📄 pcshrink.asm

📁 WIN95/98 PE压缩软件源程序
💻 ASM
📖 第 1 页 / 共 4 页
字号:
        call    create_mapping     
        jc      abort_encrypt                                                       
                                               ; eax->mapped file                
        cmp     word ptr [eax],'ZM'                    ; is EXE?                    
        jnz     abort_encrypt                                                       
                                                                                    
        call    GetPEHeader                           ; load esi->PE Header         
                                                                                    
        call    IsBadReadPtr,esi,2                     ; was ptr any good?       
        or      eax,eax                                                             
        jnz     abort_encrypt                                                       
                                                                                    
        cmp     word ptr [esi],'EP'                    ; PE?                        
        jnz     abort_encrypt                                                       
        cmp     dword ptr [esi+ID_OFF],marker   
        jnz     not_compressed     
        call    MessageBoxA,0,offset already_txt,offset caption,MB_ICONHAND                                                         
        mov	error,-4        
        jmp     abort_encrypt                                                       

not_compressed:
	call    unmap                                 ; unmap file                                   
	
        mov     ecx,1000h                             ; give us room to add to the file, if needed      
        call    create_mapping                        ; map file again                               
        jc      abort_encrypt                                                                        
                                                                                                     
        call    GetPEHeader                           ; load esi -> pe header                                                                                                                                     
                                                                                                     
        mov     dword ptr [esi+ID_OFF],marker          ; save marker                                 
                                                                                                     
        movzx	eax,word ptr [esi+numObj]
        mov	TotalSections,eax
        
        mov     eax,[esi+imagebase]                                                                  
        mov     svd_imgbase,eax                      ; save the image base                             
                                                                                                                     
        mov     eax,[esi+edatadir]
        mov     exporttbl,eax
                        
        movzx   eax, word ptr [esi+NtHeaderSize]        ; get header size                             
        add     eax,18h                                ; object table is here                        
        add     eax,esi                                                                              
        mov     objptr,eax                                                                           
        
        mov     ebx,[esi+iat_rva]			        
        or	ebx,ebx
        jz	skip_kill_iat
        call	CalcPhysicalAddress
        add	ebx,map_ptr
        mov	ecx,[esi+iat_size]
        mov	edi,ebx
        xor	eax,eax
        rep	stosb
skip_kill_iat:	
	mov	ebx,[esi+dbg_rva]
	or	ebx,ebx
	jz	skip_kill_dbg
	call	CalcPhysicalAddress
	add	ebx,map_ptr
	mov	ecx,[esi+dbg_size]
	mov	edi,ebx
	xor	eax,eax
	stosb
skip_kill_dbg:	
	                
        mov	dword ptr [esi+iat_rva],0	
        mov	dword ptr [esi+iat_size],0	        
        mov	dword ptr [esi+bimports_rva],0	
        mov	dword ptr [esi+bimports_size],0	
        mov	dword ptr [esi+dbg_rva],0
        mov	dword ptr [esi+dbg_size],0
	mov	eax,[esi+filealign]
	mov	file_alignment,eax
			
	push	esi
	mov	ebx,[esi+136]	
	mov	eax,[esi+140]
	or	ebx,ebx
	jz	no_rsrc	
	mov	NewRsrcSize,eax
	mov	RsrcRva,ebx		
	call	CalcPhysicalAddress
	add	ebx,map_ptr	
	mov	RsrcStartRva,ebx		
			
	call	InitRsrcTables	
	call	ScanResourceDir,ebx		
	cmp	RestructureResources,1
	jnz	no_restructure
	call	FindResourceDataStart 
	xchg	eax,ebx	
	call	CalcPhysicalAddress
	add	ebx,map_ptr
	call	RestructureResourceSection,ebx		
	sub	eax,RsrcStartRva		
	mov	RsrcDisplacement,eax
	jmp	no_rsrc
	
no_restructure:	
	call	FindUncompressableDataEnd			
	mov	RsrcDisplacement,eax
no_rsrc:			
	mov	ebx,NewRsrcSize	
	cmp	eax,ebx
	jae	tiz_not_ok_rsrc
	sub	ebx,eax	
	cmp	ebx,200h
	jae	tiz_ok_rsrc
tiz_not_ok_rsrc:
	mov	DoResource,0
tiz_ok_rsrc:		
	
	pop	esi
	push 	esi                
        mov     eax,objptr
        lea     edi,otable                                                         
        xor     ecx,ecx                                                            
        mov     cx,[esi+numObj]                          ; get number of objects           
otbl_loop:        
        mov	LastSectionUnaligned,0
        cmp     edi,offset otable_end-8                  ; filled up table?
        jz      next_obj                    
        mov	IsRsrc,0
        mov	ebx,RsrcRva        
        cmp	eax[objrva],ebx
        jnz	not_rsrc        
        cmp	DoResource,1
        jnz	next_obj
        mov	ebx,svd_imgbase
        add	RsrcRva,ebx
        mov	IsRsrc,1
not_rsrc:        	
        call    test_obj                                 ; see if good obj name
        jc      next_obj
        pushad                                      
        call    lstrcat,offset eobj_txt,offset cr_lf_tab
        popad
        pushad
        call    lstrcat,offset eobj_txt,eax
        popad                
        push    eax ecx 
        mov     ebx,eax[objflags]                        ; get obj flags
        or      ebx,oflag_write                           ; OR in writable flag 
        mov     eax[objflags],ebx                        ; save new object flags
        mov     ebx,eax[objrva]                          ; get the object's rva        
        add	ebx,svd_imgbase
        mov     [edi],ebx                                ; save it
        push    edi                                                                                    
        mov     esi,eax[objpoff]                         ; esi->object physical offset          
        add     esi,map_ptr                                                                     
        mov     edi,esi                                                                         
        push	eax
        mov	ecx,eax[objvsize]
        mov	edx,eax[objpsize]
        cmp	ecx,edx
        jbe	vsize_less_psize_alright
	mov	ecx,edx        
vsize_less_psize_alright:      
        pushad
        xchg	ecx,edx
        mov	byte ptr obj_size,tab
        lea	edi,obj_size+1
        call	write_decimal                
        ;call	lstrcat,offset eobj_txt,offset size_chg_txt
        call	lstrcat,offset eobj_txt,offset obj_size
        popad  	
        cmp	IsRsrc,1
        jnz	not_working_on_rsrc                                        	
	;cmp	ecx,RsrcDisplacement
	;jae	rsrc_ok_to_compress	
	;mov	eax,ecx
	;mov	csize,eax
	;jmp	rsrc_not_ok	
;rsrc_ok_to_compress:        
        sub	ecx,RsrcDisplacement
        add	esi,RsrcDisplacement
        mov	edi,esi        
        call	compress_object        
        add	eax,RsrcDisplacement        
        mov	LastSectionUnaligned,eax
        call	PutSectionTableEntry
;rsrc_not_ok:                         
        push	eax        
        call	file_align_fix
        mov	NewRsrcSize,eax
        jmp	did_rsrc
not_working_on_rsrc:        
        call    compress_object                 ; compress object             
        mov	LastSectionUnaligned,eax
        call	PutSectionTableEntry
        push	eax        
        call    file_align_fix			; go align da shiznit
did_rsrc:                
        pushad
        ;xchg	eax,edx
        mov	edx,csize
        mov	byte ptr obj_size,' '
        lea	edi,obj_size+1
        call	write_decimal
        call    lstrcat,offset eobj_txt,offset direction_txt
        call	lstrcat,offset eobj_txt,offset obj_size
        popad
        pop	ecx edx        
        mov	ebx,edx[objpsize]
        cmp	ebx,largest_needed_buffer
        jbe	no_update_largest
	mov	largest_needed_buffer,ebx        
no_update_largest: 
	pop	edi        		
        mov	edx[objpsize],eax	        
        mov	[edi+4],ecx
        add	edi,8
        pop     ecx eax                                                                             	
next_obj:    
        add     eax,40                                   ; increment to next object record    
        add	curSectionTableDisplacement,4
        loop    otbl_loop
done_otbl:    
        pop     esi                                       ; restore ptr pe hdr   
                                                                                    
        sub     eax,40
                
        mov	edi,eax
        call    lstrcat,offset obj_txt,edi 
	
        mov     eax,[edi+objpoff]                       ; get object physical off
        mov     lastobjimageoff,eax                     ; save it                
        mov     ecx,[edi+objpsize]                      ; get object physical size   
        mov     originalpsize,ecx                       ; save it 4 later        
                                                                                 
        mov     eax,[edi+objvsize]                      ; get object virtual size
        mov     originalvsize,eax                       ; save it                    
        cmp     eax,ecx                                                          
        jae     psize_less_vsize                        ; padded space for alignment?
        mov     eax,ecx                                 ; set vsize to psize     
psize_less_vsize:
        add 	eax,VIRTUAL_SIZE                        ; add our virtual size                                
        mov 	dword ptr [edi+objvsize],eax            ; save new virtual size
                                                
        cmp	LastSectionUnaligned,0
        jnz	have_compressed_last        
        mov	ecx,originalpsize        
        mov	eax,originalvsize                
        cmp	eax,ecx
        jbe	vsize_less_psize_whohoo
        mov	eax,ecx
        mov	originalvsize,ecx
	jmp	vsize_less_psize_whohoo
have_compressed_last:
	mov	eax,LastSectionUnaligned
vsize_less_psize_whohoo:            
        mov	SymbiontOffset,eax
        push	eax
        add     eax,DECRYPTOR_SIZE                      ; adjust physical size of object 
        mov	RawLastSection,eax
        ;mov     ecx,[esi+filealign]                                                      
        call    file_align_fix                               ; on file alignment              
        mov     [edi+objpsize],eax                                                               

        mov     ecx,dword ptr [esi+objalign]            ; get object alignment
        mov     eax,dword ptr [edi+objvsize]            ; add virtual size
        add     eax,dword ptr [edi+objrva]              ; +last object rva
        call    align_fix                              ; set on obj alignment
        mov     dword ptr [esi+imagesize],eax           ; save new imagesize  
                    
        add	largest_needed_buffer,(offset decryptor_code_end-offset decryptor_code)
        cmp	SectionMerging,1
        jnz	no_merge
        ; Merge Sections (only first two if able right now)
        ; (I got lazy here, this is bad code<g>)
        mov	esi,ptrpeheader
        cmp	word ptr [esi+numObj],2
        jbe	no_merge
        lea	esi,MergeTable
        lodsd
        cmp	eax,1
        jnz	no_merge
        lodsd
        cmp	eax,1
        jnz	no_merge
        lea	esi,CompressedSizeTable
        lodsd                                
        mov	SymbiontMergeTable,eax        
        xchg	eax,ecx	
        ; ecx=size of section 1 after compresson
        lodsd
        push	eax			; save size of section 2
        mov	SymbiontMergeTable+4,eax        ; eax=size of section 2
        mov	edx,objptr		
        mov	edi,[edx+objpoff]	; edi->physical data section 1
        add	edi,ecx			; ebx->end of physical data sec 1        
        add	edi,map_ptr
        
        mov	esi,dword ptr [edx+objpoff+40]		
	add	esi,map_ptr		
	pop	ecx	
	push	esi 
	;esi->second section data
	;edi->first section data end
	;ecx=second section size	
	push	ecx
	rep	movsb		
	pop	ecx
	pop	edi
	push	ecx
	mov	edx,objptr
	mov	ecx,[edx+objpsize+40]
	xor	eax,eax
	rep	stosb	
	pop	ecx	
	
	mov	edx,objptr			
		
	mov	eax,dword ptr [edx+objpoff+80]
	mov	ebx,dword ptr [edx+objpoff]
	sub	eax,ebx	
	;mov	esi,ptrpeheader
	;mov	ecx,[esi+filealign]	
	push	edx
	call	file_align_fix	
	pop	edx
	mov	dword ptr [edx+objpsize],eax
	
	mov	eax,dword ptr [edx+objrva+40]	
	add	eax,svd_imgbase
	mov	SymbiontMergeTable+8,eax
	mov	eax,dword ptr [edx+objrva]
	add	eax,svd_imgbase
	add	SymbiontMergeTable,eax	
	
	mov	eax,dword ptr [edx+objrva+40]
	mov	ebx,dword ptr [edx+objrva]
	sub	eax,ebx
	add	eax,dword ptr [edx+objvsize+40]
	mov	dword ptr [edx+objvsize],eax
	
	mov	esi,ptrpeheader
	push	esi	
	movzx	eax,word ptr [esi+numObj]	
	sub	eax,2	
	mov	edi,edx
	add	edi,40
	mov	esi,edx
	add	esi,80
	xor	edx,edx	
	mov	ecx,10
	mul	ecx
	xchg	eax,ecx
	rep	movsd
	pop	esi
	dec	word ptr [esi+numObj]
	
	mov	eax,SymbiontMergeTable+4
	xor	edx,edx	
	mov	ecx,4
	div 	ecx
	or	edx,edx
	jz	no_inc_eax
	inc	eax
no_inc_eax:	
	mov	SymbiontMergeTable+4,eax
no_merge:                

	pop	eax        

        mov     [edi+objflags],0E0000020h               ; set object flags r/w/x/init data
        add     eax,[edi+objrva]                        ; add last object's RVA     
                                	                ; eax now RVA of decryptor code
        mov     ebx,[esi+entrypointRVA]                  ; get original entry         
        mov     [esi+entrypointRVA],eax                  ; put our RVA as entry               
        push	eax
        add	eax,svd_imgbase
        sub	eax,offset decryptor_code
        mov	delta_offset,eax
        pop	eax
        
        ; change import table address, save old one        
        pushad
        add	eax,offset fake_it-offset decryptor_code
        add	add1,eax
        add	add2,eax
        add	add3,eax
        add	dword ptr add4,eax
        add	dword ptr add5,eax
        add	dword ptr add6,eax
        mov	ecx,[esi+import_rva]
        mov	iAddress,ecx
        mov	[esi+import_rva],eax
        mov	dword ptr [esi+import_size],(offset end_it-offset fake_it)
        popad
                                                                                              
        add	ebx,svd_imgbase
        mov     [host_eip],ebx                           ; save it                    
                        
	push    esi
                
        mov     edi,map_ptr
        add     edi,SymbiontOffset                       
        add     edi,lastobjimageoff                      ; add object physical offset  
copy_to_hdr:        
        lea     esi,decryptor_code                       ; esi->symbiont code         
        mov     ecx,DECRYPTOR_SIZE                                                             
        rep     movsb                                                                  
                                                                                       
        pop     esi                                     ; restore ptr pe hdr               
                                                                                               
        ;mov	eax,NewRsrcSize
        ;mov	esi[140],eax
        
	;mov	ecx,[esi+filealign]
	mov	eax,RawLastSection
	push	eax
	call	file_align_fix
	pop	ecx
	xchg	ecx,eax
	sub	ecx,eax
	xor     eax,eax                                                                     
        rep     stosb                                    ; pad up object to alignment       
	                                                                                                                                                                               	       
        call    unmap                                   ; unmap file                     
                                                                                                
        mov     error,0                                ; if we made it here then no error
        jmp     unmapped                                
abort_encrypt:
        call    unmap                                  ;unmap if aborted infection
unmapped:
        
        call    SetFileTime,handle,offset lastwrite,offset lastaccess,offset creation                    
                                                                                     
        mov	edx,fsize
        lea	edi,a_org_size
        call	write_decimal
        
        cmp	error,0
💿 文件大小 23 K
👤 上传用户 tzxiaojian
📂 所属分类压缩解压
🏷️ 相关标签

#WIN #95 #98 #软件
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -