From 0e4a32b2ec510010efe7672c5e5dbfaea4a9e86a Mon Sep 17 00:00:00 2001
From: Pavel Tomin <_xyz_@mail.ru>
Date: Tue, 1 Aug 2023 20:55:52 +0500
Subject: [PATCH] Add new sample to PE/x86/SmallBinaries (strcpy(12340034,
 ecx))

---
 .../PE/x86/SmallBinaries/strcpyEcxChain.bin   | Bin 0 -> 54 bytes
 .../SmallBinaries/strcpyEcxChain.dcproject    |  23 ++++++++++++++++++
 .../strcpyEcxChain_code.asm                   |  22 +++++++++++++++++
 .../strcpyEcxChain.reko/strcpyEcxChain_code.c |  17 +++++++++++++
 .../strcpyEcxChain_code.dis                   |  18 ++++++++++++++
 5 files changed, 80 insertions(+)
 create mode 100644 subjects/PE/x86/SmallBinaries/strcpyEcxChain.bin
 create mode 100644 subjects/PE/x86/SmallBinaries/strcpyEcxChain.dcproject
 create mode 100644 subjects/PE/x86/SmallBinaries/strcpyEcxChain.reko/strcpyEcxChain_code.asm
 create mode 100644 subjects/PE/x86/SmallBinaries/strcpyEcxChain.reko/strcpyEcxChain_code.c
 create mode 100644 subjects/PE/x86/SmallBinaries/strcpyEcxChain.reko/strcpyEcxChain_code.dis

diff --git a/subjects/PE/x86/SmallBinaries/strcpyEcxChain.bin b/subjects/PE/x86/SmallBinaries/strcpyEcxChain.bin
new file mode 100644
index 0000000000000000000000000000000000000000..c8367e198c202ed496b558976abb47586bb48324
GIT binary patch
literal 54
zcmeDFxyyvXM5y`Xf8zt6)_uRI{j>Xf_rdO82VXLMUfO-4`62V?C5O)-K(QeML$MJ6
Dn}Q)b

literal 0
HcmV?d00001

diff --git a/subjects/PE/x86/SmallBinaries/strcpyEcxChain.dcproject b/subjects/PE/x86/SmallBinaries/strcpyEcxChain.dcproject
new file mode 100644
index 0000000000..c8e97439c8
--- /dev/null
+++ b/subjects/PE/x86/SmallBinaries/strcpyEcxChain.dcproject
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemata.jklnet.org/Reko/v5">
+  <arch>x86-protected-32</arch>
+  <input>
+    <location>strcpyEcxChain.bin</location>
+    <asmDir>strcpyEcxChain.reko</asmDir>
+    <srcDir>strcpyEcxChain.reko</srcDir>
+    <includeDir>strcpyEcxChain.reko</includeDir>
+    <resources>strcpyEcxChain.reko\resources</resources>
+    <user>
+      <address>12340000</address>
+      <loader>raw</loader>
+      <processor name="x86-protected-32" />
+      <platform name="default" />
+      <procedure name="fn12340000">
+        <address>12340000</address>
+      </procedure>
+      <registerValues />
+      <extractResources>false</extractResources>
+      <outputFilePolicy>Segment</outputFilePolicy>
+    </user>
+  </input>
+</project>
\ No newline at end of file
diff --git a/subjects/PE/x86/SmallBinaries/strcpyEcxChain.reko/strcpyEcxChain_code.asm b/subjects/PE/x86/SmallBinaries/strcpyEcxChain.reko/strcpyEcxChain_code.asm
new file mode 100644
index 0000000000..372aea2f07
--- /dev/null
+++ b/subjects/PE/x86/SmallBinaries/strcpyEcxChain.reko/strcpyEcxChain_code.asm
@@ -0,0 +1,22 @@
+;;; Segment code (12340000)
+
+;; fn12340000: 12340000
+fn12340000 proc
+	mov	edi,ecx
+	mov	edx,12340034h
+	or	ecx,0FFh
+	xor	eax,eax
+	repne scasb
+	not	ecx
+	sub	edi,ecx
+	mov	esi,edi
+	mov	eax,ecx
+	mov	edi,edx
+	shr	ecx,2h
+	rep movsd
+	mov	ecx,eax
+	and	ecx,3h
+	rep movsb
+	ret
+12340025                CC CC CC CC CC CC CC CC CC CC CC      ...........
+12340030 73 31 00 00 73 32                               s1..s2          
diff --git a/subjects/PE/x86/SmallBinaries/strcpyEcxChain.reko/strcpyEcxChain_code.c b/subjects/PE/x86/SmallBinaries/strcpyEcxChain.reko/strcpyEcxChain_code.c
new file mode 100644
index 0000000000..80db80d475
--- /dev/null
+++ b/subjects/PE/x86/SmallBinaries/strcpyEcxChain.reko/strcpyEcxChain_code.c
@@ -0,0 +1,17 @@
+// strcpyEcxChain_code.c
+// Generated by decompiling strcpyEcxChain.bin
+// using Reko decompiler version 0.11.4.0.
+
+#include "strcpyEcxChain.h"
+
+// 12340000: void fn12340000(Register (ptr32 char) ecx)
+void fn12340000(char * ecx)
+{
+	Eq_n size_n = strlen(ecx) + 1;
+	word32 edi_n = ecx + size_n - size_n;
+	Eq_n size_n = (size_n >> 0x02) * 0x04;
+	memcpy(&g_t12340034, edi_n, size_n);
+	memcpy((word32) size_n + 0x12340034, edi_n + size_n, size_n & 0x03);
+}
+
+Eq_n g_t12340034 = // 12340034;
diff --git a/subjects/PE/x86/SmallBinaries/strcpyEcxChain.reko/strcpyEcxChain_code.dis b/subjects/PE/x86/SmallBinaries/strcpyEcxChain.reko/strcpyEcxChain_code.dis
new file mode 100644
index 0000000000..8dcab208e3
--- /dev/null
+++ b/subjects/PE/x86/SmallBinaries/strcpyEcxChain.reko/strcpyEcxChain_code.dis
@@ -0,0 +1,18 @@
+void fn12340000(word32 ecx)
+// stackDelta: 0; fpuStackDelta: 0; fpuMaxParam: -1
+
+// MayUse:  ecx:[0..31]
+// LiveOut:
+// Trashed: SCZO eax ecx edi edx esi
+// Preserved: esp
+fn12340000_entry:
+l12340000:
+	word32 size_8 = strlen(ecx) + 1<i32>
+	word32 edi_12 = ecx + size_8 - size_8
+	word32 size_17 = (size_8 >>u 2<32>) *u 4<32>
+	memcpy(0x12340034<32>, edi_12, size_17)
+	memcpy(size_17 + 0x12340034<32>, edi_12 + size_17, size_8 & 3<32>)
+	return
+fn12340000_exit:
+
+