233, 72, 1, 87, 8, 72, 41, 23, 88,195, 65, 85, 73,137,
/* 0x0120 */ 213, 65, 84, 73,137,204, 85, 72,137,253, 83, 72,137,243, 72,131,
/* 0x0130 */ 236, 40, 72,131, 62, 0, 15,132,212, 0, 0, 0, 72,141,116, 36,
/* 0x0140 */ 16,186, 12, 0, 0, 0, 72,137,239,232,150,255,255,255,139, 84,
/* 0x0150 */ 36, 16,139,116, 36, 20,133,210,117, 21,129,254, 85, 80, 88, 33,
/* 0x0160 */ 117, 17, 72,131,125, 0, 0, 15,132,163, 0, 0, 0,235, 4,133,
/* 0x0170 */ 246,117, 10,191,127, 0, 0, 0,232, 50,255,255,255, 57,214,119,
/* 0x0180 */ 242,137,208, 72, 59, 3,119,235, 57,214, 72,139, 67, 8,115, 90,
/* 0x0190 */ 68, 15,182, 68, 36, 24,137, 84, 36, 12, 72,141, 76, 36, 12, 72,
/* 0x01a0 */ 139,125, 8, 72,137,194, 65,255,213,133,192,117,198,139,116, 36,
/* 0x01b0 */ 12, 59,116, 36, 16,117,188, 15,182, 76, 36, 25,132,201, 15,149,
/* 0x01c0 */ 194, 49,192, 77,133,228, 15,149,192,133,194,116, 15, 15,182, 84,
/* 0x01d0 */ 36, 26, 15,182,201, 72,139,123, 8, 65,255,212,139, 68, 36, 20,
/* 0x01e0 */ 72, 1, 69, 8, 72, 41, 69, 0,235, 13,137,242, 72,137,239, 72,
/* 0x01f0 */ 137,198,232,237,254,255,255,139, 84, 36, 16, 72,139, 3, 72, 1,
/* 0x0200 */ 83, 8, 72, 41,208, 72,133,192, 72,137, 3,233, 38,255,255,255,
/* 0x0210 */ 72,131,196, 40, 91, 93, 65, 92, 65, 93,195, 65, 87, 73,137,215,
/* 0x0220 */ 65, 86, 65, 85, 73,137,253, 73,131,197, 32, 65, 84, 85, 83, 72,
/* 0x0230 */ 131,236, 88, 72,139,132, 36,144, 0, 0, 0, 72,137,124, 36, 56,
/* 0x0240 */ 137,116, 36, 52,137, 76, 36, 48, 76,137, 68, 36, 40, 76,137, 76,
/* 0x0250 */ 36, 32, 72,137, 68, 36, 24, 49,192, 59, 71, 16, 72,199, 68, 36,
/* 0x0260 */ 16, 0, 0, 0, 0,199, 68, 36, 12, 0, 0, 0, 0, 15,131,159,
/* 0x0270 */ 1, 0, 0, 65,139, 69, 0,131,248, 25, 15,133, 81, 1, 0, 0,
/* 0x0280 */ 73,139, 85, 32, 72,133,210, 15,132, 68, 1, 0, 0, 73,139, 69,
/* 0x0290 */ 48, 72,137, 68, 36, 64, 73,139,125, 24, 73,137,196, 72,137,251,
/* 0x02a0 */ 72,137,253, 72,137,124, 36, 72,129,227,255, 15, 0, 0, 76,141,
/* 0x02b0 */ 52, 23, 72, 41,221, 73, 1,220,116, 70, 77,133,255, 76,137,230,
/* 0x02c0 */ 116, 7, 73,141,116, 36, 3,235, 10, 72,133,192,185, 18, 0, 0,
/* 0x02d0 */ 0,117, 5,185, 18, 16, 0, 0, 65,131,200,255, 68,139, 76, 36,
/* 0x02e0 */ 52, 72,133,192, 68, 15, 69, 68, 36, 48, 69, 3, 77, 40,186, 3,
/* 0x02f0 */ 0, 0, 0, 72,137,239,232,204,253,255,255, 72, 57,197,117,110,
/* 0x0300 */ 77,133,255,116, 45, 73,131,125, 48, 0,116, 38, 73,131,125, 40,
/* 0x0310 */ 0,117, 8, 72,139, 84, 36, 40, 72,137, 42, 72,139, 76, 36, 24,
/* 0x0320 */ 72,139, 84, 36, 32, 72,141,116, 36, 64, 76,137,255,232,234,253,
/* 0x0330 */ 255,255, 76,137,227, 74,141, 84, 37, 0, 72,247,219,129,227,255,
/* 0x0340 */ 15, 0, 0, 72,137,216, 72,133,219,116, 11,198, 2, 0, 72,255,
/* 0x0350 */ 194, 72,255,200,235,243, 77,133,228,116, 29, 65,139, 85, 60, 76,
/* 0x0360 */ 137,230, 72,137,239,232, 73,253,255,255,133,192,116, 10,191,127,
/* 0x0370 */ 0, 0, 0,232, 55,253,255,255, 73,141, 4, 28, 72, 1,197, 76,
/* 0x0380 */ 57,245,115, 42, 72,133,237,116,109, 65,139, 85, 60, 73, 41,238,
/* 0x0390 */ 69, 49,201, 65,131,200,255,185, 18, 16, 0, 0, 76,137,246, 72,
/* 0x03a0 */ 137,239,232, 32,253,255,255, 72, 57,197,116, 74,235,192, 77,133,
/* 0x03b0 */ 255,116, 67, 73,131,196, 3, 65,129,228,255, 15, 0, 0, 73,131,
/* 0x03c0 */ 252, 3,119, 50, 76,137,230, 72,137,239,232,232,252,255,255,235,
/* 0x03d0 */ 37,131,232, 4,131,248, 1,119, 29, 72,184, 4, 0, 0, 0, 42,
/* 0x03e0 */ 0, 0, 0, 73, 57, 69, 8, 73,141, 85, 16, 72, 15, 69, 84, 36,
/* 0x03f0 */ 16, 72,137, 84, 36, 16, 65,139, 69, 4,255, 68, 36, 12,139, 84,
/* 0x0400 */ 36, 12, 73, 1,197, 72,139, 68, 36, 56, 59, 80, 16,233, 91,254,
/* 0x0410 */ 255,255, 72,139, 68, 36, 16, 72,131,196, 88, 91, 93, 65, 92, 65,
/* 0x0420 */ 93, 65, 94, 65, 95,195, 65, 86, 73,137,206, 49,201, 65, 85, 69,
/* 0x0430 */ 49,237, 65, 84, 77,137,204, 85, 72,137,213, 72,141, 87, 24, 83,
/* 0x0440 */ 76,137,195, 72,131,236, 64,139,127, 24, 72,137,116, 36, 56, 72,
/* 0x0450 */ 139, 68, 36, 56, 72,141,116, 36, 16, 72,137, 84, 36, 40, 72,137,
/* 0x0460 */ 84, 36, 8, 76,137,194, 72,137,108, 36, 24, 72,137,124, 36, 16,
/* 0x0470 */ 72,141,124, 36, 32, 72,131,232, 24, 72,137, 68, 36, 32, 72,137,
/* 0x0480 */ 4, 36,232,149,252,255,255, 65, 83, 73,137,217,131,201,255, 49,
/* 0x0490 */ 246, 72,137,239, 72,141, 84, 36, 8, 65, 84, 76,139,132, 36,128,
/* 0x04a0 */ 0, 0, 0,232,115,253,255,255, 65, 89, 65, 90,139,117, 16, 72,
/* 0x04b0 */ 141, 85, 32, 72,137,195, 49,201, 57,241, 15,131,192, 0, 0, 0,
/* 0x04c0 */ 131, 58, 14, 15,133,170, 0, 0, 0,139,122, 8, 49,246, 49,192,
/* 0x04d0 */ 72,141, 60, 58, 49,210,232,232,251,255,255,133,192, 65,137,196,
/* 0x04e0 */ 120, 22, 68,137,233, 76,137,242, 72,137,238, 68,137,231,232,200,
/* 0x04f0 */ 251,255,255, 73, 57,198,116, 16,191,127, 0, 0, 0,232,173,251,
/* 0x0500 */ 255,255, 68,139,107, 8,235,218,139, 69, 0, 61,202,254,186,190,
/* 0x0510 */ 116, 7, 61,190,186,254,202,117, 49, 72, 15,182,117, 7, 72,137,
/* 0x0520 */ 239, 72,141, 93, 8, 72,107,246, 20,131,198, 8,232,106,251,255,
/* 0x0530 */ 255,139, 69, 4, 49,201, 57,193,115, 16,129, 59, 7, 0, 0, 1,
/* 0x0540 */ 116,192,255,193, 72,131,195, 20,235,236, 65, 80, 68,137,238, 69,
/* 0x0550 */ 49,201, 69, 49,192, 68,137,225,106, 0, 49,210, 72,137,239,232,
/* 0x0560 */ 183,252,255,255, 68,137,231, 72,137,195,232, 80,251,255,255, 94,
/* 0x0570 */ 95,235, 13,139, 66, 4,255,193, 72, 1,194,233, 56,255,255,255,
/* 0x0580 */ 72,131,196, 64, 72,137,216, 91, 93, 65, 92, 65, 93, 65, 94,195
};
src/stub/src/amd64-darwin.macho-entry.S
+96 -62
View File
@@ -69,6 +69,7 @@ SYSBASE= 0x02000000
SYS_mmap =0xc5 + SYSBASE
SYS_mprotect =0x4a + SYSBASE
SYS_munmap =0x49 + SYSBASE
SYS_open = 5 + SYSBASE
#define __c4(a,b,c,d) (((a)<<(0*8)) | ((b)<<(1*8)) | ((c)<<(2*8)) | ((d)<<(3*8)))
#define __c8(a,b,c,d,e,f,g,h) (__c4(a,b,c,d) | (__c4(e,f,g,h) << 32))
@@ -91,50 +92,12 @@ SYS_munmap =0x49 + SYSBASE
// Notes:
// Command-line debugger from Xcode: lldb foo; "process launch -s"
//0: .word -0b + &Mach_header64
//0: .word -0b + l_info
section MACHMAINX
_start: .globl _start
// int3
#define r_cmdp rbx
#define r_ncmds r12d
#define r_reloc r15
lea -2*4+_start(%rip),%rbp; movl (%rbp),%eax; sub %rax,%rbp // &Mach_header64
push %rbp // P_01 &Mach_header64 before argc
mov mhdr_ncmds(%rbp),%r_ncmds
lea sz_Mach_header64(%rbp),%r_cmdp // ptr
L20:
cmpl $LC_SEGMENT_64,mlc_cmd(%r_cmdp); jne L50
cmpl $__c4('T','E','X','T'),2+mseg_segname(%r_cmdp); jne L40
sub %arg1l,%arg1l // 0 addr
mov %arg1,%arg6 // 0 off_t
lea -1(%arg1),%arg5 // MAP_ANON_FD
mov $MAP_PRIVATE|MAP_ANON,%sys4l
mov $PROT_WRITE|PROT_READ,%arg3l
mov mseg_vmsize(%r_cmdp),%arg2
movl sz_unc+FOLD(%rip),%eax
add %rax,%arg2; mov %arg2,%r14
mov $SYS_mmap,%eax; syscall
mov %rax,%r_reloc // vmaddr
sub %rbp,%r_reloc // reloc
push %rax // P_02
// Copy only compression data, not Macho headers
movl msec_size + sz_Mach_segment(%r_cmdp),%ecx
movq msec_addr + sz_Mach_segment(%r_cmdp),%rsi
mov %rax,%rdi
add $7,%ecx; shr $3,%ecx; rep movsq
jmp L60 // break;
goto_clone:
addq %r_reloc,(%rsp) // retaddr += reloc
ret
L40: // not TEXT
L50: // not LC_SEGMENT64
mov mlc_cmdsize(%r_cmdp),%eax; add %rax,%r_cmdp
sub $1,%r_ncmds; jne L20
L60:
call main // push &decompress
ret_main:
int3
call main // push &f_exp
section MACH_UNC
/* Returns 0 on success; non-zero on failure. */
@@ -266,7 +229,8 @@ end_decompress: .globl end_decompress
/* IDENTSTR goes here */
section MACHMAINZ
#define PAGE_SIZE ( 1<<12)
PAGE_SIZE= ( 1<<12)
PAGE_MASK= -PAGE_SIZE
GAP= 128 // > farthest prefetch; must match ../../p_mach.cpp
NO_LAP= 64 // avoid overlap for folded loader; must match ../../p_mach.cpp
@@ -276,32 +240,102 @@ sz_b_info= 12
sz_cpr= 4
b_method= 8
#define r_RELOC r12
#define r_MHDR r12
#define r_ADRX r14
#define r_LENX r15
// Decompress the rest of this loader, and jump to it.
unfold:
pop %rsi // &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_fold...}
pop %rbx // &{ b_info:{sz_unc, sz_cpr, 4{byte}}, compressed_fold...}
pop %rdi // P_08 fd
pop %rcx // P_02
push %rdi; pop %arg3 // dst
push %rdi // P_03 entry addr to folded stub
push %rcx // P_04 &copied data
lodsl; push %rax // P_05 allocate slot on stack
movq %rsp,%arg4 // &dstlen ==> used by lzma for EOF
lodsl; push %rax // P_06 sz_cpr XXX: 4GB
lodsl; movzbl %al,%arg5l // b_method
push %rsi; pop %arg1 // src
pop %arg2 // P_06 sz_cpr
call *%rbp // decompress(src, srclen, dst, &dstlen, b_info.misc)
pop %rcx // P_05 discard len_dst
mov %rbx,%rdx
sub %r_MHDR,%rdx // LENU.static
add (%rbx),%edx // + LENU.dynamic (== .sz_unc)
push %rdx // LENU
push %rax // %ADRU
push %rdi // fd
push $PROT_EXEC|PROT_READ; pop %arg3
mov %r14,%arg2 // len
pop %arg1 // P_04 &copied data
mov $SYS_mprotect,%rax; syscall
// Reserve space for input file and unfolded stub.
subq %arg6,%arg6 // 0 offset
orl $-1,%arg5l // fd
push $MAP_PRIVATE|MAP_ANON; pop %sys4
push %rdx; pop %arg2 // len
push $PROT_READ|PROT_WRITE; pop %arg3
subl %arg1l,%arg1l // 0; kernel chooses addr
mov $SYS_mmap,%eax; syscall
subq %r_MHDR,%r_ADRX // offset(&l_info)
addq %rax,%r_ADRX // new &l_info
movq %rax,1*NBPW(%rsp) // ADRU
// Duplicate the input data.
xchgq %rax,%arg1 // same address
subq %arg6,%arg6 // 0 offset
movl (%rsp),%arg5l // fd
push $MAP_PRIVATE|MAP_FIXED; pop %sys4
push $PROT_READ|PROT_WRITE; pop %arg3
movq %rbx,%arg2
subq %r_MHDR,%arg2 // len
mov $SYS_mmap,%eax; syscall
// Remember new f_exp region for PROT_EXEC.
movq 2*NBPW(%rsp),%rdx // LENU
movq 4*NBPW(%rsp),%rcx // &Mach_header64
addq %rax,%rdx // new last of unfoded
subq %rcx,%rax // new - old
movq %rax,%r_RELOC // relocation constant
addq %rbp,%rax; push %rax // P_10 new f_exp
andq $PAGE_MASK,%rax; push %rax // P_11 address
subq %rax,%rdx; push %rdx // P_12 length
// Unfold
movq %rbx,%rsi
lodsl; push %rax; movq %rsp,%arg4 // P_13 .sz_unc; &dstlen
lea (%rbx,%r_RELOC),%arg3 // dst= new unfold
movq %arg3,%r13 // execute here
lodsl; push %rax // P_14 tmp= .sz_cpr
lodsl; xchg %eax,%arg5l // .b_method
movq %rsi,%arg1 // src
pop %arg2 // P_14 srclen
call *%rbp // old f_exp
pop %ecx // P_13 toss .sz_unc
// PROT_EXEC
pop %arg2 // P_12 length
pop %arg1 // P_11 addr
pop %rbp // P_10 new f_exp
push $PROT_READ|PROT_EXEC; pop %arg3
mov $SYS_mprotect,%eax; syscall
// Use the copy.
// %r14= ADRX; %r15= LENX;
// rsp/ fd,ADRU,LENU,%entry,&Mach_header64
jmp *%r13
lea -4+ _start - ret_main(%rbp),%rbx // &total_length for fold:
ret // P_03
main:
pop %rbp // &decompress
push %rsp; pop %rdi; xor %eax,%eax; or $~0,%ecx
push %rax // %&Mach_header64
push %rax // %entry
repne scasq // past argv
repne scasq // past envp
push %rdi; pop %rsi // &apple[0]
L10:
lodsq; test %rax,%rax; je L99 // %rax= *apple++;
movabs $__c8('e','x','e','c','u','t','a','b'),%rcx; cmp %rcx, (%rax); jne L10
movabs $__c8('l','e','_','p','a','t','h','='),%rcx; cmp %rcx,8(%rax); jne L10
lea 16(%rax),%arg1
sub %arg2l,%arg2l // O_RDONLY
mov $SYS_open,%eax; syscall
push %rax // P_08 save fd
L99:
lea -2*4 + _start(%rip),%rsi
mov %rsi,%r_MHDR; lodsl; sub %rax,%r_MHDR // &Mach_header64
mov %rsi,%r_ADRX; lodsl; sub %rax,%r_ADRX // &l_info
lea -2*4(%rax),%r_LENX // omit words before _start
movq %r_MHDR,2*NBPW(%rsp) // fd,%entry,mhdr
call unfold
FOLD:
// compressed fold_elf86 follows
src/stub/src/amd64-darwin.macho-fold.S
+28 -15
View File
@@ -29,6 +29,7 @@
* <jreiser@users.sourceforge.net>
*/
NBPW= 8
#include "arch/amd64/macros.S"
sz_b_info= 12
@@ -41,28 +42,38 @@ sz_p_info= 12
_start: .globl _start # ignored, but silence "cannot find entry symbol _start" from ld
fold_begin: // In: %rbx= &total_length; %rbp= &decompress
fold_begin: // In: %rbp= &f_exp; %r14= ADRX; %r15= LENX
// rsp/ fd,ADRU,LENU,%entry,&Mach_header64, argc,argv,0,envp,0,apple,0,strings
// int3
call L90 # push &L90
#include "arch/amd64/bxx.S"
L90:
pop %arg6 # L90; &amdbxx: f_unfilter
movq %rbx,%arg1
movl (%rbx),%arg2l // total length; offset to {l_info; p_info; b_info}
subq %arg2,%arg1 // &{l_info; p_ifo, b_info}
push $0 # default value for mhdrp
movl $2048,%eax
movl sz_unc+sz_p_info+sz_l_info(%arg1),%arg4l // sz_mhdr
cmpl %eax,%arg4l; cmovb %eax,%arg4l // at least 2KiB for /usr/lib/dyld
movq %rbp,%arg5 // f_decompress
pop %arg6 # &amdbxx: f_unfilter
movq %r14,%arg1 // ADRX
movq %r15,%arg2 // LENX
movq %rsp,%r12 // remember for un-alloca
subq %arg4,%rsp // alloca
movl sz_unc+sz_p_info+sz_l_info(%arg1),%arg4l // sz_mhdr
movl $2048,%eax // >= 2KiB for /usr/lib/dyld
cmpl %eax,%arg4l
cmovb %eax,%arg4l // sz_mhdr
lea 4*NBPW(%r12),%rax // &&Mach_header64 for arg7
movq %rbp,%arg5 // f_decompress
subq %arg4,%rsp // alloca(sz_mhdr)
movq %rsp,%arg3 // temp char mhdr[sz_mhdr]
push %r12 // (arg7) mhdrpp= &mhdrp
push %rax // (arg7) mhdrpp= &mhdrp
// upx_main(&l_info,len_cpr,temp[sz_mhdr],sz_mhdr,f_exp,f_unf,mhdr **)
call upx_main # Out: rax= &Mach_AMD64_thread_state of dyld
movq %r12,%rsp // unalloca
AMD64_ts_rip= 16*8
jmp *AMD64_ts_rip(%rax) # %rsp: mhdrp, argc, argv...
AMD64_ts_rip= 16*NBPW
movq AMD64_ts_rip(%rax),%rcx
movq %rcx,3*NBPW(%rsp) // entry
push %rax; pop %rbp // save &thread_state
pop %arg1 // fd
call close
pop %arg1 // ADRU
pop %arg2 // LENU
mov $SYS_munmap+SYSBASE,%eax
jmp *%rbp // munmap(ADRU,LENU); ret
bswap: .globl bswap
0:
@@ -74,6 +85,8 @@ bswap: .globl bswap
ja 0b
ret
SYSBASE= 0x02000000
SYS_exit =1
SYS_read =3
SYS_write =4
@@ -105,7 +118,7 @@ mmap: .globl mmap
read: .globl read
mov $SYS_read,%al
movzbl %al,%eax; or $0x02000000,%eax
movzbl %al,%eax; or $SYSBASE,%eax
mov %rcx,%r10
syscall // .byte 0x0f,0x05
jnc 0f
src/stub/tmp/amd64-darwin.macho-entry.bin.dump
+18 -16
View File
@@ -3,19 +3,19 @@ file format elf64-x86-64
Sections:
Idx Name Size VMA LMA File off Algn Flags
0 AMD64BXX 0000004c 0000000000000000 0000000000000000 00000040 2**0 CONTENTS, READONLY
1 MACHMAINX 00000082 0000000000000000 0000000000000000 0000008c 2**0 CONTENTS, RELOC, READONLY
2 MACH_UNC 00000008 0000000000000000 0000000000000000 0000010e 2**0 CONTENTS, READONLY
3 NRV_HEAD 00000067 0000000000000000 0000000000000000 00000116 2**0 CONTENTS, READONLY
4 NRV2E 000000b7 0000000000000000 0000000000000000 0000017d 2**0 CONTENTS, RELOC, READONLY
5 NRV2D 0000009e 0000000000000000 0000000000000000 00000234 2**0 CONTENTS, RELOC, READONLY
6 NRV2B 00000090 0000000000000000 0000000000000000 000002d2 2**0 CONTENTS, RELOC, READONLY
7 LZMA_ELF00 00000064 0000000000000000 0000000000000000 00000362 2**0 CONTENTS, RELOC, READONLY
8 LZMA_DEC10 000009f7 0000000000000000 0000000000000000 000003c6 2**0 CONTENTS, READONLY
9 LZMA_DEC20 000009f7 0000000000000000 0000000000000000 00000dbd 2**0 CONTENTS, READONLY
10 LZMA_DEC30 00000014 0000000000000000 0000000000000000 000017b4 2**0 CONTENTS, READONLY
11 NRV_TAIL 00000000 0000000000000000 0000000000000000 000017c8 2**0 CONTENTS, READONLY
12 MACHMAINY 00000011 0000000000000000 0000000000000000 000017c8 2**0 CONTENTS, READONLY
13 MACHMAINZ 00000036 0000000000000000 0000000000000000 000017d9 2**0 CONTENTS, READONLY
1 MACHMAINX 00000006 0000000000000000 0000000000000000 0000008c 2**0 CONTENTS, RELOC, READONLY
2 MACH_UNC 00000008 0000000000000000 0000000000000000 00000092 2**0 CONTENTS, READONLY
3 NRV_HEAD 00000067 0000000000000000 0000000000000000 0000009a 2**0 CONTENTS, READONLY
4 NRV2E 000000b7 0000000000000000 0000000000000000 00000101 2**0 CONTENTS, RELOC, READONLY
5 NRV2D 0000009e 0000000000000000 0000000000000000 000001b8 2**0 CONTENTS, RELOC, READONLY
6 NRV2B 00000090 0000000000000000 0000000000000000 00000256 2**0 CONTENTS, RELOC, READONLY
7 LZMA_ELF00 00000064 0000000000000000 0000000000000000 000002e6 2**0 CONTENTS, RELOC, READONLY
8 LZMA_DEC10 000009f7 0000000000000000 0000000000000000 0000034a 2**0 CONTENTS, READONLY
9 LZMA_DEC20 000009f7 0000000000000000 0000000000000000 00000d41 2**0 CONTENTS, READONLY
10 LZMA_DEC30 00000014 0000000000000000 0000000000000000 00001738 2**0 CONTENTS, READONLY
11 NRV_TAIL 00000000 0000000000000000 0000000000000000 0000174c 2**0 CONTENTS, READONLY
12 MACHMAINY 00000011 0000000000000000 0000000000000000 0000174c 2**0 CONTENTS, READONLY
13 MACHMAINZ 00000107 0000000000000000 0000000000000000 0000175d 2**0 CONTENTS, RELOC, READONLY
SYMBOL TABLE:
0000000000000000 l d NRV_HEAD 0000000000000000 NRV_HEAD
0000000000000000 l d LZMA_DEC30 0000000000000000 LZMA_DEC30
@@ -36,9 +36,7 @@ SYMBOL TABLE:
RELOCATION RECORDS FOR [MACHMAINX]:
OFFSET TYPE VALUE
0000000000000003 R_X86_64_PC32 _start+0xfffffffffffffff4
000000000000003f R_X86_64_PC32 MACHMAINZ+0x0000000000000032
000000000000007e R_X86_64_PC32 MACHMAINZ+0x000000000000002c
0000000000000002 R_X86_64_PC32 MACHMAINZ+0x000000000000009a
RELOCATION RECORDS FOR [NRV2E]:
OFFSET TYPE VALUE
@@ -58,3 +56,7 @@ OFFSET TYPE VALUE
RELOCATION RECORDS FOR [LZMA_ELF00]:
OFFSET TYPE VALUE
0000000000000006 R_X86_64_PC32 LZMA_DEC30+0x0000000000000010
RELOCATION RECORDS FOR [MACHMAINZ]:
OFFSET TYPE VALUE
00000000000000e7 R_X86_64_PC32 _start+0xfffffffffffffff4
src/stub/tmp/amd64-darwin.macho-fold.map
+45 -45
View File
@@ -72,31 +72,31 @@ LOAD tmp/amd64-darwin.macho-main.o
.plt
*(.plt)
.text 0x0000000008048000 0x578
.text 0x0000000008048000 0x590
*(.text .stub .text.* .gnu.linkonce.t.*)
.text 0x0000000008048000 0xca tmp/amd64-darwin.macho-fold.o
0x00000000080480a0 munmap
0x0000000008048084 bswap
0x00000000080480b0 mmap
0x0000000008048094 write
.text 0x0000000008048000 0xe1 tmp/amd64-darwin.macho-fold.o
0x00000000080480b7 munmap
0x000000000804809b bswap
0x00000000080480c7 mmap
0x00000000080480ab write
0x0000000008048000 _start
0x00000000080480b4 read
0x00000000080480a4 pread
0x0000000008048098 exit
0x00000000080480ac open
0x000000000804809c mprotect
0x00000000080480a8 close
*fill* 0x00000000080480ca 0x2 90909090
.text 0x00000000080480cc 0x4ac tmp/amd64-darwin.macho-main.o
0x000000000804840e upx_main
0x00000000080480cb read
0x00000000080480bb pread
0x00000000080480af exit
0x00000000080480c3 open
0x00000000080480b3 mprotect
0x00000000080480bf close
*fill* 0x00000000080480e1 0x3 90909090
.text 0x00000000080480e4 0x4ac tmp/amd64-darwin.macho-main.o
0x0000000008048426 upx_main
*(.text.*personality*)
*(.gnu.warning)
.fini
*(.fini)
0x0000000008048578 PROVIDE (__etext, .)
0x0000000008048578 PROVIDE (_etext, .)
0x0000000008048578 PROVIDE (etext, .)
0x0000000008048590 PROVIDE (__etext, .)
0x0000000008048590 PROVIDE (_etext, .)
0x0000000008048590 PROVIDE (etext, .)
.rodata
*(.rodata .rodata.* .gnu.linkonce.r.*)
@@ -112,8 +112,8 @@ LOAD tmp/amd64-darwin.macho-main.o
.gcc_except_table
*(.gcc_except_table .gcc_except_table.*)
0x0000000008048578 . = (ALIGN (0x1000) - ((0x1000 - .) & 0xfff))
0x0000000008049578 . = (0x1000 DATA_SEGMENT_ALIGN 0x1000)
0x0000000008048590 . = (ALIGN (0x1000) - ((0x1000 - .) & 0xfff))
0x0000000008049590 . = (0x1000 DATA_SEGMENT_ALIGN 0x1000)
.eh_frame
*(.eh_frame)
@@ -128,22 +128,22 @@ LOAD tmp/amd64-darwin.macho-main.o
*(.tbss .tbss.* .gnu.linkonce.tb.*)
*(.tcommon)
.preinit_array 0x0000000008049578 0x0
0x0000000008049578 PROVIDE (__preinit_array_start, .)
.preinit_array 0x0000000008049590 0x0
0x0000000008049590 PROVIDE (__preinit_array_start, .)
*(.preinit_array)
0x0000000008049578 PROVIDE (__preinit_array_end, .)
0x0000000008049590 PROVIDE (__preinit_array_end, .)
.init_array 0x0000000008049578 0x0
0x0000000008049578 PROVIDE (__init_array_start, .)
.init_array 0x0000000008049590 0x0
0x0000000008049590 PROVIDE (__init_array_start, .)
*(SORT(.init_array.*))
*(.init_array)
0x0000000008049578 PROVIDE (__init_array_end, .)
0x0000000008049590 PROVIDE (__init_array_end, .)
.fini_array 0x0000000008049578 0x0
0x0000000008049578 PROVIDE (__fini_array_start, .)
.fini_array 0x0000000008049590 0x0
0x0000000008049590 PROVIDE (__fini_array_start, .)
*(.fini_array)
*(SORT(.fini_array.*))
0x0000000008049578 PROVIDE (__fini_array_end, .)
0x0000000008049590 PROVIDE (__fini_array_end, .)
.ctors
*crtbegin*.o(.ctors)
@@ -169,35 +169,35 @@ LOAD tmp/amd64-darwin.macho-main.o
.got
*(.got)
0x0000000008049578 . = (. DATA_SEGMENT_RELRO_END 0xc)
0x0000000008049590 . = (. DATA_SEGMENT_RELRO_END 0xc)
.got.plt
*(.got.plt)
.data 0x0000000008049578 0x0
.data 0x0000000008049590 0x0
*(.data .data.* .gnu.linkonce.d.*)
.data 0x0000000008049578 0x0 tmp/amd64-darwin.macho-fold.o
.data 0x0000000008049578 0x0 tmp/amd64-darwin.macho-main.o
.data 0x0000000008049590 0x0 tmp/amd64-darwin.macho-fold.o
.data 0x0000000008049590 0x0 tmp/amd64-darwin.macho-main.o
*(.gnu.linkonce.d.*personality*)
.data1
*(.data1)
0x0000000008049578 _edata = .
0x0000000008049578 PROVIDE (edata, .)
0x0000000008049578 __bss_start = .
0x0000000008049590 _edata = .
0x0000000008049590 PROVIDE (edata, .)
0x0000000008049590 __bss_start = .
.bss 0x0000000008049578 0x0
.bss 0x0000000008049590 0x0
*(.dynbss)
*(.bss .bss.* .gnu.linkonce.b.*)
.bss 0x0000000008049578 0x0 tmp/amd64-darwin.macho-fold.o
.bss 0x0000000008049578 0x0 tmp/amd64-darwin.macho-main.o
.bss 0x0000000008049590 0x0 tmp/amd64-darwin.macho-fold.o
.bss 0x0000000008049590 0x0 tmp/amd64-darwin.macho-main.o
*(COMMON)
0x0000000008049578 . = ALIGN ((. != 0x0)?0x4:0x1)
0x0000000008049578 . = ALIGN (0x4)
0x0000000008049578 . = ALIGN (0x4)
0x0000000008049578 _end = .
0x0000000008049578 PROVIDE (end, .)
0x0000000008049578 . = DATA_SEGMENT_END (.)
0x0000000008049590 . = ALIGN ((. != 0x0)?0x4:0x1)
0x0000000008049590 . = ALIGN (0x4)
0x0000000008049590 . = ALIGN (0x4)
0x0000000008049590 _end = .
0x0000000008049590 PROVIDE (end, .)
0x0000000008049590 . = DATA_SEGMENT_END (.)
.stab
*(.stab)