void PackWcle::pack(OutputFile *fo)
{
handleStub(fo);
if (ih.byte_order || ih.word_order
|| ih.exe_format_level
|| ih.cpu_type < 2 || ih.cpu_type > 5
|| ih.target_os != 1
|| ih.module_type != 0x200
|| ih.object_iterate_data_map_offset
|| ih.resource_entries
|| ih.module_directives_entries
|| ih.imported_modules_count
|| ih.object_table_entries > 255)
throwCantPack("watcom/le: unexpected value in header");
readObjectTable();
readPageMap();
readResidentNames();
readEntryTable();
readFixupPageTable();
readFixups();
readImage();
readNonResidentNames();
// if (find_le32(iimage,20,get_le32("UPX ")) >= 0)
if (find_le32(iimage,UPX_MIN(soimage,256u),UPX_MAGIC_LE32) >= 0)
throwAlreadyPacked();
if (ih.init_ss_object != objects)
throwCantPack("the stack is not in the last object");
preprocessFixups();
const unsigned text_size = IOT(ih.init_cs_object-1,npages) * mps;
const unsigned text_vaddr = IOT(ih.init_cs_object-1,my_base_address);
// attach some useful data at the end of preprocessed fixups
ifixups[sofixups++] = (unsigned char) (ih.automatic_data_object & 0xff);
unsigned ic = objects*sizeof(*iobject_table);
memcpy(ifixups+sofixups,iobject_desc,ic);
iobject_desc.dealloc();
sofixups += ic;
set_le32(ifixups+sofixups,ih.init_esp_offset+IOT(ih.init_ss_object-1,my_base_address)); // old stack pointer
set_le32(ifixups+sofixups+4,ih.init_eip_offset+text_vaddr); // real entry point
set_le32(ifixups+sofixups+8,mps*pages); // virtual address of unpacked relocations
ifixups[sofixups+12] = (unsigned char) (unsigned) objects;
sofixups += 13;
// prepare filter
Filter ft(ph.level);
ft.buf_len = text_size;
ft.addvalue = text_vaddr;
// compress
encodeImage(&ft);
const unsigned lsize = getLoaderSize();
neweip = getLoaderSection("WCLEMAIN");
int e_len = getLoaderSectionStart("WCLECUTP");
const unsigned d_len = lsize - e_len;
assert(e_len > 0 && e_len < RESERVED);
memmove(oimage+e_len,oimage+RESERVED,soimage);
soimage += lsize;
opages = (soimage+mps-1)/mps;
oh.bytes_on_last_page = soimage%mps;
encodeObjectTable();
encodeFixups();
encodeFixupPageTable();
encodePageMap();
encodeEntryTable();
encodeResidentNames();
encodeNonResidentNames();
// patch loader
ic = (OOT(0,virtual_size) - d_len) &~ 15;
assert(ic > ((ph.u_len + ph.overlap_overhead + 31) &~ 15));
linker->defineSymbol("WCLECUTP", ic);
linker->defineSymbol("original_entry", ih.init_eip_offset + text_vaddr);
linker->defineSymbol("original_stack", ih.init_esp_offset +
IOT(ih.init_ss_object - 1, my_base_address));
linker->defineSymbol("start_of_relocs", mps*pages);
defineDecompressorSymbols();
defineFilterSymbols(&ft);
linker->defineSymbol("filter_buffer_start", text_vaddr);
unsigned jpos = (((ph.c_len + 3) &~ 3) + d_len + 3) / 4;
linker->defineSymbol("words_to_copy", jpos);
linker->defineSymbol("copy_dest", ((ic + d_len + 3) &~ 3) - 4);
linker->defineSymbol("copy_source", e_len + jpos * 4 - 4);
relocateLoader();
MemBuffer loader(lsize);
memcpy(loader, getLoader(), lsize);
patchPackHeader(loader, lsize);
memcpy(oimage, loader, e_len);
memcpy(oimage + soimage - d_len, loader + e_len, d_len);
writeFile(fo, opt->watcom_le.le);
// verify
verifyOverlappingDecompression(oimage + e_len, oimage.getSize() - e_len);
// copy the overlay
const unsigned overlaystart = ih.data_pages_offset + exe_offset
+ getImageSize();
const unsigned overlay = file_size - overlaystart - ih.non_resident_name_table_length;
checkOverlay(overlay);
copyOverlay(fo, overlay, &oimage);
// finally check the compression ratio
if (!checkFinalCompressionRatio(fo))
throwNotCompressible();
}
int PackUnix::pack2(OutputFile *fo, Filter &ft)
{
// compress blocks
unsigned total_in = 0;
unsigned total_out = 0;
// FIXME: ui_total_passes is not correct with multiple blocks...
// ui_total_passes = (file_size + blocksize - 1) / blocksize;
// if (ui_total_passes == 1)
// ui_total_passes = 0;
unsigned remaining = file_size;
unsigned n_block = 0;
while (remaining > 0)
{
// FIXME: disable filters if we have more than one block.
// FIXME: There is only 1 un-filter in the stub [as of 2002-11-10].
// So the next block really has no choice!
// This merely prevents an assert() in compressWithFilters(),
// which assumes it has free choice on each call [block].
// And if the choices aren't the same on each block,
// then un-filtering will give incorrect results.
int filter_strategy = getStrategy(ft);
if (file_size > (off_t)blocksize)
filter_strategy = -3; // no filters
int l = fi->readx(ibuf, UPX_MIN(blocksize, remaining));
remaining -= l;
// Note: compression for a block can fail if the
// file is e.g. blocksize + 1 bytes long
// compress
ph.overlap_overhead = 0;
ph.c_len = ph.u_len = l;
ft.buf_len = l;
// compressWithFilters() updates u_adler _inside_ compress();
// that is, AFTER filtering. We want BEFORE filtering,
// so that decompression checks the end-to-end checksum.
unsigned const end_u_adler = upx_adler32(ibuf, ph.u_len, ph.u_adler);
compressWithFilters(&ft, OVERHEAD, NULL_cconf, filter_strategy,
!!n_block++); // check compression ratio only on first block
if (ph.c_len < ph.u_len) {
const upx_bytep tbuf = NULL;
if (ft.id == 0) tbuf = ibuf;
ph.overlap_overhead = OVERHEAD;
if (!testOverlappingDecompression(obuf, tbuf, ph.overlap_overhead)) {
// not in-place compressible
ph.c_len = ph.u_len;
}
}
if (ph.c_len >= ph.u_len) {
// block is not compressible
ph.c_len = ph.u_len;
// must manually update checksum of compressed data
ph.c_adler = upx_adler32(ibuf, ph.u_len, ph.saved_c_adler);
}
// write block header
b_info blk_info;
memset(&blk_info, 0, sizeof(blk_info));
set_te32(&blk_info.sz_unc, ph.u_len);
set_te32(&blk_info.sz_cpr, ph.c_len);
if (ph.c_len < ph.u_len) {
blk_info.b_method = (unsigned char) ph.method;
blk_info.b_ftid = (unsigned char) ph.filter;
blk_info.b_cto8 = (unsigned char) ph.filter_cto;
}
fo->write(&blk_info, sizeof(blk_info));
b_len += sizeof(b_info);
// write compressed data
if (ph.c_len < ph.u_len) {
fo->write(obuf, ph.c_len);
verifyOverlappingDecompression(); // uses ph.u_adler
}
else {
fo->write(ibuf, ph.u_len);
}
ph.u_adler = end_u_adler;
total_in += ph.u_len;
total_out += ph.c_len;
}
// update header with totals
ph.u_len = total_in;
ph.c_len = total_out;
if ((off_t)total_in != file_size) {
throwEOFException();
}
return 1; // default: write end-of-compression bhdr next
}
void PackUnix::packExtent(
const Extent &x,
unsigned &total_in,
unsigned &total_out,
Filter *ft,
OutputFile *fo,
unsigned hdr_u_len
)
{
unsigned const init_u_adler = ph.u_adler;
unsigned const init_c_adler = ph.c_adler;
MemBuffer hdr_ibuf;
if (hdr_u_len) {
hdr_ibuf.alloc(hdr_u_len);
fi->seek(0, SEEK_SET);
int l = fi->readx(hdr_ibuf, hdr_u_len);
(void)l;
}
fi->seek(x.offset, SEEK_SET);
for (off_t rest = x.size; 0 != rest; ) {
int const filter_strategy = ft ? getStrategy(*ft) : 0;
int l = fi->readx(ibuf, UPX_MIN(rest, (off_t)blocksize));
if (l == 0) {
break;
}
rest -= l;
// Note: compression for a block can fail if the
// file is e.g. blocksize + 1 bytes long
// compress
ph.c_len = ph.u_len = l;
ph.overlap_overhead = 0;
unsigned end_u_adler = 0;
if (ft) {
// compressWithFilters() updates u_adler _inside_ compress();
// that is, AFTER filtering. We want BEFORE filtering,
// so that decompression checks the end-to-end checksum.
end_u_adler = upx_adler32(ibuf, ph.u_len, ph.u_adler);
ft->buf_len = l;
// compressWithFilters() requirements?
ph.filter = 0;
ph.filter_cto = 0;
ft->id = 0;
ft->cto = 0;
compressWithFilters(ft, OVERHEAD, NULL_cconf, filter_strategy,
0, 0, 0, hdr_ibuf, hdr_u_len);
}
else {
(void) compress(ibuf, ph.u_len, obuf); // ignore return value
}
if (ph.c_len < ph.u_len) {
const upx_bytep tbuf = NULL;
if (ft == NULL || ft->id == 0) tbuf = ibuf;
ph.overlap_overhead = OVERHEAD;
if (!testOverlappingDecompression(obuf, tbuf, ph.overlap_overhead)) {
// not in-place compressible
ph.c_len = ph.u_len;
}
}
if (ph.c_len >= ph.u_len) {
// block is not compressible
ph.c_len = ph.u_len;
memcpy(obuf, ibuf, ph.c_len);
// must update checksum of compressed data
ph.c_adler = upx_adler32(ibuf, ph.u_len, ph.saved_c_adler);
}
// write block sizes
b_info tmp;
if (hdr_u_len) {
unsigned hdr_c_len = 0;
MemBuffer hdr_obuf;
hdr_obuf.allocForCompression(hdr_u_len);
int r = upx_compress(hdr_ibuf, hdr_u_len, hdr_obuf, &hdr_c_len, 0,
ph.method, 10, NULL, NULL);
if (r != UPX_E_OK)
throwInternalError("header compression failed");
if (hdr_c_len >= hdr_u_len)
throwInternalError("header compression size increase");
ph.saved_u_adler = upx_adler32(hdr_ibuf, hdr_u_len, init_u_adler);
ph.saved_c_adler = upx_adler32(hdr_obuf, hdr_c_len, init_c_adler);
ph.u_adler = upx_adler32(ibuf, ph.u_len, ph.saved_u_adler);
ph.c_adler = upx_adler32(obuf, ph.c_len, ph.saved_c_adler);
end_u_adler = ph.u_adler;
memset(&tmp, 0, sizeof(tmp));
set_te32(&tmp.sz_unc, hdr_u_len);
set_te32(&tmp.sz_cpr, hdr_c_len);
tmp.b_method = (unsigned char) ph.method;
fo->write(&tmp, sizeof(tmp));
b_len += sizeof(b_info);
fo->write(hdr_obuf, hdr_c_len);
total_out += hdr_c_len;
total_in += hdr_u_len;
hdr_u_len = 0; // compress hdr one time only
}
memset(&tmp, 0, sizeof(tmp));
set_te32(&tmp.sz_unc, ph.u_len);
set_te32(&tmp.sz_cpr, ph.c_len);
if (ph.c_len < ph.u_len) {
tmp.b_method = (unsigned char) ph.method;
if (ft) {
tmp.b_ftid = (unsigned char) ft->id;
tmp.b_cto8 = ft->cto;
}
}
fo->write(&tmp, sizeof(tmp));
b_len += sizeof(b_info);
if (ft) {
ph.u_adler = end_u_adler;
}
// write compressed data
if (ph.c_len < ph.u_len) {
fo->write(obuf, ph.c_len);
// Checks ph.u_adler after decompression, after unfiltering
verifyOverlappingDecompression(ft);
}
else {
fo->write(ibuf, ph.u_len);
}
total_in += ph.u_len;
total_out += ph.c_len;
}
}
// read full kernel into obuf[], gzip-decompress into ibuf[],
// return decompressed size
int PackVmlinuzI386::decompressKernel()
{
// read whole kernel image
obuf.alloc(file_size);
fi->seek(0, SEEK_SET);
fi->readx(obuf, file_size);
{
const upx_byte *base = NULL;
unsigned relocated = 0;
// See startup_32: in linux/arch/i386/boot/compressed/head.S
const upx_byte *p = &obuf[setup_size];
unsigned cpa_0 = 0;
unsigned cpa_1 = 0;
int j;
if (0x205<=h.version) {
cpa_0 = h.kernel_alignment;
cpa_1 = 0u - cpa_0;
} else
for ((p = &obuf[setup_size]), (j= 0); j < 0x200; ++j, ++p) {
if (0==memcmp("\x89\xeb\x81\xc3", p, 4)
&& 0==memcmp("\x81\xe3", 8+ p, 2)) {
// movl %ebp,%ebx
// addl $imm.w,%ebx
// andl $imm.w,%ebx
cpa_0 = 1+ get_te32( 4+ p);
cpa_1 = get_te32(10+ p);
break;
}
}
for ((p = &obuf[setup_size]), (j= 0); j < 0x200; ++j, ++p) {
if (0==memcmp("\x8d\x83", p, 2) // leal d32(%ebx),%eax
&& 0==memcmp("\xff\xe0", 6+ p, 2) // jmp *%eax
) {
relocated = get_te32(2+ p);
}
if (0==memcmp("\xE8\x00\x00\x00\x00\x5D", p, 6)) {
// "call 1f; 1f: pop %ebp" determines actual execution address.
// linux-2.6.21 (spring 2007) and later; upx stub needs work
// unless LOAD_PHYSICAL_ADDR is known.
// Allowed code is: linux-2.6.23/arch/x86/head_32.S 2008-01-01
// call 1f
// 1: popl %ebp
// subl $1b, %ebp # 32-bit immediate
// movl $LOAD_PHYSICAL_ADDR, %ebx
//
if (0==memcmp("\x81\xed", 6+ p, 2) // subl $imm.w,%ebp
&& 0==memcmp("\xbb", 12+ p, 1) ) { // movl $imm.w,%ebx
physical_start = get_te32(13+ p);
} else
if (0==memcmp("\x81\xed", 6+ p, 2) // subl $imm.w,%ebp
&& is_pow2(cpa_0) && (0u-cpa_0)==cpa_1) {
base = (5+ p) - get_te32(8+ p);
config_physical_align = cpa_0;
}
else {
throwCantPack("Unrecognized relocatable kernel");
}
}
// Find "ljmp $__BOOT_CS,$__PHYSICAL_START" if any.
if (0==memcmp("\xEA\x00\x00", p, 3) && 0==(0xf & p[3]) && 0==p[4]) {
/* whole megabyte < 16 MiB */
physical_start = get_te32(1+ p);
break;
}
}
if (base && relocated) {
p = base + relocated;
for (j = 0; j < 0x200; ++j, ++p) {
if (0==memcmp("\x01\x9c\x0b", p, 3) // addl %ebx,d32(%ebx,%ecx)
) {
page_offset = 0u - get_te32(3+ p);
}
if (0==memcmp("\x89\xeb", p, 2) // movl %ebp,%ebx
&& 0==memcmp("\x81\xeb", 2+ p, 2) // subl $imm32,%ebx
) {
physical_start = get_te32(4+ p);
}
}
}
}
checkAlreadyPacked(obuf + setup_size, UPX_MIN(file_size - setup_size, (off_t)1024));
int gzoff = setup_size;
if (0x208<=h.version) {
gzoff += h.payload_offset;
}
for (; gzoff < file_size; gzoff++)
{
// find gzip header (2 bytes magic + 1 byte method "deflated")
int off = find(obuf + gzoff, file_size - gzoff, "\x1F\x8B\x08", 3);
if (off < 0)
break;
gzoff += off;
const int gzlen = (h.version < 0x208) ? (file_size - gzoff) : h.payload_length;
if (gzlen < 256)
break;
// check gzip flag byte
unsigned char flags = obuf[gzoff + 3];
if ((flags & 0xe0) != 0) // reserved bits set
continue;
//printf("found gzip header at offset %d\n", gzoff);
// try to decompress
int klen;
int fd;
off_t fd_pos;
for (;;)
{
klen = -1;
fd = -1;
fd_pos = -1;
// open
fi->seek(gzoff, SEEK_SET);
fd = dup(fi->getFd());
if (fd < 0)
break;
gzFile zf = gzdopen(fd, "rb");
if (zf == NULL)
break;
// estimate gzip-decompressed kernel size & alloc buffer
if (ibuf.getSize() == 0)
ibuf.alloc(gzlen * 3);
// decompress
klen = gzread(zf, ibuf, ibuf.getSize());
fd_pos = lseek(fd, 0, SEEK_CUR);
gzclose(zf);
fd = -1;
if (klen != (int)ibuf.getSize())
break;
// realloc and try again
unsigned s = ibuf.getSize();
ibuf.dealloc();
ibuf.alloc(3 * s / 2);
}
if (fd >= 0)
(void) close(fd);
if (klen <= 0)
continue;
if (klen <= gzlen)
continue;
if (0x208<=h.version && 0==memcmp("\177ELF", ibuf, 4)) {
// Full ELF in theory; for now, try to handle as .bin at physical_start.
// Check for PT_LOAD.p_paddr being ascending and adjacent.
Elf_LE32_Ehdr const *const ehdr = (Elf_LE32_Ehdr const *)(void const *)ibuf;
Elf_LE32_Phdr const *phdr = (Elf_LE32_Phdr const *)(ehdr->e_phoff + (char const *)ehdr);
Elf_LE32_Shdr const *shdr = (Elf_LE32_Shdr const *)(ehdr->e_shoff + (char const *)ehdr);
unsigned hi_paddr = 0, lo_paddr = 0;
unsigned delta_off = 0;
for (unsigned j=0; j < ehdr->e_phnum; ++j, ++phdr) {
if (phdr->PT_LOAD==phdr->p_type) {
unsigned step = (hi_paddr + phdr->p_align - 1) & ~(phdr->p_align - 1);
if (0==hi_paddr) { // first PT_LOAD
if (physical_start!=phdr->p_paddr) {
return 0;
}
delta_off = phdr->p_paddr - phdr->p_offset;
lo_paddr = phdr->p_paddr;
hi_paddr = phdr->p_filesz + phdr->p_paddr;
}
else if (step==phdr->p_paddr
&& delta_off==(phdr->p_paddr - phdr->p_offset)) {
hi_paddr = phdr->p_filesz + phdr->p_paddr;
}
else {
return 0; // Not equivalent to a .bin. Too complex for now.
}
}
}
// FIXME: ascending order is only a convention; might need sorting.
for (unsigned j=1; j < ehdr->e_shnum; ++j) {
if (shdr->SHT_PROGBITS==shdr->sh_type) { // SHT_REL might be intermixed
if (shdr->SHF_EXECINSTR & shdr[j].sh_flags) {
filter_len += shdr[j].sh_size; // FIXME: include sh_addralign
}
else {
break;
}
}
}
memmove(ibuf, (lo_paddr - delta_off) + ibuf, hi_paddr - lo_paddr); // FIXME: set_size
// FIXME: .bss ? Apparently handled by head.S
}
if (opt->force > 0)
return klen;
// some checks
if (fd_pos != file_size)
{
//printf("fd_pos: %ld, file_size: %ld\n", (long)fd_pos, (long)file_size);
// linux-2.6.21.5/arch/i386/boot/compressed/vmlinux.lds
// puts .data.compressed ahead of .text, .rodata, etc;
// so piggy.o need not be last in bzImage. Alas.
//throwCantPack("trailing bytes after kernel image; use option '-f' to force packing");
}
// see /usr/src/linux/arch/i386/kernel/head.S
// 2.4.x: [cli;] cld; mov $...,%eax
if (memcmp(ibuf, "\xFC\xB8", 2) == 0) goto head_ok;
if (memcmp(ibuf, "\xFA\xFC\xB8", 3) == 0) goto head_ok;
// 2.6.21.5 CONFIG_PARAVIRT mov %cs,%eax; test $3,%eax; jne ...;
if (memcmp(ibuf, "\x8c\xc8\xa9\x03\x00\x00\x00\x0f\x85", 9) == 0) goto head_ok;
if (memcmp(ibuf, "\x8c\xc8\xa8\x03\x0f\x85", 6) == 0) goto head_ok;
// 2.6.x: [cli;] cld; lgdt ...
if (memcmp(ibuf, "\xFC\x0F\x01", 3) == 0) goto head_ok;
if (memcmp(ibuf, "\xFA\xFC\x0F\x01", 4) == 0) goto head_ok;
// 2.6.x+grsecurity+strongswan+openwall+trustix: ljmp $0x10,...
if (ibuf[0] == 0xEA && memcmp(ibuf+5, "\x10\x00", 2) == 0) goto head_ok;
// x86_64 2.6.x
if (0xB8==ibuf[0] // mov $...,%eax
&& 0x8E==ibuf[5] && 0xD8==ibuf[6] // mov %eax,%ds
&& 0x0F==ibuf[7] && 0x01==ibuf[8] && 020==(070 & ibuf[9]) // lgdtl
&& 0xB8==ibuf[14] // mov $...,%eax
&& 0x0F==ibuf[19] && 0xA2==ibuf[20] // cpuid
) goto head_ok;
// cmpw $0x207,0x206(%esi) Debian vmlinuz-2.6.24-12-generic
if (0==memcmp("\x66\x81\xbe\x06\x02\x00\x00\x07\x02", ibuf, 9)) goto head_ok;
// testb $0x40,0x211(%esi) Fedora vmlinuz-2.6.25-0.218.rc8.git7.fc9.i686
if (0==memcmp("\xf6\x86\x11\x02\x00\x00\x40", ibuf, 7)) goto head_ok;
// rex.W prefix for x86_64
if (0x48==ibuf[0]) throwCantPack("x86_64 bzImage is not yet supported");
throwCantPack("unrecognized kernel architecture; use option '-f' to force packing");
head_ok:
// FIXME: more checks for special magic bytes in ibuf ???
// FIXME: more checks for kernel architecture ???
return klen;
}
return 0;
}
