header-32 186->179 bytes

packer/header-32.asm

-; ==========================================
-; ========= MACROS AND BOILERPLATE =========
-; ==========================================
 
-BITS 32
+;%define USE_GZIP
 
-org 0x08048000
+jumptar2_addr equ 0x51
 
-%include "syscalls-32.asm"
+%define STDIN_FILENO	0
+%define STDOUT_FILENO	1
+%define STDERR_FILENO	2
 
-; ==============================
-; ========= ELF HEADER =========
-; ==============================
+%define SYS_memfd_create	356
+%define SYS_fork			2
+%define SYS_waitid			284
+%define SYS_execve			11
+%define SYS_open			5
+%define SYS_lseek			19
+%define SYS_dup2			63
 
-ehdr: ; Elf64_Ehdr
-e_ident:
-	db 0x7F, "ELF", 1, 1, 1, 0
+bits 32
 
-e_padding:
-	; times 8 db 0
-	mov ax, 356
-	mov ebx, esp
-	jmp e_shoff
+	org 0x00200000
 
-e_type:
-	dw 2
-e_machine:
-	dw 3
-e_version:
-	xor ebx, ebx
-	jmp p_flags
-	; dd 1
-e_entry:
-	dd e_padding
-e_phoff:
-	dd phdr - $$
-e_shoff:
-e_flags:
+ehdr:
+	db 0x7f,"ELF"	; e_ident
+	; jg short jumptar
+	; dec esp
+	; inc esi
+
+	; machine numbers, padding
+_start.0:
+	mov ax, SYS_memfd_create
+	mov ebx, esp
 	int 0x80
 
-	mov al, sys_fork
-	pop ebp
+	mov al, SYS_fork
+	pop ecx
+
+			  ; e_type
+	jmp short ehdr.e_machine.mid
+	db	0
+	;dw	2			;!e_type
+	db	3
+ehdr.e_machine.mid:
+	add dl, dh ; 0x00 0xf2 ; benign garbage instruction
+	;dw	3			;!e_machine
 	int 0x80
-e_ehsize: ;begins halfway into jmp
-	jmp p_paddr
-	db 0
-	; dd 0
-	; dd 0
-	; dw ehdrsize
-e_phentsize:
-	dw phdrsize
-; e_phnum:
-; 	dw 1
-; e_shentsize:
-; 	dw 0
-; e_shnum:
-; 	dw 0
-; e_shstrndx:
-; 	dw 0
-
-ehdrsize      equ     $ - ehdr
-
-; ==================================
-; ========= PROGRAM HEADER =========
-; ==================================
-
-phdr: ; Elf32_Phdr
-
-p_type:
-	dd 1
-p_offset:
-	dd 0
-p_vaddr:
-	dd $$
-p_paddr:
-	test eax, eax
-	jz _child
-	; dd $$
-p_filesz:
-	jmp e_version
-	dw 0
-	; dd filesize
-p_memsz:
-	jmp e_version+4
-	dw 0
-	; dd filesize
-p_flags:
-	mov ax, sys_waitid
-p_align:
-	jmp _parent
-	dw 0
-
-phdrsize      equ     $ - phdr
-
-; ===========================
-; ========= CODE!!! =========
-; ===========================
+	;dd	0			; e_version
+	db 0xEB ; jmp short jumptar2
+	dd	_start	;!e_entry
+	dd	phdr - ehdr	;!e_phoff
+
+phdr:
+	dd	1			; e_shoff	;!p_type
+	dd	0			; e_flags	;!p_offset
+	dd	ehdr		; e_ehsize	;!p_vaddr
+					;!e_phentsize
+	dw	1			;!e_phnum	; p_paddr
+	;; TODO: put code here ; except that haxoring the filesize doesn't quite work
+	;; => TODO: try with phdr more at the end of the ehdr
+	dw	0			; e_shentsize
+	dd	filesize	; e_shnum	;~p_filesz	; can be larger than needed, but must be at least filesize
+					; e_shstrndx
+ehdr.end:
+	dd	filesize				;~p_memsz	; ^
 
 _start:
+	jmp short _start.0
+
+_child:
+	;~p_flags
+	mov ebx, __self
+		        ; p_align
+	;dd	5						;~p_flags	; MUST have AT LEAST 4 or 1 set
+	mov edi, ebx ; back up for (much) later
+	;dd	0						; p_align
+	dec ecx ; 0 == O_RDONLY
+	mov al, SYS_open
+	int 0x80
+
+	;fd1
+	push eax
 
-	; mov ax, 356
-	; mov ebx, esp
-	; int 0x80
+	; seek
+	mov al, SYS_lseek
+	pop ebx
+	push ebx
+	mov cl, filesize
+	int 0x80
+
+	jmp short _child.2
+
+;	times (0x47-($-ehdr)) db 0
+;jumptar:
+	;int3
 
-	; mov al, sys_fork
-	; pop ecx
-	; int 0x80
-	; test eax, eax
-	; jz _child
+	times (jumptar2_addr-($-ehdr)) db 0
+jumptar2:
+	test eax, eax
+	jz short _child
 
 _parent:
+	xor ebx, ebx
+	mov ax, SYS_waitid
 
-	; xor ebx, ebx
-	; mov ax, sys_waitid
 	mov si, 4
 	int 0x80
 
@@ -122,71 +111,88 @@ _parent:
 	mov dl, 16+8
 	add edx, esp
 
-	; execve demo
-	mov eax, sys_execve
+	;mov eax, SYS_open
+	;; mov ebx, ebx
+	;mov ecx, 4
+	;int 0x80
+
+	;mov ebx, eax
+	;mov eax, 3;SYS_read
+	;mov ecx, esp
+	;mov edx, filesize
+	;int 0x80
+
+	;mov edi, ebx
+	;mov ecx, esp
+	;mov eax, 4;SYS_write
+	;mov ebx, STDERR_FILENO
+	;;mov edx, filesize
+	;int 0x80
+
+	;mov ebx, edi
+	push SYS_execve
+	pop eax
 	mov ecx, esp ;use our args as args
 	int 0x80
 
-_child:
-	; open self
-	mov ebx, __self
-	mov al, sys_open ;open
-	int 0x80
-
-	;fd1
-	push eax
-
-	;seek
-	mov al, sys_lseek ;lseek
-	pop ebx
-	push ebx
-	mov cl, filesize
-	int 0x80
+_child.2:
 
 	;dup2 demo->stdout
-	mov al, sys_dup2
 	dec ebx
-	mov cl, 1 ;1 = stdout
+
+	mov al, SYS_dup2
+	mov cl, STDOUT_FILENO
 	int 0x80
 
 	;dup2 self->stdin
-	mov al, sys_dup2
+	mov al, SYS_dup2
 	pop ebx
-	dec ecx ; 1 minus 1 equals zero!
+	dec ecx ; 1 (STDOUT_FILENO) minus 1 equals zero! (STDIN_FILENO)
 	int 0x80
 
 	;execve
-	mov al, sys_execve
+	;push __zip ; one byte shorter
+	mov al, SYS_execve
 %ifdef USE_GZIP
-	mov	edi, __gzip
+	add edi, __zip-__self
+	mov ebx, edi
 %else
-	push 0
-	push __gzip
+	push ecx
+	add edi, __zip-__self
+	push edi
+	;push __zip ; one byte shorter
 	pop ebx
 	push ebx
 %endif
-	; use our arguments
-	mov	ecx, esp
+	mov ecx, esp
 	; xor rdx, rdx ;empty environ
 	int 0x80
 
-
-
-
-; ; ===========================
-; ; ========= STRINGS =========
-; ; ===========================
-
-__gzip:
+__self:
+	db '/proc/self/exe',0
+__memfd:
+	db '/dev/','fd/3',0
+__zip:
 %ifdef USE_GZIP
 	db '/bin/zcat',0
 %else
 	db '/usr/bin/xzcat',0
 %endif
-__self:
-	db '/proc/self/exe',0
-__memfd:
-	db '/dev/fd/3',0
 
-filesize	equ	 $ - $$
+END:
+
+filesize equ END - ehdr
+
+;%if jumptar-ehdr != 0x47
+;%error "Bad jumptar!"
+;%endif
+%if ehdr.e_machine.mid-ehdr != 0x13
+%error "Bad .e_machine.mid"
+%endif
+%if jumptar2-ehdr != jumptar2_addr
+%error "Bad jumptar2"
+%endif
+
+payload:
+;	incbin "payload.bin"