shell.asm

此为本书的配套光盘.本书结合实例

.386
.model flat, stdcall
option casemap:none

include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\comdlg32.inc
include \masm32\include\shell32.inc
include \masm32\include\imagehlp.inc

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\comdlg32.lib
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\imagehlp.lib

include \masm32\include\windows.inc
include resource.inc
include jacket.inc
DlgProc PROTO :HWND, :UINT, :WPARAM, :LPARAM
GetApiA        proto    :DWORD,:DWORD 

;------------ CONST ---------
.const
EntryPointEncry_FLAG    equ 1
ERASE_HEADER_FLAG       equ 2
DESTROY_IMPORT_FLAG     equ 4
HookReadMemory_FLAG     equ 8
ChangeSectionName_FLAG  equ 16
API_REDIRECT_FLAG       equ 32
VA_SHARED                EQU 08000000h ; Matt Pietrek
HOOK_PROC_SIZE           EQU OFFSET HookProcEnd - OFFSET HookProc
RPM_API_ENTRY_CODE       EQU DB 055h, 08Bh, 0ECh, 056h, 057h
SEC_PER_SIZE            EQU 030h




;------------ DATA ----------
.data
MyEnCryptFunctionName	db "GetMyEncryptFunction"
MyDeCryptFunctionName	db "GetMyDecryptFunction"
NameFuncaddr				dd 0
FunctionAddrRva			dd 0
myBase							dd 0
NumberOfNames				dd 0
My_Shell_CRYPT_BEGIN db 0EBh,08h,0EBh,005h,090h,090h,090h,090h,089h,001h
My_Shell_CRYPT_END db 0EBh,08h,0EBh,005h,090h,090h,090h,090h,099h,001h
Search_Addr					dd 0
Search_Size					dd 0
Begain_Flag_Addr			dd 0
End_Flag_Addr				dd 0
pMem                    dd 0
dwFsize                 dd 0
hInst                   dd 0
hDLG                    dd 0
ofn                     OPENFILENAME <>
cFname           	db MAX_PATH dup (0)
szFilter                db "ExE files",0,"*.exe",0,"All files",0,"*.*",0,0
szCurDir                db ".",0
szNoFile                db "没有选择文件!",0
mdo db "已经修改过了,不需要再修改!",0
mtitle   db "注意:",0
mwerr		db "无法写入错误，请册除这个文件",0
msectionbig		db "无法进行下去,原因是不能添加新节了,",0
mopenerr		db "没有找到文件",0
mnope			db "不是PE文件,无法进行",0
mok               db "修改完成",0
mduiqierr  db "段对齐错误,需要用peedior重建立pe文件头才可在2000下用",0
MsizeErr		db "文件尺寸错误",0
MMemErr		db "分配内存错误",0
MEncryptEntryPointCodeErr db "无法转化入口RAV值",0
MExportTableErr db "没有输出表",0



checker_len         dd        0 
Section_addr        dd        0
des_basein          dd        0
hFile 		    dd 	      0 
PE_head             IMAGE_NT_HEADERS    <0> 
Section_table       db        280h dup (0)
Head_len      	dd        0;sizeof PE_head+sizeof Section_table
pe_header_off 	    dd 	      0 ;存储文件头相对文件的偏移量
PE_head_addr        dd        0
byte_read	    dd        0
byte_write dd 0 ;WriteFile时使用，没有实际用途，为了程序正确
temp_virt_addr dd 0
temp_raw_size	dd 0

    my_section     struc
    sec_name        db      '.PLL621',0                   ; 块名
    virt_size       dd      0               ; 块长
    virt_addr       dd      0               ; 该块RVA地址
    raw_size        dd      0               ; 该块物理长度
    raw_offset      dd      0               ; 该块物理偏移
                    dd      0,0,0           ; 未用
    sec_flags       dd      0E0000020h      ; 属性 
    my_section    ends
    new_section    my_section <>

;------------ CODE ----------
.code

include code.ASM



main:
	invoke GetModuleHandle,0
	mov hInst,eax
	invoke DialogBoxParam,eax,IDD_MAINDLG,0,offset DlgProc,0
THEEND:
	invoke ExitProcess,0

DlgProc proc hDlg:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
	LOCAL  hDrop : HANDLE

	pushad
	.IF uMsg == WM_INITDIALOG
	   invoke LoadIcon,hInst,IDI_ICON
	   invoke SendMessage,hDlg,WM_SETICON,TRUE,eax
	   push hDlg
	   pop hDLG
	   invoke DragAcceptFiles,hDlg,TRUE
	   
	.ELSEIF uMsg == WM_DROPFILES
	   push wParam
	   pop hDrop
	   invoke DragQueryFile,hDrop,0,offset cFname,sizeof cFname
	   invoke DragFinish,hDrop
	   invoke SetDlgItemText,hDlg,IDC_TARGETFILE,offset cFname
	   
	.ELSEIF uMsg == WM_COMMAND
           mov eax,wParam
           
           .IF ax == IDC_CLOSE
              invoke SendMessage,hDlg,WM_CLOSE,NULL,NULL
              
	   .ELSEIF ax == IDC_CHOOSEFILE
	      ; get a file path
	      mov ofn.lStructSize,SIZEOF ofn 
	      mov ofn.lpstrFilter,offset szFilter
	      push hDlg
	      pop ofn.hwndOwner
	      mov ofn.lpstrFile, offset cFname 
	      mov ofn.nMaxFile,SIZEOF cFname
	      mov ofn.lpstrInitialDir,offset szCurDir
	      mov ofn.Flags, OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST or OFN_LONGNAMES or OFN_HIDEREADONLY
	      push offset ofn
	      call GetOpenFileName
	      test eax,eax
	      jz @@ExitDlgProc
	      invoke SetDlgItemText,hDlg,IDC_TARGETFILE,offset cFname  
	                  
	   .ELSEIF ax == IDC_CRYPT
	      ; ----- was a file selected ? -----
	      mov eax,offset cFname
	      .IF byte ptr [eax] == 0
	         invoke MessageBox,hDlg,offset szNoFile,offset mtitle,MB_ICONERROR
	         jmp @@ExitDlgProc
	      .ENDIF
	      
	      push edi
	      push hDlg
	      push offset cFname
	      call CryptFile
	   .ENDIF
	   
	.ELSEIF uMsg == WM_CLOSE
	   invoke EndDialog,hDlg,0
	.ENDIF
	popad
	
  @@ExitDlgProc:
	xor eax,eax
	ret
DlgProc endp
Protectcode		;插入到程序里面代码的宏
end main