safesoftexe.asm

加密工具源码

	LOCAL sizeOfNotPackedShellL: DWORD
	LOCAL sizeOfFunkCodeL	:DWORD
	
	pushad
	invoke VirtualAlloc,NULL,20000h,MEM_COMMIT,PAGE_READWRITE
	.if eax == 0
		jmp  $Error
	.endif	
	mov mapOfShellBufferL,eax
	
	; create garbage
	invoke makeFunkCode,mapOfShellBufferL
	mov	sizeOfFunkCodeL , eax
	
	; read kernel
	mov ecx,$ShellEnd - $ShellStart
	mov sizeOfNotPackedShellL,ecx
	lea esi,$ShellStart
	mov edi,mapOfShellBufferL
	add edi,sizeOfFunkCodeL
	rep movsb
	
		
	;modify OEP
	mov ebx,mapOfShellBufferL
	add ebx,sizeOfFunkCodeL
	add ebx,oepG - $ShellStart
	mov edx,headerBaseG
	assume edx:ptr IMAGE_NT_HEADERS
	mov eax,dword ptr [edx].OptionalHeader.AddressOfEntryPoint
	mov dword ptr [ebx],eax
	
	;modify import table
	mov ebx,mapOfShellBufferL
	add ebx,sizeOfFunkCodeL
	add ebx,isProtectImpTableG - $ShellStart
	mov eax,isEncryptImportTableG
	mov dword ptr [ebx],eax
	.if isEncryptImportTableG == 0
		mov eax,dword ptr [edx].OptionalHeader.DataDirectory[SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress
		mov ebx,mapOfShellBufferL
		add ebx,sizeOfFunkCodeL
		add ebx, impTableAddressG - $ShellStart
		mov dword ptr [ebx],eax
	.else
	.endif
	
	;modify packsection
	mov ecx,0a0h
	lea esi,packSectionsG
	mov edi,mapOfShellBufferL
	add edi,sizeOfFunkCodeL
	add edi,packedSectionsG - $ShellStart
	rep movsb
		
	;size
	mov eax,sizeOfFunkCodeL
	add sizeOfNotPackedShellL,eax
	mov eax,sizeOfNotPackedShellL
	mov useOfShellBufferL,eax
	
	;read bios kernel
	mov ecx,$ShellEnd0 - $ShellStart0
	mov sizeOfShellL,ecx
	mov edi,mapOfShellG
	lea esi,$ShellStart0
	rep movsb
	
	;write kernel
	mov ecx,useOfShellBufferL
	add sizeOfShellL,ecx
	mov esi,mapOfShellBufferL
	rep movsb
	
	;modify data
	mov eax,imageSizeG
	add eax,importTableG - $ShellStart0
	mov ebx,mapOfShellG
	add ebx,importTableG - $ShellStart0
	add dword ptr [ebx],eax
	
	mov ebx,mapOfShellG
	add ebx,importRVA1G - $ShellStart0
	add dword ptr [ebx],eax
	
	mov ebx,mapOfShellG
	add ebx,importRVA2G - $ShellStart0
	add dword ptr [ebx],eax
	
	
	mov ebx,mapOfShellG
	add ebx,firstAddressG - $ShellStart0
	add dword ptr [ebx],eax
	
	
	mov ebx,mapOfShellG
	add ebx,secondAddressG - $ShellStart0
	add dword ptr [ebx],eax
	
	mov ebx,mapOfShellG
	add ebx,thirdAddressG - $ShellStart0
	add dword ptr [ebx],eax
	
	;
	mov ebx,mapOfShellG
	add ebx,shellBaseG - $ShellStart0
	mov eax,$ShellEnd0 - $ShellStart0
	mov dword ptr [ebx],eax
	
	mov ebx,mapOfShellG
	add ebx,sizeOfPackedShellG - $ShellStart0
	mov eax,sizeOfNotPackedShellL
	mov dword ptr [ebx],eax
	
	;add one section
	mov edi,headerBaseG
	assume edi:ptr IMAGE_NT_HEADERS
	mov eax,sectionTableBaseG
	movzx ecx,word ptr [edi].FileHeader.NumberOfSections
$ModifySectionCharact:
	or dword ptr [eax + 24h],0c0000000h
	add eax,28h
	loop $ModifySectionCharact
	mov esi,eax
	push edi
	mov edi,esi
	xor eax,eax
	mov ecx,28h
	rep stosb
	pop edi
	mov dword ptr [esi],'ycl.'
	invoke getIntegral,sizeOfShellL,sectionAlignmentG
	mov dword ptr [esi + 08h],eax
	mov eax,imageSizeG
	mov dword ptr [esi + 0ch],eax
	invoke getIntegral,sizeOfShellL,fileAlignmentG
	mov dword ptr [esi + 10h],eax
	mov eax,dword ptr [esi - 14h]
	add eax,dword ptr [esi - 18h]
	invoke getIntegral,eax,fileAlignmentG
	mov dword ptr [esi + 14h],eax
	mov dword ptr [esi + 24h],0c0000040h
	inc word ptr [edi].FileHeader.NumberOfSections
	
	;modify header
	mov eax,imageSizeG
	mov dword ptr [edi].OptionalHeader.AddressOfEntryPoint,eax
	invoke getIntegral,sizeOfShellL,sectionAlignmentG
	add eax,imageSizeG
	mov dword ptr [edi].OptionalHeader.SizeOfImage,eax
	mov eax,imageSizeG
	add eax,importTableG - $ShellStart0
	mov	dword ptr [edi].OptionalHeader.DataDirectory[SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress,eax
	mov	dword ptr [edi].OptionalHeader.DataDirectory[5*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress,0h
	mov	dword ptr [edi].OptionalHeader.DataDirectory[5*SIZEOF IMAGE_DATA_DIRECTORY].isize,0h
	mov	dword ptr [edi].OptionalHeader.DataDirectory[11*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress,0h
	mov	dword ptr [edi].OptionalHeader.DataDirectory[11*SIZEOF IMAGE_DATA_DIRECTORY].isize,0h
	mov	dword ptr [edi].OptionalHeader.DataDirectory[12*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress,0h
	mov	dword ptr [edi].OptionalHeader.DataDirectory[12*SIZEOF IMAGE_DATA_DIRECTORY].isize,0h
	mov	esi,dword ptr [edi].OptionalHeader.DataDirectory[9*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress
	
	.if esi != 0
		add esi,mapOfFileG
		mov eax,imageSizeG
		add eax,tlsTableG - $ShellStart0
		mov	dword ptr [edi].OptionalHeader.DataDirectory[9*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress,eax
		mov edi,mapOfShellG
		add edi,tlsTableG - $ShellStart0
		mov ecx,18h
		rep movsb
	.endif
	invoke VirtualFree,mapOfShellBufferL,0,MEM_RELEASE
	popad
	invoke getIntegral,sizeOfShellL,fileAlignmentG
	ret
$Error:
	popad	
	ret
	
disposeShell endp
encryptData PROC  hFileA:DWORD
	LOCAL memL :DWORD
	LOCAL memSizeL :DWORD
	LOCAL numberOfBytesL:DWORD
	LOCAL currentSizeL :DWORD
	
	pushad 
	mov currentSizeL ,0
	
	;header
	mov esi,headerBaseG
	assume esi:ptr IMAGE_NT_HEADERS
	mov edi,sectionTableBaseG
	.if isReCalcFileHeaderG == 1
		movzx eax,word ptr [esi].FileHeader.NumberOfSections
		inc eax
		mov ebx,28h
		xor edx,edx
		mul ebx
		mov ebx,sectionTableBaseG
		sub ebx,mapOfFileG
		add ebx,eax
		invoke getIntegral,ebx,fileAlignmentG
		mov ebx,eax
	.else
		mov ebx, dword ptr [edi + 14h]
	.endif	
	mov headerSizeG,ebx
	add currentSizeL,ebx
	invoke WriteFile,hFileA,mapOfFileG,ebx,addr numberOfBytesL,NULL
	
	;section
	movzx ecx,word ptr [esi].FileHeader.NumberOfSections
	mov esi,offset packSectionsG
$PackingNextSection:
	test ecx,ecx
	jz	$AllSectionsIsPacked
	jz	$SectionIsNotPacked
$SectionIsNotPacked:
	push ecx
	mov ecx,dword ptr [edi + 0ch]
	add ecx,mapOfFileG
	mov edx,currentSizeL
	mov dword ptr [edi + 14h],edx
	mov eax,dword ptr [edi + 10h]
	invoke getIntegral,eax,fileAlignmentG
	add currentSizeL,eax
	mov ebx,eax
	invoke WriteFile,hFileA,ecx,ebx,addr numberOfBytesL,NULL
	pop ecx
	
	add edi,28h
	dec ecx
	jmp $PackingNextSection
$AllSectionsIsPacked:
	popad
	ret		
    
encryptData endp

clsString	PROC	sourceA:DWORD
	push	esi
	push	edi
	push	ecx
	mov	esi,sourceA
	mov	edi,sourceA
	xor	eax,eax
	xor	ecx,ecx
$ClsNextByte:
	lodsb
	.if	eax!=0
		xor	al,al
		stosb
		inc	ecx
	.else
		jmp	$AllByteCls
	.endif
	xor	eax,eax
	jmp	$ClsNextByte
$AllByteCls:
	mov	eax,ecx
	pop	ecx
	pop	edi
	pop	esi
	ret
clsString	endp
moveString	PROC	sourceA:DWORD,targetA:DWORD
	push	edi
	push	esi
	push	ecx
	mov	edi,targetA
	mov	esi,sourceA
	xor	eax,eax
	xor	ecx,ecx
$MoveNextByte:
	lodsb
	.if	eax!=0
		stosb
		inc	ecx
	.else
		jmp	$AllByteMoved
	.endif
	xor	eax,eax
	jmp	$MoveNextByte
$AllByteMoved:
	mov	eax,ecx
	pop	ecx
	pop	esi
	pop	edi
	ret
moveString	endp

makeFunkCode	PROC	funcCodeBaseA:DWORD
  	LOCAL	funkCodeSizeL:DWORD
  	
	pushad
	mov	funkCodeSizeL,0h
	mov	ecx,100h
	mov	edi,funcCodeBaseA
$MakeNextFunkCode:
	push	ecx
	rdtsc
	and	eax,7h
	.if	eax == 0
		lea	esi,Junk_Code_1_Start
		mov	ecx,Junk_Code_1_End-Junk_Code_1_Start
		add	funkCodeSizeL,ecx
		rep	movsb
	.elseif	eax == 1
		lea	esi,Junk_Code_2_Start
		mov	ecx,Junk_Code_2_End-Junk_Code_2_Start
		add	funkCodeSizeL,ecx
		rep	movsb
	.elseif	eax == 2
		lea	esi,Junk_Code_3_Start
		mov	ecx,Junk_Code_3_End-Junk_Code_3_Start
		add	funkCodeSizeL,ecx
		rep	movsb
	.elseif	eax == 3
		lea	esi,Junk_Code_4_Start
		mov	ecx,Junk_Code_4_End-Junk_Code_4_Start
		add	funkCodeSizeL,ecx
		rep	movsb
	.elseif	eax == 4
		lea	esi,Junk_Code_5_Start
		mov	ecx,Junk_Code_5_End-Junk_Code_5_Start
		add	funkCodeSizeL,ecx
		rep	movsb
	.elseif	eax == 5
		lea	esi,Junk_Code_6_Start
		mov	ecx,Junk_Code_6_End-Junk_Code_6_Start
		add	funkCodeSizeL,ecx
		rep	movsb
	.elseif	eax == 6
		lea	esi,Junk_Code_7_Start
		mov	ecx,Junk_Code_7_End-Junk_Code_7_Start
		add	funkCodeSizeL,ecx
		rep	movsb
	.elseif	eax == 7
		lea	esi,Junk_Code_8_Start
		mov	ecx,Junk_Code_8_End-Junk_Code_8_Start
		add	funkCodeSizeL,ecx
		rep	movsb
	.endif
	
	xor	eax,eax
	pop	ecx
	dec	ecx
	jnz	$MakeNextFunkCode
	popad
	mov	eax,funkCodeSizeL
	ret
makeFunkCode	endp
end start