📄 main.c
字号:
{
if((*p&0x20)&&referCount(r)>0)nn++;
p++;q++;r++;
}
if(nn){p=pe;q=qe;r=re;continue;}
p=ps;
while(p<pp){*p++=0x0F;}
p=pe;q=qe;r=re;
}
fprintf(stderr,"1$");
return 1;
}
// ***************************************
// some reporting functions
// ***************************************
int ShowTriedLabels()
{
int i;
//fprintf (stderr, "\n*************** tried labels are: ***************** ");
fprintf (stdout, "\n*************** tried labels are: ***************** ");
for (i=0;i<tLc;i++)
{
if (i % 8 == 0) fprintf(stdout,"\n");
fprintf(stdout, "%08X,",triedLabels[i]);
}
}
int ReportMap()
{
int i,j,m,n;
int c,d,r;
PBYTE p, pmax, pstart, psave, q, qstart;
pstart=p=toMap(imagebaseRVA);
pmax=p+CodeSize;
r=imagebaseRVA;
n=0;
while(p<pmax)
{
if(n%24==0)printf("\n%08X:",r);
printf(" %02X",*p);
p++; r++; n++;
}
printf("\n");
return 1;
}
int SaveMap()
{
PBYTE p, pmax;
extern char mname[];
FILE *fp;
fp=fopen(mname, "wb");
p=toMap(imagebaseRVA);
pmax=p+CodeSize;
while(p<pmax)
{
fputc(*p, fp);
p++;
}
fclose(fp);
return 1;
}
int LoadMap()
{
PBYTE p, pmax;
extern char mname[];
FILE *fp;
fp=fopen(mname, "rb");
p=toMap(imagebaseRVA);
pmax=p+CodeSize;
while(p<pmax)
{
*p++=fgetc(fp);
}
fclose(fp);
return 1;
}
int stringCheck(int c, int ref, int pos)
{
int n;
PBYTE p, q, qq;
if(pos<imagebaseRVA||pos>imagebaseRVA+CodeSize) return 1;
q=toFile(ref);
switch(c)
{
case 512: case 513: case 1024:
n=strlen(q);qq=q;
if(n>0) while(qq<q+n&&isprint(*qq))qq++;
if (n>0&&qq==q+n)
{
p=toMap(pos);
if(*p&0x05) *p |= 0x10;
}
default:
}
return 1;
}
int labelBody(Bnode *t, int i)
{
int c, r, rr;
PBYTE p, pp;
c=t->key[i].class;
r=t->key[i].c_ref;
rr=t->key[i].c_pos;
if ((imagebaseRVA+CodeSize<r)&&(r<imageBase+maxRVA+maxRVAsize))
return stringCheck(c, r, rr);
p=toMap(r);
if (p==NULL) return 1;
if ((*p&0x05)!=0x05) return 1;
pp=toMap(rr);
if ((*p==0x0F)&&(*pp==0x0F)) return 1;
switch(c)
{
case 1: case 2:
if (pp==NULL) break;
if (*p==0x0F) { whyNow(rr, r); break;}
if ((*p&0x20)&&(*pp&0x05)==0x05) break;
if (*pp&0x05) *p |= 0x20; break;
case 3: case 4:
if (pp==NULL) break;
if (*p==0x0F) { whyNow(rr, r); break;}
if (*p==0x0F) break;
if ((*p&0x20)&&(*pp&0x05)==0x05) break;
if (*pp&0x05) *p |= 0x20; break;
case 5: case 7: case 9:
if (pp==NULL) break;
if (*p==0x0F) { whyNow(rr, r); break;}
if ((*p&0x20)&&(*pp&0x05)==0x05) break;
if (*pp&0x05) *p |= 0x20; break;
case 11: case 13: case 15: case 17:
if (pp==NULL) break;
if (*p==0x0F) { whyNow(rr, r); break;}
if ((*p&0x40)&&(*pp&0x05)==0x05) break;
if (*pp&0x05) *p |= 0x60; break;
case 133:
break;
case 165: case 166:
if (pp==NULL) break;
if ((*p&0x20)&&(*pp&0x0E)==0x0E) break;
if ((*pp&0x0E)==0x0E) *p |= 0x20; break;
case 512: case 513: case 1024:
if (pp==NULL) break;
if ((*p&0x0F)==0x0F) return stringCheck(c, r, rr);
break;
case 2048:
*p |= 0xE0; break;
default:
}
return 1;
}
int labelP(Bnode *t)
{
int i;
if (t != NULL)
{
for (i = 0; i < t->n; i++)
{
labelP(t->ptr[i]);
labelBody(t,i);
}
labelP(t->ptr[i]);
}
}
int LabelProcess()
{
PBYTE p, pmax;
// I need to recycle one bit of Map,.... november 16,1997 -sangcho-
p=(PBYTE)lpMap; pmax=p+CodeSize;
while(p<pmax){*p^=(*p&0xF0);p++;}
labelP(head);
}
int xrefBody(Bnode *t, int i)
{
static int sr=0, col=0;
int c, r, rr;
PBYTE p, pp, q;
c=t->key[i].class;
r=t->key[i].c_ref;
rr=t->key[i].c_pos;
p=toMap(r);
if (p==NULL) return 1;
if ((*p&0x25)!=0x25) return 1;
if (c==1||c==2) return 1;
pp=toMap(rr);
q=toFile(r);
if (sr!=r)
{
if ((*p&0x80)&&(*q!=0xC3))
{
printf("\n**%08X::",r);printExportName1(r);
if(rr>imagebaseRVA) {printf("\n %08X,",rr);col=1;}
else col=7;
}
else if (*p&0x40)
{printf("\n==%08X::%08X,",r,rr);col=1;}
else {printf("\n--%08X::%08X,",r,rr);col=1;}
}
else
{
if (col%7==0) printf("\n %08X,",rr);
else printf("%08X,",rr); col++;
}
sr=r;
return 1;
}
int xrefP(Bnode *t)
{
int i;
if (t != NULL)
{
for (i = 0; i < t->n; i++)
{
xrefP(t->ptr[i]);
xrefBody(t,i);
}
xrefP(t->ptr[i]);
}
}
int Xreference()
{
printf("\n\n*************** Cross Reference Listing ****************");
return xrefP(head);
}
// ************************************
// main cleaning agent
// ************************************
int eraseUncertain(int ref)
{
PBYTE p, s, e;
int i, j, n, r, rr;
BYTE c;
_key_ k;
p=toMap(ref-1);
for (i=0;i>imagebaseRVA-ref;i--,p--)
if ((*p==0x00)||(*p&0x88)) break;
// start position to erase
s = p+1;
p=toMap(ref);
if (*p) { p++;}
for (i=0;i<CodeSize+imagebaseRVA-ref;i++,p++)
if ((*p==0x00)||(*p&0x08)||(*p&0x60))break;
// end position to erase (before this point)
e = p;
// I need to do something here, delete labels generated at this point
n = 0; r=fromMap(s);
for (p=s;p<e;p++,r++)
{
if(*p&0x40){p=e;break;}
if (*p&0x10)
{
DeleteLabels(r); n++;
}
// i have to take care of very bad situation here.
if (*p&0x20)
{
if (referCount(r)<3)
{
*p=0x00; if(minErase>r)minErase=r;
needSomecare[nsc++]=fromMap(p);
}
else {subtractCount(r,1); *p=0x20;}
}
else { *p=0x00; if(minErase>r)minErase=r; }
}
//if (e>s)
//fprintf(stdout, "\n(%08X)eraseUncertain: %08X - %08X ... %3d labels are deleted\n",r,
// fromMap(s),fromMap(e),n);
//if (e>s)
//{fprintf(stderr, "\n(%08X)eraseUncertain: %08X - %08X ... %3d labels are deleted\n",r,
// fromMap(s),fromMap(e),n);getch();}
return 1;
}
int youDidIt(int ref)
{
return eraseCarefully(ref);
}
int eraseUncertain1(int ref)
{
int cBox[256];
PBYTE p, ps, pe, pp, q;
int i, j, n, nn, r;
BYTE c;
_key_ k;
p=toMap(ref-1);
for (i=0;i>imagebaseRVA-ref;i--,p--)
if ((*p==0x00)||(*p&0x88)) break;
// start position to erase
ps = p+1;
p=toMap(ref);
if (*p) { p++;}
for (i=0;i<CodeSize+imagebaseRVA-ref;i++,p++)
if ((*p==0x00)||(*p&0x08)||(*p&0x40)||((*p&0x22)==0x20))break;
// end position to erase (before this point)
pe = p;
// I need to do something here, delete labels generated at this point
n = 0; r=fromMap(ps);
p=ps;q=toFile(r);nn=0;
for(i=0;i<256;i++)cBox[i]=0;
while(p<pe)
{
if(*q==0x55&&*(q+1)>0x80)break;
cBox[*q]+=1;p++;q++;nn++;
}
pp=p;
if ((cBox[0xC2]+cBox[0xC3]==0) &&
((cBox[0x81]+cBox[0x83]+cBox[0x89]+cBox[0x8B])*100<nn))
{
p=ps;
while(p<pp)
{
if (*p&0x10) {DeleteLabels(r); n++;}
*p=0x0F; p++; r++;
}
while(p<pe)
{
if (*p&0x10) {DeleteLabels(r); n++;}
*p=0x00; p++; r++;
}
}
else
for (p=ps;p<pe;p++,r++)
{
if(*p&0x40){p=pe;break;}
if (*p&0x10) { DeleteLabels(r); n++; }
// i have to take care of very bad situation here.
if (*p&0x20)
{
if (referCount(r)<3)
{
*p=0x00; if(minErase>r)minErase=r;
}
else {subtractCount(r,1);*p=0x20;}
}
else {*p=0x00; if(minErase>r)minErase=r;}
}
if (pe>ps)
{
// r=fromMap(ps);
//fprintf(stdout, "\n@(%08X)eraseUncertain1: %08X - %08X ... %3d labels are deleted\n",r,
// r,fromMap(pe),n);
}
return 1;
}
int eraseCarefully(int ref)
{
int i, n;
_key_ k;
PKEY pk;
//{fprintf(stdout, "\n(%08X)eraseCareFully:\n",ref);}
if ((n=referCount(ref))==0) return 1;
k.c_ref=ref; k.c_pos=0; k.class=0;
for(i=0;i<n;i++)
{
pk = searchBtree3(&k);
if (pk==NULL) return 1;
eraseUncertain1(pk->c_pos);
}
return 1;
}
// some bad code generated reference which is not a start position of
// my code, so i am invoking BIG action to erase whoever does that.
// i have to come up with this one. a little bit different from above.
// DeleteLabels this one may involve more labels.(very unlikely)
// november 2, 1997 sangcho
int DareMe()
{
int i;
for(i=0;i<dmc;i++) eraseCarefully(dmLabels[i]);
dmc=0;
return 1;
}
int eraseLittle(int ref)
{
PBYTE p, s, e, pstart, pmax;
int i, j, n, r, rr;
BYTE c;
_key_ k;
pstart=(PBYTE)lpMap;pmax=pstart+CodeSize;
p=toMap(ref-1);s=NULL;
while(p>pstart)
{if((*p==0x00)||(*p&0x08)||(*p&0x80)||(*p&0x05)==0x05)break;p--;}
if(*p==0||(*p&0x08)||(*p&0x80))s=p+1;
if(s==NULL)
{
// now check whether this position is secure or not.
r=fromMap(p);
if(isThisSecure(r)){s=toMap(ref);*(s-1)|=0x80;}
}
rr=r;
while(s==NULL)
{
while(p>pstart)
{if((*p==0x00)||(*p&0x08)||(*p&0x80)||(*p&0x05)==0x05)break;p--;}
if(*p==0||(*p&0x80)||(*p&0x08)){s=p+1;break;}
r=fromMap(p);
if(isThisSecure(r)){s=toMap(rr);*(s-1)|=0x80;break;}
if(r==rr){p--;}else rr=r;
}
// now I need to set e to the point with 0x40
p=toMap(ref);
while(p<pmax){if(*p&0x40)break;p++;}
e=p;
// I need to do something here, delete labels generated at this point
n = 0;
for (p=s;p<e;p++)
{
r=fromMap(p);
if (*p&0x10)
{
DeleteLabels(r); n++;
}
// i have to take care of very bad situation here.
if (*p&0x20)
{
if (referCount(r)<3)
{
*p=0x00;
}
else {subtractCount(r,1); *p=0x20;}
}
else *p=0x00;
}
//if (e>s)
//fprintf(stdout, "\n==(%08X)eraseLittle: %08X - %08X ... %3d labels are deleted\n",
// r,fromMap(s),fromMap(e),n);
return 1;
}
int whyNow(int pos, int ref)
{
PBYTE p, s, e;
int i, j, n, r;
BYTE c;
_key_ k;
if (secondChance(ref)) return 1;
//fprintf(stderr, ":%08X>%08X ",pos, ref);
//fprintf(stdout, ":%08X>%08X ",pos, ref);
return 1;
}
int eraseSuspicious1(int ref)
{
PBYTE p, s, e;
int i, j, n, r;
BYTE c;
_key_ k;
p=toMap(ref-1);
for (i=0;i>imagebaseRVA-ref;i--,p--)
if ((*p&0x08)||!(*p&0x02)) break;
// start position to erase
s = p+1;
p=toMap(ref);
if (!(*p&0x08)&&(*p&0x02)) { p++;}
for (i=0;i<CodeSize-ref+imagebaseRVA;i++,p++)
if ((*p&0x08)||!(*p&0x02))break;
// end position to erase (before this point)
e = p;
// I need to do something here, delete labels generated at this point
n = 0;
for (p=s;p<e;p++)
{
r=fromMap(p);
if (*p&0x10) DeleteLabels(r);
*p=0x0F;
}
return 1;
}
int eraseSuspicious(int ref)
{
int i, n, r;
_key_ k;
PKEY pk;
//{fprintf(stderr, "\n(%08X)eraseCareFully:\n",ref);getch();}
if ((n=referCount(ref))==0) return 1;
k.c_ref=ref; k.c_pos=0; k.class=0;
for(i=0;i<n;i++)
{
pk = searchBtree3(&k);
if (pk==NULL) return 1;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -