lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

>Duh, and I hoped I got it: with this how should the UNITARYLUACORE.EXE 
>know, where the code of the Lua file starts? 

You can compute the size (or, at least, the "proper" -- more accurately, 
"minimum" -- size) of a Windows EXE (PE file) at runtime from the 
headers.
 
Or you could just patch the UNICORE.EXE one time after building it to save 
its as-linked size inside the binary. (A quick and really dirty way to do 
this is to use an unused DWORD at a fixed offset in the header of the DOS 
stub at the front of the PE file. Offset 0x38 is typically fine, at least 
for MinGW's DOS stub.)

> GLUE SRLUA.EXE MYMALWARECOUNTERHACK.LUA FIXWORM.EXE > > 
> seems also to be bearable

Using a GLUE-like program instead of simple concatenation allows you to 
build some safeguards into the loading process, such as the GLUESIG string 
in Luiz's code. Probably the most likely hassle with my hack above is that 
you need to assume that the code you are going to lua_load() is all the 
bytes from "offset 0x38" to the end of the file. (You aren't saving the 
size, as Luiz's code does in "Glue.size2".)

And PE files can easily pick up extra bytes during their lifetime. Two 
common reasons are: infection by a virus followed by disinfection; buggy
archive extractors leaving trailing zero bytes which don't get chopped 
off at the end of their decompression/decoder loop.

If you want to try making a "COPY /B-able" srlua, try replacing the load() 
function in srlua.c with something like this:

---cut---

static void load(lua_State *L, const char *name)
{
 long pos;
 State S;

 FILE *f=fopen(name,"rb");
 if (f==NULL) cannot("open");
 if (fseek(f,0x38L,SEEK_SET)!=0) cannot("seek");
 if (fread(&pos,sizeof(pos),1,f)!=1) cannot("read");
 if (fseek(f,0L,SEEK_END)!=0) cannot("seek");
 S.size = ftell(f) - pos;
 if (fseek(f,pos,SEEK_SET)!=0) cannot("seek");
 S.f=f;
 if (lua_load(L,myget,&S,name)!=0) lua_error(L);
}

---cut---

You will need to build SRLUA.EXE, record its size and then hand-patch 
offset 0x38 in the file. If you don't have a hex editor handy then I 
thoroughly recommend Frhed (http://www.kibria.de/frhed.htm, 
Windows-specific), or bvi (Unixeque but should build on Windows, at least 
using Cygwin). It is fine to UPX the SRLUA.EXE file before patching it. 
That makes it a lot smaller on disk.