pcshrink.asm

一个压缩率很好的壳！

	mov	ecx,[esi-12]
	sub	ecx,edi		
	xor	eax,eax
	rep	stosb
	pop	edi
	jmp	symbiont_merge_loop
no_more_merges:		
	call	ProcessImports
	jnc	no_error_with_imports	
	lea	ebx,szUser32[ebp]
	call	LoadLibraryVA[ebp],ebx
	or	eax,eax
	jz	error_with_imports
	lea	ebx,szMessageBoxA[ebp]
	call	GetProcAddressVA[ebp],eax,ebx
	lea	ebx,ImportErrorMsg[ebp]
	call	eax,0,ebx,0,MB_ICONEXCLAMATION	
error_with_imports:
	call	ExitProcessVA[ebp],0
no_error_with_imports:		
        popad   
        popfd   
        db	0bah			; mov	edx,dword
        host_eip dd 0
        jmp	unpre_reg

ProcessImports proc
	mov	esi,iAddress[ebp]
	or	esi,esi
	jz	import_success
	mov	edx,svd_imgbase[ebp]	
	add	esi,edx
dir_loop:			
	call	ProcessImportDir,esi,edx
	jc	import_error
	add	esi,size ImportDir
	cmp	dword ptr iNameRva[esi],0
	jnz	dir_loop
import_success:	
	clc	
	ret
import_error:
	stc	
	ret	
ProcessImports endp
;
; ProcessImportDir(DWORD *IMPORT_DIRECTORY_VA, DWORD *IMAGEBASE)
;
;
ProcessImportDir proc
	pop	eax
	pop	esi		;1st import dir
	pop	edx		;edx->imagebase
	push	eax		
	mov	ecx,iLookupRva[esi]	;ecx->lookup tbl
	mov	edi,iAddressRva[esi]	;edi->Address tbl
	or	ecx,ecx
	jnz	lr_ok
	mov	ecx,edi
lr_ok:	
	add	ecx,edx
	add	edi,edx		
	mov	eax,iNameRva[esi]	;eax->dll name	
	add	eax,edx
	push	ecx edx
	call	[LoadLibraryVA+ebp],eax	
	pop	edx ecx
	or	eax,eax	
	jz	iret_error
	mov	DllHandle[ebp],eax
lookup_loop:	
	mov	ebx,[ecx]
	or	ebx,ebx
	jz	iret_success
	test	ebx,80000000h	; import by ordinal flag
	jnz	import_by_ordinal	
	add	ebx,edx
	inc	ebx
	inc	ebx
import_by_ordinal:	
	and	ebx,7fffffffh	
	push	ecx edx
	call	[GetProcAddressVA+ebp],DllHandle[ebp],ebx
	pop	edx ecx
	or	eax,eax
	jz	iret_error
	stosd			
	add	ecx,4		; to next lookup tbl entry
	jmp	lookup_loop
iret_success:	
	clc
	ret			
iret_error:
	stc
	ret
ProcessImportDir endp
ImportErrorMsg	db 'Required DLL missing!',0
szUser32	db 'USER32.DLL',0
szMessageBoxA	db 'MessageBoxA',0
DllHandle	dd 0
iAddress	dd 0
svd_imgbase	dd 0
RsrcDisplacement dd 0
RsrcRva		dd 0
otable          dd ((MAX_OBJS+1)*2) dup (0)               
otable_end:
SymbiontMergeTable db 16*MAX_OBJS dup (0)
dcomp_buffer:
decryptor_code_end:
; --- end of decompressor code ---


; --- start of PCShrink ---
.code                                   ; code object - change flags to rwx
start:
	call	GetProcessHeap
	mov	HeapHandle,eax	
        call    GetCommandLineA                 ; retrieve command line
        or      eax,eax                         
        jz      no_cmd_line                     ; if none then abort /w msg
        xchg    esi,eax
sl:
        cmp     byte ptr [esi],0                ; if first byte is NULL then something way wrong
        jz      no_cmd_line
        shl     eax,8                           ; rotate 1 byte in eax, for loop.. eax running load
        lodsb                       		    ; get next byte in al
        ;cmp	eax,'RINK'
        ;jz	is_eoc
        cmp     eax,'rink'                      ; end of our proggie name?
        jnz     not_eoc
is_eoc:        
        cmp     byte ptr [esi],'.'
        jnz     esl
not_eoc:    
        cmp     eax,'.exe'                      ; .exe end of our proggie name?
        jz      esl
        cmp     eax,'.EXE'                      ; .EXE end of our proggie name?
        jnz     sl
esl:
        lodsb
        cmp     al,' '
        jz      esl             
        cmp     al,'"'
        jz      esl
        dec     esi
esl2:    
        ;cmp     byte ptr [esi],0                ; if first char in parameter 1 is NULL then we fuq
        ;jz      _exit_bad_cmd_line    
        call	lstrcpy,offset cmdline_file,esi
        
no_cmd_line:        
	call 	GetModuleHandleA,0
	mov	hInst,eax
  	 	 	 	
 	call	DialogBoxParamA, eax, IDD_DIALOG1, 0, offset WndProc, 0	
        call	ExitProcess,eax
        

MainCompressFile proc
        mov	fnameptr,offset cmdline_file
        call    lstrcat,offset success_txt,fnameptr               ; append filename to success message
        call    CompressFile                     ; go encrypt                
        cmp     error,-4
        jz      _exit        
        cmp     error,-1                        ; error?
        jz      _exit_error                     ; if so go display error message
                                
        call    lstrcat,offset success_txt,offset eobj_txt 
        call    lstrcat,offset success_txt,offset size_txt

        call    MessageBoxA,0,offset success_txt,offset caption,0
        xor     eax,eax           
        jmp     _exit             

_exit_error:
        call    lstrcat,offset error_txt,fnameptr
        call    MessageBoxA,0,offset error_txt,offset caption,MB_ICONEXCLAMATION
        mov     eax,2              
;        jmp     _exit              
 
;_exit_bad_cmd_line: 
;        call    MessageBoxA,0,offset badcmd_txt,offset caption,MB_ICONEXCLAMATION
;        xor     eax,eax           
;        inc     eax               
_exit:            
        call	PostQuitMessage,0
        ret        
MainCompressFile endp

WndProc PROC   hwnd:DWORD, wmsg:DWORD, wparam:DWORD, lparam:DWORD
	USES ebx, edi, esi							
	
	mov	eax,hwnd
	mov	hMain,eax
	cmp	wmsg,WM_COMMAND
	jz	IsCommand	
	cmp	wmsg,WM_CLOSE
	jz	Quit
	cmp	wmsg,WM_INITDIALOG
	jz	Init
WndProcEnd:		
	xor	eax,eax
	ret	
	IsCommand:
	cmp	wparam,IDOK
	jnz	NextWp0	
		call	GetDlgItemTextA, hMain, IDC_EDIT1, offset cmdline_file,255
		call	IsDlgButtonChecked, hMain, IDC_RESTRUCTURE
		mov	RestructureResources,eax
		call	IsDlgButtonChecked, hMain, IDC_MERGE
		mov	SectionMerging,eax
		pushad
		call	MainCompressFile
		popad
		jmp	WndProcEndProcessed
NextWp0:	
	cmp	wparam,IDC_BROWSE
	jz	getfile
	cmp	wparam,IDCANCEL
	jz	Quit	
	cmp	wparam,IDC_VIROGEN
	jz	GoVirogen
	cmp	wparam,IDC_PHROZENCREW
	jz	GoPC
	jmp	WndProcEnd
WndProcEndProcessed:
	mov	eax,1
	ret
Quit:
	call	PostQuitMessage,0
	ret	
Init:	
        call    LoadIconA,hInst,IDI_ICON1                                                 
        push	eax
        call    SendMessageA,hMain,WM_SETICON,ICON_SMALL,eax      
        pop 	eax
        call    SendMessageA,hMain,WM_SETICON,ICON_BIG,eax       		
	call	SetDlgItemTextA, hMain, IDC_EDIT1, offset cmdline_file
	call	CheckDlgButton, hMain, IDC_RESTRUCTURE, RestructureResources
	call	CheckDlgButton, hMain, IDC_MERGE, SectionMerging
	call	GetDlgItem, hMain, IDC_PROGRESS1
	mov	hProgress,eax
	jmp	WndProcEnd
GoVirogen:
	call	ShellExecuteA,hMain,NULL,offset virogen,NULL,NULL,NULL
	jmp	WndProcEndProcessed
GoPC:	
	call	ShellExecuteA,hMain,NULL,offset pc,NULL,NULL,NULL
	jmp	WndProcEndProcessed
getfile:
	mov	eax,hMain
	mov	ofn.hWndOwner,eax			
	mov	ofn.lpstrFilter,offset filter	
	mov	ofn.lpstrFile,offset cmdline_file
	mov	ofn.lStructSize,size ofn
	mov	ofn.nMaxFile,255
	mov	ofn.ofn_Flags,OFN_HIDEREADONLY	
	call	GetOpenFileNameA, offset ofn
	or	eax,eax
	jz	no_file
	call	SetDlgItemTextA, hMain, IDC_EDIT1, offset cmdline_file
no_file:	
	jmp	WndProcEndProcessed	
WndProc	 endp
; --- ScanResourceDir(DWORD *rsrcdir)
;
ScanResourceDir proc
	pop	eax
	pop	esi	
	push	eax
	
	or	esi,esi
	jz	nothing_in_dir		
	movzx	ecx,word ptr [esi+NumberOfNamedEntries]
	add	cx,word ptr [esi+NumberOfIdEntries]
	add	esi,size ResourceDir
	or	ecx,ecx
	jz	nothing_in_dir	
dir_entry_loop:	
	mov	ebx,[esi+OffsetToData]
	test	ebx,80000000h
	jz	isData			
	cmp	TreeLevel,0
	jnz	doscan_dir
	cmp	[esi+Name],RT_ICON
	jz	uncompressable
	cmp	[esi+Name],RT_GROUPICON
	jz	uncompressable
	cmp	[esi+Name],RT_VERSIONINFO
	jnz	compressable
uncompressable:	
	mov	CompressableRsrc,0
	jmp	doscan_dir
compressable:
	mov	CompressableRsrc,1
doscan_dir:	
	and	ebx,7fffffffh
	add	ebx,RsrcStartRva		
	pushad
	inc	TreeLevel
	call	ScanResourceDir,ebx;,[esi+Name]
	dec	TreeLevel
	popad
go_dir_loop:	
	add	esi,size ResourceDirEntry
	loop	dir_entry_loop
	jmp	nothing_in_dir
isData:
	pushad
	call	GetRsrcRva
	popad
	jmp	go_dir_loop
nothing_in_dir:
	mov	eax,RsrcDisplacement
	ret	
ScanResourceDir endp

; ebx->OffsetToData
GetRsrcRva proc	
	and	ebx,7fffffffh
	add	ebx,RsrcStartRva
	mov	esi,ebx
	cmp	CompressableRsrc,1
	jz	is_compressable_data
	mov	edx,curUncompressableRsrcTable
	add	curUncompressableRsrcTable,size VgRsrcTable
	jmp	setup_rsrc_table
is_compressable_data:
	mov	edx,curCompressableRsrcTable
	add	curCompressableRsrcTable,size VgRsrcTable
setup_rsrc_table:	
	mov	[edx+VgRsrcTableEntryAddress],esi			
	mov	ecx,[esi+Size]
	push	ebx ecx edx esi edi ebp
	call	HeapAlloc,HeapHandle,HEAP_ZERO_MEMORY,ecx
	pop	ebp edi esi edx ecx ebx
	mov	[edx+VgRsrcTableDataHandle],eax
	push	eax
	mov	ebx,dword ptr [esi+DataRVA]
	call	CalcPhysicalAddress	
	add	ebx,map_ptr	
		
	; save the resource data in allocated mem
	pop	edi
	mov	ecx,[esi+Size]
	mov	esi,ebx	
	rep	movsb	
	
	sub	ebx,RsrcStartRva
	
GetRsrcRva_e:	
	ret
GetRsrcRva endp

; --- InitRsrcTables
; Initialize the compressable and uncompressable resource tables
InitRsrcTables proc	
	call	HeapAlloc,HeapHandle,HEAP_ZERO_MEMORY,size VgRsrcTable*1000	
	mov	pCompressableRsrcTable,eax
	mov	curCompressableRsrcTable,eax
	call	HeapAlloc,HeapHandle,HEAP_ZERO_MEMORY,size VgRsrcTable*1000		
	mov	pUncompressableRsrcTable,eax
	mov	curUncompressableRsrcTable,eax
	ret
InitRsrcTables endp
; -- UninitRsrcTables 
;
UninitRsrcTables proc
	call	HeapFree,HeapHandle,0,pUncompressableRsrcTable
	call	HeapFree,HeapHandle,0,pUncompressableRsrcTable
	;todo-traverse tables and perform deallocations (who cares<g>)
	ret
UninitRsrcTables endp

;
; --- DWORD FindResourceDataStart()
;
FindResourceDataStart proc        
        push	ebx ecx edx esi edi                
        call 	FindLowestRVAInTable,pCompressableRsrcTable
        push	eax
        call	FindLowestRVAInTable,pUncompressableRsrcTable     
        pop	ebx        
        cmp	ebx,eax
        ja	eax_low
        xchg	ebx,eax
eax_low:        
	pop	edi esi edx ecx ebx
	ret
FindResourceDataStart endp

; --- DWORD FindLowestRVAInTable(DWORD *VgRsrcTable)
;
FindLowestRVAInTable proc
	pop	eax
	pop	esi
	push	eax
	mov	edx,-1