pcshrink.asm

一个压缩率很好的壳！

; ** BETA VERSION **
;Phrozen Crew PE Shrinker v0.45 by Virogen
;(c)1999 Virogen/PC
;email: vgen@hotmail.com
;www: http://virogen.cjb.net
;----------------------------------------------------------------
; 
; This is a beta test release of Phrozen Crew's PE File Shrinker.
; It performs quite well when put up against existing PE compressors,
; and is getting better with every version. If you notice any bugs 
; in this release, please feel free to send me an email at:
; vgen@hotmail.com.
;
; PCShrink is not intended for protection of win32 executables,
; only for compression of them. However, a small level of protection
; is, of course, added when you PCShrink a file. Upcoming versions
; of PCShrink will start introducing some anti-debugging/dumping
; code, or another product will be launched.
;
; NOTE ON DLL COMPRESSION:
; If you wish to compress DLLs with pcshrink, you should first 
; rebase them to make sure that no collision will occur with their
; associated application. PCShrink does not handle relocations at
; this point.

;
;	Features:
;	   +Compresses code, data, imports, and resources.
;	   +Restructures resource section for better compression.
;	   +Merges compressable sections.
;	   +Preserves icons and version information.
;	   +Removes debug information.
;	   +Realigns, rebuilds, and trims PE.
;	   +Tight and fast decompressor (Jibz' APLib v0.22)
;	   +Calculates correct new checksum.
;	   +Preserves file date/time.
;
;
; Usage:
;   -PCSHRINK filename
;
; Update: v0.11: Fixed bug like 10 minutes after initial release.
;		thanks to nIabI for testing.
; 	  v0.12: Optimized lzrw1 decompression code some
; 	  v0.13: Rewrote lzrw1 decompression procedure, vast improvement.
;		 Removed NULLing of destination buffer, not necessary
;		 I don't think.
;	  v0.14: +Fixed bug in LCC-WIN32 applications, where physical 
;	   	 size of of sections is, surprisingly enough, not aligned.
;		 +No longer flagged by AVP as suspicious.
;	  v0.20: +Removes reloc table because it's not viable anymore 
;		 anyway. This should cause no problems except in DLLs.
;		 In other words, don't use this utility on DLLs.
;		 +Compresses all resource data following the last icon,
;		 group icon, or version information. In other words,
;		 as much as possible without removing the shell icon and
;		 version information and not having to restructure
;		 the entire resource section. v0.30 will restructure the
;		 import section to improve compression.
;                +Added compression of import table.
;		 +Removes debug information.
;                +Moved symbiont up to end of last section raw data.
;		 +Renamed to PCSHRINK.
;	 v0.26:  +Removes debug directory rva and size.
;		 +Resource section restructuring added!
;		 +Bug fix: I imported my resource type equates from 
;		  windows.inc. Turns out the RT_GROUPICON was wrong,
;		  causing some applications to lose their shell icon
;		  after compression.
;		 +Fixed alignfile bug where handle was being closed.
;	 v0.28:  +Added GUI
;		 +Added option to not restructure resource data
;		 +Added merging capabilities of first two sections.		 
;		 +TiTi/Blizzard suggested and coded an update for 
;		  vgalign. His update to the vgalign routine is 
;		  incorporated.
;	 v0.29:  +Fixed stack bug which caused blue screens in win9x.
;	 v0.30:  +Changed from LZRW1 to Jibz Compression Library. This
;		  significantly improves compression ratios.
;	 v0.31:  +Updated to APLib v0.22. This fixes the bug causing
;		  Win9x to lockup while compressing large files.
;	 v0.32:  +Bug fix: Incorrect image size on executables with
;  	          relocations in last section.
;		 +Now displays little error messagebox if there was
;		  a problem loading the host's original import table
;		  due to a missing DLL or export.
;	 v0.40:  +Bug fix: Section merging sometimes overwrote data.
;		 +Section merging now supported throughout exectuable.		 		 
;		 +Sections renamed to 'pcsX'.
;		 +Section merging is now done before compression,
;		  allowing for better compression ratios.		 
;	 v0.45	 +A large portion of the symbiont code is now 
;		  compressed.
;		 +Bug fix: If more than two section merges occured,
;		  only the first was saved in the SymbiontMergeTable.
;		 +Section merging no longer limited to two sections
;		  per merge. As many sequential, compressable sections
;		  as possible will be merged.		 
;		 
;
include mywin.inc       
include pcshrink.inc

ID_OFF          equ     0ch    ; offset of our marker in PE
DECRYPTOR_SIZE  equ     (offset decryptor_code_end-offset decryptor_code)  ;
VIRTUAL_SIZE    equ     DECRYPTOR_SIZE+5000h
MAX_OBJS        equ     10               ; maximum objects we can handle
                                        ; by increasing this you are increasing the size
                                        ; of the table in decryptor by MAX_OBJS*8.
minimum_object_size equ 50h                                   

.486p
locals
jumps
.model flat,STDCALL

extrn   ExitProcess:PROC         
extrn   CreateFileA:PROC         
extrn   CloseHandle:PROC         
extrn   ReadFile:PROC            
extrn   WriteFile:PROC           
extrn   SetFilePointer:PROC      
extrn   MapViewOfFile:PROC       
extrn   CreateFileMappingA:PROC  
extrn   UnmapViewOfFile:PROC     
extrn   SetEndOfFile:PROC        
extrn   SetFilePointer:PROC      
extrn   GetFileAttributesA:PROC  
extrn   SetFileAttributesA:PROC  
extrn   GetFileSize:PROC         
extrn   GetFileSize:PROC         
extrn   GetFileTime:PROC         
extrn   SetFileTime:PROC         
extrn   CheckSumMappedFile:PROC  
extrn   MessageBoxA:PROC         
extrn   GetCommandLineA:PROC     
extrn   lstrcat:PROC             
extrn   IsBadReadPtr:PROC        
extrn   WriteConsoleA:PROC
extrn   GetStdHandle:PROC
extrn   ReadConsoleA:PROC
extrn   GetProcessHeap:PROC
extrn	HeapAlloc:PROC
extrn	HeapFree:PROC
extrn	PostQuitMessage:PROC
extrn	DialogBoxParamA:PROC
extrn	GetModuleHandleA:PROC
extrn   lstrcpy:PROC
extrn	SendMessageA:PROC
extrn	LoadIconA:PROC
extrn	SetDlgItemTextA:PROC
extrn	GetDlgItemTextA:PROC
extrn 	GetOpenFileNameA:PROC
extrn	IsDlgButtonChecked:PROC
extrn	CheckDlgButton:PROC
extrn   LoadLibraryA:PROC
extrn   ShellExecuteA:PROC
extrn	GetDlgItem:PROC
extrn	_aP_pack:PROC

org 0  
.data                                   ; data object

cr      equ 0dh
lf      equ 0ah
tab     equ 9
hline   equ 196
marker  equ 90909090h

virogen		db 'http://virogen.cjb.net',0
pc		db 'http://www.phrozencrew.com',0
cr_lf_tab       db cr,lf,tab,tab,0
init_txt        db 50 dup(hline),cr,lf
caption         db 'Phrozen Crew PE Shrinker v0.45, (c)1999 Virogen/PC',0
success_txt	db 'Successfully compressed!'
file_txt        db cr,lf,' Installed on file: ',tab,0
                db 400 dup (0)          ; plenty of space
obj_txt:
eobj_txt        db cr,lf,' Compressed objects: ',0
                db (MAX_OBJS*8)+100 dup(0)        
size_txt        db cr,lf,'Original size: ',0
		db 50 dup(0)
a_org_size	db 15 dup(0)
inter		db ' New size : ',0		
a_new_size	db 15 dup(0)
already_txt     db 'File appears to already be compressed.',0
error_txt       db 'There was an error compressing the file!',cr,lf
fname_txt       db 'Specified file: ',0
                db 260 dup(0)
obj_size	db ' '
		dd 0,0		
cmdline_file	db 256 dup(0)
;size_chg_txt    db tab,'Aligned phys. size change : ',0
direction_txt   db ' -> ',0
filter 	        db 'PE EXE files',0,'*.exe',0
status_txt	db 'Working .. '
status_number	db 10 dup(0)
creation        dd 0,0 
lastaccess      dd 0,0
lastwrite       dd 0,0
oldchksum       dd 0
new_fsize	dd 0
p_lz_mem	dd 0
fsize           dd 0
orgalign	dd 0
map_ptr         dd 0
oldattrib       dd 0   
fnameptr        dd 0   
ptrpeheader     dd 0
objPsize        dd 0
maphandle       dd 0
org_fsize	dd 0
handle          dd 0
current_comp_start dd 0
objtblVA        dd 0
objptr          dd 0
lastobjimageoff dd 0
originalpsize   dd 0
originalvsize   dd 0
error           db -1                       ;
exporttbl       dd 0
file_alignment 	dd 0
byteswrote      dd 0
csize		dd 0
IsRsrc		dd 0
NewRsrcSize	dd 0
RsrcStartRva	dd 0
TotalSections   dd 0
LastSectionUnaligned dd 0
SymbiontOffset  dd 0
object_alignment dd 0
curUncompressableRsrcTable dd 0
pUncompressableRsrcTable   dd 0
pCompressableRsrcTable     dd 0
curCompressableRsrcTable   dd 0
CompressableRsrc	   dd 0
HeapHandle		   dd 0
TreeLevel		   dd 0
RawLastSection		   dd 0
hInst			   dd 0
hMain			   dd 0
ofn	OFN <0>
MergeTable 		   dd MAX_OBJS dup(0)
CompressedSizeTable	   dd MAX_OBJS dup(0)
curSectionTableDisplacement	   dd 0
SectionMerging		   dd 1
RestructureResources	   dd 1
DoResource		   dd 1
secpt			   dd 0
working_mem		   dd 0
FirstSectionPhysicalSize   dd 0
SecondSectionPhysicalSize  dd 0
CurrentSectionSize	   dd 0
hProgress		   dd 0
new_sect_name	   	   db 'pcs0',0
bad_otbl:  
   dd 'ler.'                            ; relo
   dd 'ade.'                            ; edata
   dd 'ete.'                            ; etext
   dd 'slt.'                            ; tls 
   dd 'SSB'				; .bss
   db 'ssb.'
   dd 0                                 

;---- decompression symbiont code installed into file ---- 
;
;
unpre_reg equ edx                       ; the only register not
                                        ; preserved
decryptor_code:                         
        pushfd   
        pushad
       	db	0bdh	; mov ebp
delta_offset dd 0	
	add	dcomp_buffer_offset[ebp],ebp		
	call	GlobalAllocVA[ebp],64,largest_needed_buffer[ebp]
	push	eax eax
	sub	eax,offset critical_symbiont
	mov	second_delta[ebp],eax
	pop	edi
	lea	esi,critical_symbiont[ebp]
	mov	ecx,(offset decryptor_code_end-offset critical_symbiont)/4+1
	rep	movsd	
	pop	edi
	jmp	edi	

critical_symbiont:     		   		
        db	0bdh
second_delta	dd 0                        
        ;edi->start of critical_symbiont allocated code        
        mov	esi,edi        
        add	esi,(offset compressable_symbiont-offset critical_symbiont)              
        add	edi,(offset decryptor_code_end-offset critical_symbiont)   
        push	edi
        push	esi edi
        push	ebp	
        call	_aP_depack_asm,esi,edi                        
        add	esp,8
        pop	ebp        
        xchg	ecx,eax
        pop	esi edi
        rep	movsb
        jmp	compressable_symbiont        
include ap_depack.asm		; APLib v0.22 depacker
;---- uncompressable data
largest_needed_buffer dd 0
dcomp_buffer_offset dd offset dcomp_buffer
;---- symbiont import table
fake_it:
   add1 dd offset lookup_tbl-offset fake_it
   dd 0,0
   add2 dd offset sz_first_dll-offset fake_it
   add3 dd offset lookup_tbl-offset fake_it      
   dd 0,0,0,0,0
lookup_tbl:   
add4:
LoadLibraryVA    dd offset sz_api1-offset fake_it
add5:
GetProcAddressVA   dd offset sz_api2-offset fake_it
add6:
GlobalAllocVA	dd offset sz_api3-offset fake_it
add7:
ExitProcessVA   dd offset sz_api4-offset fake_it
   dd 0
sz_first_dll db 'KERNEL32.DLL',0   	
name_tbl:   
sz_api1 dw 0
	db 'LoadLibraryA',0
sz_api2 dw 0
	db 'GetProcAddress',0
sz_api3 dw 0
	db 'GlobalAlloc',0	
sz_api4 dw 0
	db 'ExitProcess',0
end_it:   
;--start of compressable symbiont code
compressable_symbiont:			
        pop	edi                   
        lea	esi,otable[ebp]        
decomp_loop:
	push	ebp edi esi
	lodsd
	or	eax,eax
	jz	decomp_done
	xchg	eax,edx
	; edx->object
	lodsd	
	xchg	eax,ecx
	; ecx=compressed size     	   
	push	edi ecx
	mov	esi,edx
	rep	movsb	
	pop	ecx edi	
	cmp	edx,RsrcRva[ebp]
	jnz	not_rsrc_decrypt		
	mov	eax,RsrcDisplacement[ebp]
	pushad
	mov	esi,edi
	mov	edi,edx
	mov	ecx,eax
	rep	movsb	
	popad
	add	edi,eax
	add	edx,eax
	sub	ecx,eax
not_rsrc_decrypt:	        
        call	_aP_depack_asm,edi,edx  
        add	esp,8      
        pop	esi edi ebp
        add	esi,8
        jmp	decomp_loop
decomp_done:
	add	esp,12			; fixup stack from loop exit	
			                      
goto_entry:                      	
	lea	esi,SymbiontMergeTable[ebp]	
symbiont_merge_loop:	
	lodsd	
	or	eax,eax
	jz	no_more_merges	
	xchg	ebx,eax	; ebx->new rva
	lodsd
	xchg	eax,edx	; edx->original rva
	lodsd
	xchg	eax,ecx	; ecx=size
	push	edi esi
	xchg	ebx,esi	; esi->new rva
	push	edi ecx
	rep 	movsb	; move to allocated memory
	pop	ecx esi
	mov	edi,edx		
	rep	movsb		
	pop	esi
	lodsd
	xchg	eax,ecx	;ecx=pad size	
	xor	eax,eax
	rep	stosb		
	mov	edi,[esi-16]