correct opcode checking, same logic as in original

2025-05-31 09:49:58 +03:00
parent 8eb9d9cc93
commit 6bd80d9c25
1 changed files with 4 additions and 4 deletions
--- a/kpack_c.c
+++ b/kpack_c.c
@@ -16,6 +16,9 @@
 #define METHOD_FLAG_CALLTRICK_1 0x40
 #define METHOD_FLAG_CALLTRICK_2 0x80

+#define OP_CALL_REL32 0xE8
+#define OP_JMP_REL32  0xE9
+
 static const char* str_usage = "Usage: %s [--nologo / -n] [--kernel / -k] [--unpack / -u] <infile> [<outfile>]\n";

 static void error_load_infile() {
@@ -60,10 +63,7 @@ unsigned preprocess_calltrick(unsigned char *infile, unsigned insize, unsigned c
    do {
        //printf("infile_ptr = %p, count = %u\n", infile_ptr, count);
        unsigned opcode = *(infile_ptr++);
-        // E8 dword: call rel32
-        // E9 dword: jmp rel32
-        if (opcode > 0xE9)
-        {
+        if (opcode != OP_CALL_REL32 && opcode != OP_JMP_REL32) {
            continue;
        }
        if (count < 5) {