Skip to content

Commit 56790a6

Browse files
DosX-devDosX-dev
committed
Update
1 parent c3613c1 commit 56790a6

File tree

5 files changed

+141
-31
lines changed

5 files changed

+141
-31
lines changed

source/MainModule.vb

Lines changed: 65 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -7,20 +7,20 @@ Module Program
77

88
Public Sub Main()
99
Console.ForegroundColor = ConsoleColor.DarkYellow
10-
Console.Write(vbLf & " UPX-Patcher (")
10+
StdOut.Write(vbLf & " UPX-Patcher (", False)
1111

1212
Console.ForegroundColor = ConsoleColor.DarkCyan
13-
Console.Write("https://github.com/DosX-dev/UPX-Patcher")
13+
StdOut.Write("https://github.com/DosX-dev/UPX-Patcher", False)
1414

1515
Console.ForegroundColor = ConsoleColor.DarkYellow
16-
Console.WriteLine(")" & vbLf)
16+
StdOut.Write(")" & vbLf, True)
1717

1818
Console.ResetColor()
1919

2020
Dim args = Environment.GetCommandLineArgs()
2121

2222
If args.Length = 1 Then
23-
Console.WriteLine("Usage: {0} <file_path>", AppDomain.CurrentDomain.FriendlyName)
23+
StdOut.Write("Usage: " & AppDomain.CurrentDomain.FriendlyName & " <file_path>", True)
2424
Environment.Exit(0)
2525
End If
2626

@@ -52,7 +52,7 @@ Module Program
5252
End If
5353

5454

55-
Console.WriteLine("Sections confusing...")
55+
StdOut.Log("Sections confusing...")
5656

5757
bytesReplacer.PatchBytes(fileName, {&H55, &H50, ' #0
5858
&H58, &H30,
@@ -69,7 +69,7 @@ Module Program
6969
&H0},
7070
Encoding.ASCII.GetBytes(".code"))
7171

72-
Console.WriteLine("Version block confusing...")
72+
StdOut.Log("Version block confusing...")
7373

7474

7575
Dim offset As Long = bytesReplacer.FindStringOffset(fileName, "UPX!") ' version identifier
@@ -104,31 +104,68 @@ Module Program
104104
''''''''''''''''''''''''''''''''''''''''''''''''
105105

106106

107-
Console.WriteLine("Adding fake version block...")
107+
' StdOut.Log("Adding fake version block...")
108+
'
109+
'
110+
' bytesReplacer.PatchBytes(fileName,
111+
' {
112+
' &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, ' padding
113+
' &H0, &H0, &H0, &H0, ' 00 00 00 00 -> "DosX"
114+
' &H0, ' version separator
115+
' &H0, &H0, &H0, ' 00 00 00 -> "UPX"
116+
' &H0, ' 00 -> "!"
117+
' &H0 ' padding
118+
' }, {
119+
' &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, ' padding
120+
' &H44, &H6F, &H73, &H58, ' "DosX"
121+
' &H0, ' version separator
122+
' &H55, &H50, &H58, ' "UPX"
123+
' &H21, ' "!"
124+
' &H0 ' padding
125+
' }
126+
' )
127+
128+
StdOut.Log("Replacing standart DOS Stub message...")
108129

130+
bytesReplacer.PatchBytes(fileName, Encoding.ASCII.GetBytes("This program cannot be run in DOS mode."),
131+
Encoding.ASCII.GetBytes("https://github.com/DosX-dev/UPX-Patcher"))
109132

110-
bytesReplacer.PatchBytes(fileName,
111-
{
112-
&H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, ' padding
113-
&H0, &H0, &H0, &H0, ' 00 00 00 00 -> "DosX"
114-
&H0, ' version separator
115-
&H0, &H0, &H0, ' 00 00 00 -> "UPX"
116-
&H0, ' 00 -> "!"
117-
&H0 ' padding
118-
}, {
119-
&H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, ' padding
120-
&H44, &H6F, &H73, &H58, ' "DosX"
121-
&H0, ' version separator
122-
&H55, &H50, &H58, ' "UPX"
123-
&H21, ' "!"
124-
&H0 ' padding
125-
}
126-
)
133+
StdOut.Log("WinAPI changing...")
127134

128-
Console.WriteLine("Replacing standart DOS Stub message...")
135+
bytesReplacer.PatchBytes(fileName, Encoding.ASCII.GetBytes("ExitProcess"), ' function name size is 11 bytes
136+
Encoding.ASCII.GetBytes("CopyContext"))
129137

130-
bytesReplacer.PatchBytes(fileName, Encoding.ASCII.GetBytes("This program cannot be run in DOS mode."),
131-
Encoding.ASCII.GetBytes("https://github.com/DosX-dev/UPX-Patcher"))
138+
StdOut.Log("EntryPoint patching...")
139+
140+
Dim isBuild64 As Boolean = PE.Is64(fileName)
141+
142+
If isBuild64 Then
143+
bytesReplacer.PatchBytes(fileName, ' x86_64
144+
{
145+
&H0, ' db 0
146+
&H53, ' pushal
147+
&H56 ' mov esi
148+
},
149+
{
150+
&H0, ' db 0
151+
&H55, ' push ebp
152+
&H56 ' mov esi
153+
}
154+
)
155+
Else
156+
bytesReplacer.PatchBytes(fileName, ' i386
157+
{
158+
&H0, ' db 0
159+
&H60, ' pushal
160+
&HBE ' mov esi
161+
},
162+
{
163+
&H0, ' db 0
164+
&H55, ' push ebp
165+
&HBE ' mov esi
166+
}
167+
)
168+
End If
132169

133170
Catch ex As Exception
134171
Console.ForegroundColor = ConsoleColor.Red
@@ -137,8 +174,7 @@ Module Program
137174
Environment.Exit(1)
138175
End Try
139176

140-
Console.WriteLine("Done!")
177+
StdOut.Log("Successfully patched!")
141178
End If
142179
End Sub
143-
144180
End Module

source/PE.LiteParser.vb

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
Module PE
2+
Private _patcher As New Patcher
3+
4+
' d = 64; L = 32
5+
Function GetOffsetOfPE(fileName As String)
6+
Return _patcher.IndexOf(fileName, {&H50, &H45, ' get "PE\x0\x0" signature
7+
&H0, &H0})
8+
End Function
9+
10+
Function Is64(fileName As String)
11+
Return _patcher.GetByte(fileName, GetOffsetOfPE(fileName) + &H4) = &H64
12+
End Function
13+
End Module

source/Patcher.vb

Lines changed: 48 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ Class Patcher
4141
Return matchFound
4242
End Function
4343

44-
Function isPatternPresent(filePath As String, pattern As Byte()) As Boolean
44+
Function IsPatternPresent(filePath As String, pattern As Byte()) As Boolean
4545
If Not File.Exists(filePath) Then
4646
Return False
4747
End If
@@ -122,4 +122,50 @@ Class Patcher
122122
End Using
123123
End Sub
124124

125-
End Class
125+
126+
Public Function IndexOf(ByVal fileName As String, ByVal pattern() As Byte) As Integer
127+
Dim fileStream As FileStream = Nothing
128+
Try
129+
fileStream = New FileStream(fileName, FileMode.Open, FileAccess.Read)
130+
131+
If pattern.Length > fileStream.Length Then Return -1
132+
133+
For Arr As Integer = 0 To fileStream.Length - pattern.Length - 1
134+
Dim found As Boolean = True
135+
For Searcher As Integer = 0 To (pattern.Length - 1)
136+
If fileStream.ReadByte() <> pattern(Searcher) Then
137+
found = False
138+
Exit For
139+
End If
140+
Next
141+
If found Then
142+
Return Arr
143+
Else
144+
fileStream.Seek(Arr + 1, SeekOrigin.Begin)
145+
End If
146+
Next
147+
148+
Finally
149+
If fileStream IsNot Nothing Then
150+
fileStream.Close()
151+
End If
152+
End Try
153+
Return -1
154+
End Function
155+
156+
Public Function GetByte(ByVal fileName As String, ByVal index As Integer) As Byte
157+
Dim fileStream As FileStream = Nothing
158+
Try
159+
fileStream = New FileStream(fileName, FileMode.Open, FileAccess.Read)
160+
fileStream.Seek(index, SeekOrigin.Begin)
161+
162+
Return CByte(fileStream.ReadByte())
163+
164+
Finally
165+
If fileStream IsNot Nothing Then
166+
fileStream.Close()
167+
End If
168+
End Try
169+
End Function
170+
171+
End Class

source/StdOut.vb

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
Module StdOut
2+
3+
Sub Write(ByVal message As String, ByVal newLine As Boolean)
4+
Console.Out.Write(message & If(newLine, vbLf, String.Empty))
5+
End Sub
6+
7+
Sub Log(ByVal message As String)
8+
Console.ForegroundColor = ConsoleColor.DarkGray
9+
Console.Out.Write(Date.Now().ToString("HH:mm:ss") & " -> ")
10+
Console.ResetColor()
11+
Console.Out.WriteLine(message)
12+
End Sub
13+
End Module

source/UPX-Patcher.vbproj

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,8 @@
8787
<DesignTimeSharedInput>True</DesignTimeSharedInput>
8888
</Compile>
8989
<Compile Include="Patcher.vb" />
90+
<Compile Include="PE.LiteParser.vb" />
91+
<Compile Include="StdOut.vb" />
9092
</ItemGroup>
9193
<ItemGroup>
9294
<EmbeddedResource Include="My Project\Resources.resx">

0 commit comments

Comments
 (0)