194 lines
4.1 KiB
PHP
194 lines
4.1 KiB
PHP
|
|
||
|
align 4
|
||
|
|
||
|
proc load_PE stdcall, file_name:dword
|
||
|
locals
|
||
|
image dd ?
|
||
|
endl
|
||
|
|
||
|
stdcall load_file, [file_name]
|
||
|
test eax, eax
|
||
|
jz .fail
|
||
|
|
||
|
mov [image], eax
|
||
|
|
||
|
mov edx, [eax+60]
|
||
|
|
||
|
stdcall kernel_alloc, [eax+80+edx]
|
||
|
test eax, eax
|
||
|
jz .cleanup
|
||
|
|
||
|
stdcall map_PE, eax, [image]
|
||
|
ret
|
||
|
.cleanup:
|
||
|
stdcall kernel_free,[image]
|
||
|
.fail:
|
||
|
xor eax, eax
|
||
|
ret
|
||
|
endp
|
||
|
|
||
|
|
||
|
align 4
|
||
|
map_PE:
|
||
|
cld
|
||
|
push ebp
|
||
|
push edi
|
||
|
push esi
|
||
|
push ebx
|
||
|
sub esp, 28
|
||
|
|
||
|
mov edx, [esp+52]
|
||
|
mov ebx, [esp+48]
|
||
|
mov dword [esp+20], 0
|
||
|
add edx, [edx+60]
|
||
|
movzx eax, word [edx+6]
|
||
|
mov [esp+16], edx
|
||
|
mov [esp+12], eax
|
||
|
jmp .L6
|
||
|
.L7:
|
||
|
mov eax, [edx+264]
|
||
|
mov ebp, [edx+260]
|
||
|
mov esi, [esp+52]
|
||
|
add esi, [edx+268]
|
||
|
mov ecx, eax
|
||
|
lea edi, [ebx+ebp]
|
||
|
|
||
|
shr ecx, 2
|
||
|
rep movsd
|
||
|
|
||
|
mov ecx, [edx+256]
|
||
|
cmp ecx, eax
|
||
|
jbe .L8
|
||
|
sub ecx, eax
|
||
|
|
||
|
xor eax, eax
|
||
|
rep stosb
|
||
|
|
||
|
.L8:
|
||
|
inc dword [esp+20]
|
||
|
add edx, 40
|
||
|
.L6:
|
||
|
mov eax, [esp+12]
|
||
|
cmp [esp+20], eax
|
||
|
jne .L7
|
||
|
|
||
|
mov edx, [esp+16]
|
||
|
cmp dword [edx+164], 0
|
||
|
je .L11
|
||
|
|
||
|
mov edi, ebx
|
||
|
mov ecx, ebx
|
||
|
sub edi, [edx+52]
|
||
|
add ecx, [edx+160]
|
||
|
mov eax, edi
|
||
|
shr eax, 16
|
||
|
mov [esp+4], eax
|
||
|
jmp .L13
|
||
|
.L14:
|
||
|
lea esi, [eax-8]
|
||
|
xor ebp, ebp
|
||
|
shr esi,1
|
||
|
jmp .L15
|
||
|
.L16:
|
||
|
movzx eax, word [ecx+8+ebp*2]
|
||
|
mov edx, eax
|
||
|
shr eax, 12
|
||
|
and edx, 4095
|
||
|
add edx, [ecx]
|
||
|
cmp ax, 2
|
||
|
je .L19
|
||
|
|
||
|
cmp ax, 3
|
||
|
je .L20
|
||
|
|
||
|
dec ax
|
||
|
jne .L17
|
||
|
|
||
|
mov eax, [esp+4]
|
||
|
add word [edx+ebx], ax
|
||
|
.L19:
|
||
|
add word [edx+ebx], di
|
||
|
.L20:
|
||
|
add [edx+ebx], edi
|
||
|
.L17:
|
||
|
inc ebp
|
||
|
.L15:
|
||
|
cmp ebp, esi
|
||
|
jne .L16
|
||
|
add ecx, [ecx+4]
|
||
|
.L13:
|
||
|
mov eax, [ecx+4]
|
||
|
test eax, eax
|
||
|
jne .L14
|
||
|
.L11:
|
||
|
mov edx, [esp+16]
|
||
|
cmp dword [edx+132], 0
|
||
|
je .L22
|
||
|
|
||
|
mov eax, ebx
|
||
|
add eax, [edx+128]
|
||
|
lea esi, [eax+20]
|
||
|
.L24:
|
||
|
cmp dword [esi-16], 0
|
||
|
jne .L25
|
||
|
|
||
|
cmp dword [esi-8], 0
|
||
|
je .L22
|
||
|
.L25:
|
||
|
mov ecx, [esi-20]
|
||
|
mov ebp, ebx
|
||
|
add ebp, [esi-4]
|
||
|
add ecx, ebx
|
||
|
mov [esp+24], ecx
|
||
|
.L27:
|
||
|
mov edx, [esp+24]
|
||
|
mov eax, [edx]
|
||
|
test eax, eax
|
||
|
je .L28
|
||
|
|
||
|
test eax, eax
|
||
|
js .L28
|
||
|
|
||
|
lea eax, [eax+2+ebx]
|
||
|
mov edi, kernel_export
|
||
|
mov dword [ebp], -1
|
||
|
mov [esp+8], eax
|
||
|
.L31:
|
||
|
push ecx
|
||
|
push 16
|
||
|
push dword [edi]
|
||
|
push dword [esp+20]
|
||
|
call strncmp
|
||
|
pop edx
|
||
|
test eax, eax
|
||
|
jne .L32
|
||
|
|
||
|
mov eax, [edi+4]
|
||
|
mov [ebp], eax
|
||
|
jmp .L34
|
||
|
.L32:
|
||
|
add edi, 8
|
||
|
cmp dword [edi], 0
|
||
|
jne .L31
|
||
|
.L34:
|
||
|
add dword [esp+24], 4
|
||
|
add ebp, 4
|
||
|
jmp .L27
|
||
|
.L28:
|
||
|
add esi, 20
|
||
|
jmp .L24
|
||
|
.L22:
|
||
|
|
||
|
mov ecx, [esp+16]
|
||
|
add ebx, [ecx+40]
|
||
|
|
||
|
add esp, 28
|
||
|
mov eax, ebx
|
||
|
|
||
|
pop ebx
|
||
|
pop esi
|
||
|
pop edi
|
||
|
pop ebp
|
||
|
|
||
|
ret 8
|