safesoftexe.asm

加密工具源码

.586
.model flat, stdcall  ;32 bit memory model
option casemap :none  ;case sensitive

include SafeSoftExe.inc

.code

include shellCode.asm
start:

	invoke GetModuleHandle,NULL
	mov		hInstance,eax

    invoke InitCommonControls
	invoke DialogBoxParam,hInstance,IDD_MAIN_DIALOG,NULL,addr DlgProc,NULL
	invoke ExitProcess,0

;########################################################################

DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM

	mov		eax,uMsg
	.if eax==WM_INITDIALOG
		invoke protectFile,addr nameOfFileG
	.elseif eax==WM_COMMAND

	.elseif eax==WM_CLOSE
		invoke EndDialog,hWin,0
	.else
		mov		eax,FALSE
		ret
	.endif
	mov		eax,TRUE
	ret

DlgProc endp

protectFile proc  fileNameA:DWORD
	
	LOCAL readBufferL :DWORD
	LOCAL numberOfByteL : DWORD
	LOCAL hFileL :DWORD
	
	pushad
	invoke CreateFile, fileNameA,GENERIC_WRITE + GENERIC_READ,FILE_SHARE_READ + FILE_SHARE_WRITE,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
	cmp eax,INVALID_HANDLE_VALUE
	jz	$Error
	mov hFileL,eax

;------------------------------------------------------------------------------------	
;reading section
	
	;alloc memory
	mov readBufferL, 0
	invoke SetFilePointer,hFileL, 3ch,NULL,FILE_BEGIN
	invoke ReadFile,hFileL,addr readBufferL, 4, addr numberOfByteL,NULL
	mov eax,readBufferL
	mov esi,eax
	add eax, 50h
	invoke SetFilePointer,hFileL,eax, NULL,FILE_BEGIN
	invoke ReadFile,hFileL,addr imageSizeG, 4,addr numberOfByteL,NULL	
	invoke VirtualAlloc,NULL,imageSizeG,MEM_COMMIT,PAGE_READWRITE
	test  eax,eax
	jz	$Error
	mov mapOfFileG, eax
	
	;read pe header
	mov eax,esi
	add eax,54h
	invoke SetFilePointer,hFileL,eax,NULL,FILE_BEGIN
	invoke ReadFile,hFileL,addr readBufferL,4,addr numberOfByteL,NULL
	invoke SetFilePointer,hFileL,0,NULL, FILE_BEGIN
	invoke ReadFile,hFileL,mapOfFileG,readBufferL,addr numberOfByteL,NULL
	
	;read some value
	mov eax, mapOfFileG
	add eax,esi
	mov	headerBaseG, eax
	mov edi,headerBaseG
	assume edi: ptr IMAGE_NT_HEADERS
	mov eax,dword ptr [edi].OptionalHeader.ImageBase
	mov imageBaseG,eax
	
	;read sections
	mov edi ,headerBaseG
	assume edi :ptr IMAGE_NT_HEADERS
	mov	eax, dword ptr [edi].OptionalHeader.FileAlignment
	mov	fileAlignmentG, eax
	.if isFileAlignmentG == 1
		mov fileAlignmentG , 200h
		mov dword ptr [edi].OptionalHeader.FileAlignment,200h		
	.endif
	mov eax,dword ptr [edi].OptionalHeader.SectionAlignment
	mov sectionAlignmentG,eax
	movzx ecx,word ptr [edi].FileHeader.NumberOfSections
	movzx esi,word ptr [edi].FileHeader.SizeOfOptionalHeader
	add	esi,edi
	add esi,18h
	mov	sectionTableBaseG,esi
$LoadSections:
	push ecx
	mov eax,dword ptr [esi +14h]
	invoke SetFilePointer,hFileL,eax,NULL,FILE_BEGIN
	mov ecx,dword ptr [esi +0ch]
	add ecx,mapOfFileG
	mov ebx,dword ptr [esi + 10h]
	invoke ReadFile,hFileL,ecx,ebx,addr numberOfByteL,NULL
	mov ebx,dword ptr [esi + 08h]
	invoke getIntegral,ebx,sectionAlignmentG
	mov dword ptr [esi + 08h],eax
	add esi,28h
	pop ecx
	loop $LoadSections
	
	invoke getIntegral,imageSizeG,sectionAlignmentG
	mov imageSizeG,eax
	mov dword ptr [edi].OptionalHeader.SizeOfImage,eax
	
	;read extra data
	mov eax , isSaveDataExG
	.if eax == 1
		invoke GetFileSize,hFileL,0
		sub esi,28h
		sub eax,dword ptr [esi + 14h]
		sub eax,dword ptr [esi + 10h]
		.if eax != 0
			cdq
			.if edx == 0
				mov edi,eax
				invoke VirtualAlloc,NULL,edi,MEM_COMMIT,PAGE_READWRITE
				.if eax == 0
					jmp $Error
				.endif
				mov mapOfDataExG,eax
				invoke ReadFile,hFileL,mapOfDataExG,edi,addr numberOfByteL,NULL
				mov eax,numberOfByteL
				mov mapOfDataExUsedG,eax				
			.endif
		.endif
	.endif
	invoke CloseHandle,hFileL
	
	;clear relocation table
	.if isClsRelocTableG == 1
		;invoke clsRelocTable	
	.endif

	;encrypt import table
	.if isEncryptImportTableG == 1
		invoke VirtualAlloc,NULL,0a000h,MEM_COMMIT,PAGE_READWRITE
		.if eax == 0
			jmp $Error
		.endif
		mov mapOfEncpytImpG, eax
		invoke encpytImpTable
		mov mapOfEncryptImpUsedG,eax
		invoke clsImportTable		
	.endif
	
;------------------------------------------------------------------------------------	
;writing section

	;write encrypt data
	invoke VirtualAlloc,NULL,100000h,MEM_COMMIT,PAGE_READWRITE
	.if eax == 0
		jmp $Error
	.endif
	mov encryptBufferG,eax
	invoke CreateFile,fileNameA,GENERIC_READ + GENERIC_WRITE,FILE_SHARE_READ + FILE_SHARE_WRITE,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL
	mov hFileL,eax
	invoke encryptData,hFileL
		
	;deal with shell
	invoke VirtualAlloc,NULL,20000h,MEM_COMMIT,PAGE_READWRITE
	.if eax == 0
		jmp $Error
	.endif
	mov mapOfShellG,eax
	invoke disposeShell
	mov	mapOfShellUsedG,eax
	
	;write shell
	push eax
	mov ebx,esp
	invoke WriteFile,hFileL,mapOfShellG,mapOfShellUsedG,ebx,NULL
	add esp ,4h
	
	;write header of files
	invoke SetFilePointer,hFileL,0h,NULL,FILE_BEGIN
	mov esi,headerBaseG
	assume esi: ptr IMAGE_NT_HEADERS
	mov ebx,headerSizeG
	invoke WriteFile,hFileL,mapOfFileG,ebx,addr numberOfByteL,NULL
	
	;write extra data
	invoke SetFilePointer,hFileL,0h,NULL,FILE_END
	invoke WriteFile,hFileL,mapOfDataExG,mapOfDataExUsedG,addr numberOfByteL,NULL
	
	;close handle
	invoke CloseHandle,hFileL
	invoke VirtualFree,encryptBufferG,0,MEM_RELEASE
	invoke VirtualFree,mapOfFileG,0,MEM_RELEASE
	.if mapOfEncpytImpG != 0
		invoke VirtualFree,mapOfEncpytImpG,0,MEM_RELEASE
	.endif
	.if mapOfDataExG != 0
		invoke VirtualFree,mapOfDataExG,0,MEM_RELEASE
	.endif
	
	lea edi,encryptBufferG
	mov ecx,dataEndG - encryptBufferG
	xor eax,eax
	rep stosb
	
	invoke MessageBox,NULL,addr successMsgG,addr titleG,MB_OK
	popad
	
	ret	
	
$Error:
	invoke MessageBox,NULL,addr failMsgG,addr titleG,MB_OK
	popad	
	xor eax,eax
	ret
	
protectFile endp

getIntegral	PROC	sourceA:DWORD,alignmentA:DWORD
	push	edx
	push	ecx
	mov	eax,sourceA
	mov	ecx,alignmentA
	xor	edx,edx
	div	ecx
	.if   edx!=0
		inc eax	
	.endif
	xor	edx,edx
	mul	alignmentA
	pop	ecx
	pop	edx
	ret
getIntegral	endp

encpytImpTable PROC
	
	mov	edx,headerBaseG
	assume	edx : ptr IMAGE_NT_HEADERS
	mov	edx,dword ptr [edx].OptionalHeader.DataDirectory[SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress
	add	edx,mapOfFileG		
	mov	edi,mapOfEncpytImpG
	mov	eax,dword ptr [edx+10h]
	.while	eax!=0
		mov	dword ptr [edi],eax
		add	edi,4h
		inc	edi		
		mov	esi,dword ptr [edx+0ch]
		add	esi,mapOfFileG
		invoke	moveString,esi,edi
		mov	byte ptr [edi-1],al
		add	edi,eax
		inc	edi		
		mov	ecx,edi		
		add	edi,4h	
		mov	esi,dword ptr [edx]
		.if	esi == 0
			mov	esi,dword ptr [edx+10h]
		.endif
		add	esi,mapOfFileG
		mov	eax,dword ptr [esi]
		.while	eax
			push	edx
			cdq
			.if	edx == 0
				add	eax,mapOfFileG
				add	eax,2h
				inc	edi
				invoke	moveString,eax,edi
				mov	byte ptr [edi-1],al
				add	edi,eax
				inc	edi		
			.else
				inc	edi
				and	eax,7fffffffh
				mov	dword ptr [edi],eax
				add	edi,5h
			.endif
			pop	edx
			inc	dword ptr [ecx]
			add	esi,4h
			mov	eax,dword ptr [esi]
		.endw
		add	edx,14h
		mov	eax,dword ptr [edx+10h]
	.endw
	sub	edi,mapOfEncpytImpG
	add	edi,4h
	mov	eax,edi
	
	ret

encpytImpTable endp

clsImportTable PROC

	pushad
	mov	edi,headerBaseG
	assume	edi : ptr IMAGE_NT_HEADERS
	mov	edi,dword ptr [edi].OptionalHeader.DataDirectory[SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress
	add	edi,mapOfFileG		
	mov	eax,dword ptr [edi+0ch]
	.while	eax!=0
		add	eax,mapOfFileG
		invoke	clsString,eax
		mov	esi,dword ptr [edi]
		.if	esi == 0
			mov	esi,dword ptr [edi+10h]
		.endif
		add	esi,mapOfFileG
		xor	ecx,ecx
		mov	eax,dword ptr [esi]
		.while	eax !=0
			cdq
			.if	edx == 0
				add	eax,mapOfFileG
				mov	word ptr [eax],0h
				add	eax,2h
				invoke	clsString,eax
			.endif
			inc	ecx
			mov	dword ptr [esi],0h
			add	esi,4h
			mov	eax,dword ptr [esi]
		.endw
		xor	eax,eax
		push	edi
		mov	edi,dword ptr [edi+10h]
		add	edi,mapOfFileG
		rep	stosd
		pop	edi
		mov	ecx,14h
		rep	stosb
		mov	eax,dword ptr [edi+0ch]
	.endw
	popad
	
	ret

clsImportTable endp
disposeShell PROC
	
	LOCAL mapOfShellBufferL :DWORD
	LOCAL useOfShellBufferL :DWORD
	LOCAL sizeOfShellL		:DWORD