📄 depack.~txt
字号:
//=========SEHLL CODE===========
function ApDepack(var Source, Destination) : DWORD; cdecl;
asm
@@_aP_depack_asm:
pushad
mov esi, [esp + 40]
mov edi, [esp + 44]
cld
mov dl, 80h
xor ebx, ebx
@@literal:
movsb
mov bl, 2
@@nexttag:
call @@getbit
jnc @@literal
xor ecx, ecx
call @@getbit
jnc @@codepair
xor eax, eax
call @@getbit
jnc @@shortmatch
mov bl, 2
inc ecx
mov al, 10h
@@getmorebits:
call @@getbit
adc al, al
jnc @@getmorebits
jnz @@domatch
stosb
jmp @@nexttag
@@codepair:
call @@getgamma_no_ecx
sub ecx, ebx
jnz @@normalcodepair
call @@getgamma
jmp @@domatch_lastpos
@@shortmatch:
lodsb
shr eax, 1
jz @@donedepacking
adc ecx, ecx
jmp @@domatch_with_2inc
@@normalcodepair:
xchg eax, ecx
dec eax
shl eax, 8
lodsb
call @@getgamma
cmp eax, 32000
jae @@domatch_with_2inc
cmp ah, 5
jae @@domatch_with_inc
cmp eax, 7fh
ja @@domatch_new_lastpos
@@domatch_with_2inc:
inc ecx
@@domatch_with_inc:
inc ecx
@@domatch_new_lastpos:
xchg eax, ebp
@@domatch_lastpos:
mov eax, ebp
mov bl, 1
@@domatch:
push esi
mov esi, edi
sub esi, eax
rep movsb
pop esi
jmp @@nexttag
@@getbit:
add dl, dl
jnz @@stillbitsleft
mov dl, [esi]
inc esi
adc dl, dl
@@stillbitsleft:
ret
@@getgamma:
xor ecx, ecx
@@getgamma_no_ecx:
inc ecx
@@getgammaloop:
call @@getbit
adc ecx, ecx
call @@getbit
jc @@getgammaloop
ret
@@donedepacking:
sub edi, [esp + 40]
mov [esp + 28], edi
popad
end;
{$L lib\aplib.obj}
{$L lib\depack.obj}
{$L lib\depackf.obj}
{$L lib\depacks.obj}
{$L lib\crc32.obj}
{$L lib\spack.obj}
{$L lib\scheck.obj}
{$L lib\sgetsize.obj}
{$L lib\sdepack.obj}
procedure Move(const Source; var Dest; count: Integer);
asm
PUSH ESI
PUSH EDI
MOV ESI,EAX
MOV EDI,EDX
MOV EAX,ECX
CMP EDI,ESI
JA @@down
JE @@exit
SAR ECX,2
JS @@exit
REP MOVSD
MOV ECX,EAX
AND ECX,03H
REP MOVSB
JMP @@exit
@@down:
LEA ESI,[ESI+ECX-4]
LEA EDI,[EDI+ECX-4]
SAR ECX,2
JS @@exit
STD
REP MOVSD
MOV ECX,EAX
AND ECX,03H
ADD ESI,4-1
ADD EDI,4-1
REP MOVSB
CLD
@@exit:
POP EDI
POP ESI
end;
function GetImageBase: DWORD;
var
PEB, Ldr, fLink: DWORD;
begin
asm
mov eax, fs: [$30]
mov PEB, eax
end;
Ldr := PDWORD(PEB + $C)^;
fLink := PDWORD(Ldr + $C)^;
result := PDWORD(DWORD(fLink) + $18)^;
end;
function NextPChar(s: PChar): PChar;
begin
result := s;
while PByte(result)^ <> 0 do
inc(result);
inc(result);
end;
function NextDWORD(d: Pointer): PDWORD;
begin
result := d;
inc(result);
end;
function GetDataDir(ImageBase: Cardinal; index: Cardinal): PImageDataDirectory;
var
PFileHeader: PImageFileHeader;
POptionalHeader32: PImageOptionalHeader32;
begin
PFileHeader := PImageFileHeader(ImageBase + DWORD(PImageDosHeader(ImageBase)^.e_lfanew) + 4);
POptionalHeader32 := PImageOptionalHeader32(DWORD(PFileHeader) + IMAGE_SIZEOF_FILE_HEADER);
result := PImageDataDirectory(@POptionalHeader32^.DataDirectory[0]);
inc(result, index);
end;
procedure DelphiEP;
var
ImageBase: DWORD;
pGetModuleHandle: function (lpModuleName: PChar): HMODULE; stdcall;
pGetProcAddress: function (hModule: HMODULE; lpProcName: LPCSTR): FARPROC; stdcall;
pLoadLibrary: function (lpLibFileName: PChar): HMODULE; stdcall;
pVirtualAlloc: function (lpvAddress: Pointer; dwSize, flAllocationType, flProtect: DWORD): Pointer; stdcall;
pVirtualFree: function (lpAddress: Pointer; dwSize, dwFreeType: DWORD): BOOL; stdcall;
pVirtualProtect: function (lpAddress: Pointer; dwSize, flNewProtect: DWORD;
lpflOldProtect: Pointer): BOOL; stdcall;
//以上为必须变量
//下面为自定义变量
// pMessageBoxA: function (hWnd: HWND; lpText, lpCaption: PChar; uType: UINT): Integer; stdcall;
PPackDataRVA: PDWORD;
PResRVA, PResSize, PkImpSize: PDWORD;
PackedDir: PPkDataHeader;
PackedSectionDir: PPkSectionDir;
PackedData, UnPackedData: Pointer;
i: Cardinal;
ImpDirPtr: PImpDir;
p: PChar;
hDll: DWORD;
pp: PDWORD;
xp: Pointer;
pKeyFunc: PDWORD;
pResDir: PImageDataDirectory;
pBuf: Pointer;
begin
pKeyFunc := LocalVar;
pGetModuleHandle := Pointer(pKeyFunc^);
Inc(pKeyFunc);
pLoadLibrary := Pointer(pKeyFunc^);
Inc(pKeyFunc);
pGetProcAddress := Pointer(pKeyFunc^);
Inc(pKeyFunc);
pVirtualAlloc := Pointer(pKeyFunc^);
Inc(pKeyFunc);
pVirtualFree := Pointer(pKeyFunc^);
Inc(pKeyFunc);
pVirtualProtect := Pointer(pKeyFunc^);
Inc(pKeyFunc, 2);
PPackDataRVA := Pointer(pKeyFunc);
Inc(pKeyFunc);
PResRVA := Pointer(pKeyFunc);
Inc(pKeyFunc);
PResSize := Pointer(pKeyFunc);
Inc(pKeyFunc);
PkImpSize := Pointer(pKeyFunc);
ImageBase := GetImageBase;
PackedDir := Pointer(ImageBase + PPackDataRVA^);
PackedSectionDir := Pointer(PChar(PackedDir) + PackedDir^.PkSectionDirOffset);
xp := PackedSectionDir;
for i := 0 to PackedDir^.PkSectionDirCount - 1 do
begin
if PackedSectionDir^.Length <> 0 then
begin
PackedData := Pointer(PChar(xp) + PackedSectionDir^.Offset);
UnPackedData := Pointer(ImageBase + PackedSectionDir^.RVA);
ApDepack(PackedData^, UnPackedData^);
end;
Inc(PackedSectionDir);
end;
pBuf := pVirtualAlloc(nil, PkImpSize^, MEM_COMMIT, PAGE_READWRITE);
ImpDirPtr := Pointer(PChar(PackedDir) + PackedDir^.PkImpDirOffset);
ApDepack(ImpDirPtr^, pBuf^);
ImpDirPtr := pBuf;
while ImpDirPtr^.ThunkRVA <> 0 do
begin
p := @ImpDirPtr^.Name[0];
hDll := pGetModuleHandle(p);
if hDll = 0 then
hDll := pLoadLibrary(p);
p := NextPChar(p);
pp := Pointer(ImageBase + ImpDirPtr^.ThunkRVA);
for i := 1 to ImpDirPtr^.ImpFuncCount do
begin
if PDWORD(p)^ and $FFFF0000 = 0 then
begin
pp^ := DWORD(pGetProcAddress(hDll, Pointer(PWORD(p)^)));
p := PChar(NextDWORD(p));
end
else
begin
pp^ := DWORD(pGetProcAddress(hDll, p));
p := NextPChar(p);
end;
inc(pp);
end;
ImpDirPtr := PImpDir(p);
end;
pVirtualFree(pBuf, 0, MEM_RELEASE);
pVirtualProtect(Pointer(ImageBase), $1000, PAGE_EXECUTE_READWRITE, @i);
pResDir := GetDataDir(ImageBase, 2);
pResDir^.VirtualAddress := PResRVA^;
pResDir^.Size := PResSize^;
end;
//=========SEHLL CODE===========
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -