📄 pcshrink.asm
字号:
start_loop:
mov eax,[esi+VgRsrcTableEntryAddress]
or eax,eax
jz start_loop_done
mov ebx,[eax+DataRVA]
or ebx,ebx
jz not_new_start1
cmp ebx,edx
jae not_new_start1
mov edx,ebx
not_new_start1:
add esi,size VgRsrcTable
jmp start_loop
start_loop_done:
xchg edx,eax
ret
FindLowestRVAInTable endp
;
; --- DWORD FindResourceDataEnd()
;
FindUncompressableDataEnd proc
push ebx ecx edx esi edi
call FindHighestRVAInTable,pUncompressableRsrcTable
pop edi esi edx ecx ebx
ret
FindUncompressableDataEnd endp
; --- DWORD FindHighestRVAInTable(DWORD *VgRsrcTable)
;
FindHighestRVAInTable proc
pop eax
pop esi
push eax
xor edx,edx
end_loop:
mov eax,[esi+VgRsrcTableEntryAddress]
or eax,eax
jz end_loop_done
mov ebx,[eax+DataRVA]
add ebx,[eax+Size]
cmp ebx,edx
jbe not_new_end1
mov edx,ebx
not_new_end1:
add esi,size VgRsrcTable
jmp end_loop
end_loop_done:
xchg edx,eax
ret
FindHighestRVAInTable endp
;
;
; --- DWORD RestructureResourceSection(DWORD *DataStart)
;
RestructureResourceSection proc
pop eax
pop edi
push eax
call PlaceResourceTable,edi,pUncompressableRsrcTable
push eax
call PlaceResourceTable,eax,pCompressableRsrcTable
;call PlaceResourceTable,eax,offset HighestRsrc
pop eax
ret
RestructureResourceSection endp
; --- DWORD *End PlaceResourceTable(DWORD *dest, DWORD *VgRsrcTable)
;
PlaceResourceTable proc
pop eax
pop edi
pop edx
push eax
place_rsrc_loop:
mov eax,[edx+VgRsrcTableEntryAddress]
or eax,eax
jz place_loop_done
mov ebx,[eax+DataRVA]
mov ebx,edi
sub ebx,map_ptr
push eax edx
call CalcVirtualAddress
pop edx eax
mov dword ptr [eax+DataRVA],ebx
mov esi,[edx+VgRsrcTableDataHandle]
mov ecx,[eax+Size]
rep movsb
next_vgrsrc:
add edx,size VgRsrcTable
jmp place_rsrc_loop
place_loop_done:
mov eax,edi
ret
PlaceResourceTable endp
;
; --- RemoveReloc(DWORD *pehdr, DWORD *objtable)
; Remove or zero the .reloc section.
; (realignment will take care of adjusting objects upwards)
;
RemoveReloc proc
pop eax
pop esi
pop edi
push eax
movzx ecx,word ptr [esi+numObj]
scan_objs:
cmp dword ptr [edi],'ler.'
jz found_reloc
add edi,40
loop scan_objs
jmp no_reloc
found_reloc:
cmp ecx,1
jnz reloc_not_last
dec word ptr [esi+numObj]
pushad
xor eax,eax
mov ecx,40
rep stosb
popad
reloc_not_last:
mov dword ptr [edi+objpsize],0
mov dword ptr [esi+160],0
mov dword ptr [esi+164],0
mov ax,[esi+Flags]
or ax,1 ; set "relocations stripped"
mov [esi+Flags],ax
no_reloc:
ret
RemoveReloc endp
PutSectionTableEntry proc
push ebx
mov ebx,curSectionTableDisplacement
mov [ebx+MergeTable],1
mov [ebx+CompressedSizeTable],eax
pop ebx
ret
PutSectionTableEntry endp
;-----------------------------------------------
; Compress file - call with fnameptr set
;
CompressFile proc
call GetFileAttributesA,fnameptr
mov oldattrib,eax
cmp eax,-1
jnz not_shared
ret
not_shared:
call SetFileAttributesA,fnameptr,20h
mov esi,fnameptr
call OpenFile
call test_error
jnc open_ok
ret
open_ok:
mov handle,eax
mov eax,handle
push eax
call AlignFile
pop eax
call GetFileTime,eax,offset lastwrite,offset lastaccess,offset creation
xor ecx,ecx ; only map size of file
call create_mapping
jc abort_encrypt
; eax->mapped file
cmp word ptr [eax],'ZM' ; is EXE?
jnz abort_encrypt
call GetPEHeader ; load esi->PE Header
call IsBadReadPtr,esi,2 ; was ptr any good?
or eax,eax
jnz abort_encrypt
cmp word ptr [esi],'EP' ; PE?
jnz abort_encrypt
cmp dword ptr [esi+ID_OFF],marker
jnz not_compressed
call MessageBoxA,0,offset already_txt,offset caption,MB_ICONHAND
mov error,-4
jmp abort_encrypt
not_compressed:
call unmap ; unmap file
mov ecx,1000h ; give us room to add to the file, if needed
call create_mapping ; map file again
jc abort_encrypt
call GetPEHeader ; load esi -> pe header
mov dword ptr [esi+ID_OFF],marker ; save marker
movzx eax,word ptr [esi+numObj]
mov TotalSections,eax
mov eax,[esi+imagebase]
mov svd_imgbase,eax ; save the image base
mov eax,[esi+edatadir]
mov exporttbl,eax
movzx eax, word ptr [esi+NtHeaderSize] ; get header size
add eax,18h ; object table is here
add eax,esi
mov objptr,eax
mov ebx,[esi+iat_rva]
or ebx,ebx
jz skip_kill_iat
call CalcPhysicalAddress
add ebx,map_ptr
mov ecx,[esi+iat_size]
mov edi,ebx
xor eax,eax
rep stosb
skip_kill_iat:
mov ebx,[esi+dbg_rva]
or ebx,ebx
jz skip_kill_dbg
call CalcPhysicalAddress
add ebx,map_ptr
mov ecx,[esi+dbg_size]
mov edi,ebx
xor eax,eax
stosb
skip_kill_dbg:
mov dword ptr [esi+iat_rva],0
mov dword ptr [esi+iat_size],0
mov dword ptr [esi+bimports_rva],0
mov dword ptr [esi+bimports_size],0
mov dword ptr [esi+dbg_rva],0
mov dword ptr [esi+dbg_size],0
mov eax,[esi+filealign]
mov file_alignment,eax
push esi
mov ebx,[esi+136]
mov eax,[esi+140]
or ebx,ebx
jz no_rsrc
mov NewRsrcSize,eax
mov RsrcRva,ebx
call CalcPhysicalAddress
add ebx,map_ptr
mov RsrcStartRva,ebx
call InitRsrcTables
call ScanResourceDir,ebx
cmp RestructureResources,1
jnz no_restructure
call FindResourceDataStart
xchg eax,ebx
call CalcPhysicalAddress
add ebx,map_ptr
call RestructureResourceSection,ebx
sub eax,RsrcStartRva
mov RsrcDisplacement,eax
jmp no_rsrc
no_restructure:
call FindUncompressableDataEnd
mov RsrcDisplacement,eax
no_rsrc:
mov ebx,NewRsrcSize
cmp eax,ebx
jae tiz_not_ok_rsrc
sub ebx,eax
cmp ebx,200h
jae tiz_ok_rsrc
tiz_not_ok_rsrc:
mov DoResource,0
tiz_ok_rsrc:
cmp SectionMerging,0
jz no_merging
call MergeSections,objptr,offset SymbiontMergeTable
call ReverseMergeTable,offset SymbiontMergeTable
no_merging:
pop esi
mov eax,TotalSections
mov [esi+numObj],eax
push esi
mov eax,objptr
lea edi,otable
xor ecx,ecx
mov cx,[esi+numObj] ; get number of objects
otbl_loop:
mov LastSectionUnaligned,0
cmp edi,offset otable_end-8 ; filled up table?
jz next_obj
mov IsRsrc,0
mov ebx,RsrcRva
cmp eax[objrva],ebx
jnz not_rsrc
cmp DoResource,1
jnz next_obj
mov ebx,svd_imgbase
add RsrcRva,ebx
mov IsRsrc,1
not_rsrc:
call test_obj ; see if good obj name
jc next_obj
pushad
call lstrcat,offset eobj_txt,offset cr_lf_tab
popad
pushad
call lstrcat,offset eobj_txt,offset new_sect_name
popad
push eax ecx
mov ebx,eax[objflags] ; get obj flags
or ebx,oflag_write ; OR in writable flag
mov eax[objflags],ebx ; save new object flags
mov ebx,eax[objrva] ; get the object's rva
add ebx,svd_imgbase
mov [edi],ebx ; save it
push edi
mov esi,eax[objpoff] ; esi->object physical offset
add esi,map_ptr
mov edi,esi
push eax
mov ecx,eax[objvsize]
mov edx,eax[objpsize]
cmp ecx,edx
jbe vsize_less_psize_alright
mov ecx,edx
vsize_less_psize_alright:
pushad
xchg ecx,edx
mov byte ptr obj_size,tab
lea edi,obj_size+1
call write_decimal
;call lstrcat,offset eobj_txt,offset size_chg_txt
call lstrcat,offset eobj_txt,offset obj_size
popad
cmp IsRsrc,1
jnz not_working_on_rsrc
;cmp ecx,RsrcDisplacement
;jae rsrc_ok_to_compress
;mov eax,ecx
;mov csize,eax
;jmp rsrc_not_ok
;rsrc_ok_to_compress:
sub ecx,RsrcDisplacement
add esi,RsrcDisplacement
mov edi,esi
call compress_object
add eax,RsrcDisplacement
mov LastSectionUnaligned,eax
call PutSectionTableEntry
;rsrc_not_ok:
push eax
call file_align_fix
mov NewRsrcSize,eax
jmp did_rsrc
not_working_on_rsrc:
call compress_object ; compress object
mov LastSectionUnaligned,eax
call PutSectionTableEntry
push eax
call file_align_fix ; go align da shiznit
did_rsrc:
pushad
;xchg eax,edx
mov edx,csize
mov byte ptr obj_size,' '
lea edi,obj_size+1
call write_decimal
call lstrcat,offset eobj_txt,offset direction_txt
call lstrcat,offset eobj_txt,offset obj_size
popad
pop ecx edx
mov ebx,edx[objpsize]
cmp ebx,largest_needed_buffer
jbe no_update_largest
mov largest_needed_buffer,ebx
no_update_largest:
pop edi
mov edx[objpsize],eax
mov [edi+4],ecx
add edi,8
pop ecx eax
next_obj:
mov ebx,dword ptr new_sect_name
bswap ebx
inc bl
bswap ebx
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -