From 56790a697ebf39e8d0951f05ebb1b9a9917d085c Mon Sep 17 00:00:00 2001 From: DosX Date: Thu, 22 Feb 2024 22:24:22 +0300 Subject: [PATCH] Update --- source/MainModule.vb | 94 +++++++++++++++++++++++++++------------ source/PE.LiteParser.vb | 13 ++++++ source/Patcher.vb | 50 ++++++++++++++++++++- source/StdOut.vb | 13 ++++++ source/UPX-Patcher.vbproj | 2 + 5 files changed, 141 insertions(+), 31 deletions(-) create mode 100644 source/PE.LiteParser.vb create mode 100644 source/StdOut.vb diff --git a/source/MainModule.vb b/source/MainModule.vb index 97a7615..b733ee7 100644 --- a/source/MainModule.vb +++ b/source/MainModule.vb @@ -7,20 +7,20 @@ Module Program Public Sub Main() Console.ForegroundColor = ConsoleColor.DarkYellow - Console.Write(vbLf & " UPX-Patcher (") + StdOut.Write(vbLf & " UPX-Patcher (", False) Console.ForegroundColor = ConsoleColor.DarkCyan - Console.Write("https://github.com/DosX-dev/UPX-Patcher") + StdOut.Write("https://github.com/DosX-dev/UPX-Patcher", False) Console.ForegroundColor = ConsoleColor.DarkYellow - Console.WriteLine(")" & vbLf) + StdOut.Write(")" & vbLf, True) Console.ResetColor() Dim args = Environment.GetCommandLineArgs() If args.Length = 1 Then - Console.WriteLine("Usage: {0} ", AppDomain.CurrentDomain.FriendlyName) + StdOut.Write("Usage: " & AppDomain.CurrentDomain.FriendlyName & " ", True) Environment.Exit(0) End If @@ -52,7 +52,7 @@ Module Program End If - Console.WriteLine("Sections confusing...") + StdOut.Log("Sections confusing...") bytesReplacer.PatchBytes(fileName, {&H55, &H50, ' #0 &H58, &H30, @@ -69,7 +69,7 @@ Module Program &H0}, Encoding.ASCII.GetBytes(".code")) - Console.WriteLine("Version block confusing...") + StdOut.Log("Version block confusing...") Dim offset As Long = bytesReplacer.FindStringOffset(fileName, "UPX!") ' version identifier @@ -104,31 +104,68 @@ Module Program '''''''''''''''''''''''''''''''''''''''''''''''' - Console.WriteLine("Adding fake version block...") + ' StdOut.Log("Adding fake version block...") + ' + ' + ' bytesReplacer.PatchBytes(fileName, + ' { + ' &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, ' padding + ' &H0, &H0, &H0, &H0, ' 00 00 00 00 -> "DosX" + ' &H0, ' version separator + ' &H0, &H0, &H0, ' 00 00 00 -> "UPX" + ' &H0, ' 00 -> "!" + ' &H0 ' padding + ' }, { + ' &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, ' padding + ' &H44, &H6F, &H73, &H58, ' "DosX" + ' &H0, ' version separator + ' &H55, &H50, &H58, ' "UPX" + ' &H21, ' "!" + ' &H0 ' padding + ' } + ' ) + + StdOut.Log("Replacing standart DOS Stub message...") + bytesReplacer.PatchBytes(fileName, Encoding.ASCII.GetBytes("This program cannot be run in DOS mode."), + Encoding.ASCII.GetBytes("https://github.com/DosX-dev/UPX-Patcher")) - bytesReplacer.PatchBytes(fileName, - { - &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, ' padding - &H0, &H0, &H0, &H0, ' 00 00 00 00 -> "DosX" - &H0, ' version separator - &H0, &H0, &H0, ' 00 00 00 -> "UPX" - &H0, ' 00 -> "!" - &H0 ' padding - }, { - &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, ' padding - &H44, &H6F, &H73, &H58, ' "DosX" - &H0, ' version separator - &H55, &H50, &H58, ' "UPX" - &H21, ' "!" - &H0 ' padding - } - ) + StdOut.Log("WinAPI changing...") - Console.WriteLine("Replacing standart DOS Stub message...") + bytesReplacer.PatchBytes(fileName, Encoding.ASCII.GetBytes("ExitProcess"), ' function name size is 11 bytes + Encoding.ASCII.GetBytes("CopyContext")) - bytesReplacer.PatchBytes(fileName, Encoding.ASCII.GetBytes("This program cannot be run in DOS mode."), - Encoding.ASCII.GetBytes("https://github.com/DosX-dev/UPX-Patcher")) + StdOut.Log("EntryPoint patching...") + + Dim isBuild64 As Boolean = PE.Is64(fileName) + + If isBuild64 Then + bytesReplacer.PatchBytes(fileName, ' x86_64 + { + &H0, ' db 0 + &H53, ' pushal + &H56 ' mov esi + }, + { + &H0, ' db 0 + &H55, ' push ebp + &H56 ' mov esi + } + ) + Else + bytesReplacer.PatchBytes(fileName, ' i386 + { + &H0, ' db 0 + &H60, ' pushal + &HBE ' mov esi + }, + { + &H0, ' db 0 + &H55, ' push ebp + &HBE ' mov esi + } + ) + End If Catch ex As Exception Console.ForegroundColor = ConsoleColor.Red @@ -137,8 +174,7 @@ Module Program Environment.Exit(1) End Try - Console.WriteLine("Done!") + StdOut.Log("Successfully patched!") End If End Sub - End Module diff --git a/source/PE.LiteParser.vb b/source/PE.LiteParser.vb new file mode 100644 index 0000000..f4050a5 --- /dev/null +++ b/source/PE.LiteParser.vb @@ -0,0 +1,13 @@ +Module PE + Private _patcher As New Patcher + + ' d = 64; L = 32 + Function GetOffsetOfPE(fileName As String) + Return _patcher.IndexOf(fileName, {&H50, &H45, ' get "PE\x0\x0" signature + &H0, &H0}) + End Function + + Function Is64(fileName As String) + Return _patcher.GetByte(fileName, GetOffsetOfPE(fileName) + &H4) = &H64 + End Function +End Module diff --git a/source/Patcher.vb b/source/Patcher.vb index 5ca6c97..db20a60 100644 --- a/source/Patcher.vb +++ b/source/Patcher.vb @@ -41,7 +41,7 @@ Class Patcher Return matchFound End Function - Function isPatternPresent(filePath As String, pattern As Byte()) As Boolean + Function IsPatternPresent(filePath As String, pattern As Byte()) As Boolean If Not File.Exists(filePath) Then Return False End If @@ -122,4 +122,50 @@ Class Patcher End Using End Sub -End Class + + Public Function IndexOf(ByVal fileName As String, ByVal pattern() As Byte) As Integer + Dim fileStream As FileStream = Nothing + Try + fileStream = New FileStream(fileName, FileMode.Open, FileAccess.Read) + + If pattern.Length > fileStream.Length Then Return -1 + + For Arr As Integer = 0 To fileStream.Length - pattern.Length - 1 + Dim found As Boolean = True + For Searcher As Integer = 0 To (pattern.Length - 1) + If fileStream.ReadByte() <> pattern(Searcher) Then + found = False + Exit For + End If + Next + If found Then + Return Arr + Else + fileStream.Seek(Arr + 1, SeekOrigin.Begin) + End If + Next + + Finally + If fileStream IsNot Nothing Then + fileStream.Close() + End If + End Try + Return -1 + End Function + + Public Function GetByte(ByVal fileName As String, ByVal index As Integer) As Byte + Dim fileStream As FileStream = Nothing + Try + fileStream = New FileStream(fileName, FileMode.Open, FileAccess.Read) + fileStream.Seek(index, SeekOrigin.Begin) + + Return CByte(fileStream.ReadByte()) + + Finally + If fileStream IsNot Nothing Then + fileStream.Close() + End If + End Try + End Function + +End Class \ No newline at end of file diff --git a/source/StdOut.vb b/source/StdOut.vb new file mode 100644 index 0000000..f9b6a43 --- /dev/null +++ b/source/StdOut.vb @@ -0,0 +1,13 @@ +Module StdOut + + Sub Write(ByVal message As String, ByVal newLine As Boolean) + Console.Out.Write(message & If(newLine, vbLf, String.Empty)) + End Sub + + Sub Log(ByVal message As String) + Console.ForegroundColor = ConsoleColor.DarkGray + Console.Out.Write(Date.Now().ToString("HH:mm:ss") & " -> ") + Console.ResetColor() + Console.Out.WriteLine(message) + End Sub +End Module diff --git a/source/UPX-Patcher.vbproj b/source/UPX-Patcher.vbproj index f9dc3a5..d7db6a1 100644 --- a/source/UPX-Patcher.vbproj +++ b/source/UPX-Patcher.vbproj @@ -87,6 +87,8 @@ True + +