📄 exelockdlg.cpp
字号:
sectionBY.Name[3]='Y';
sectionBY.Name[4]='U';
sectionBY.Name[5]=sectionBY.Name[6]=sectionBY.Name[7]=0;
//内存地址
sectionBY.Misc.VirtualSize=0x1000;
sectionBY.VirtualAddress +=sectionBY.SizeOfRawData ;
dwSectionPading=sectionBY.VirtualAddress % ntHeader.OptionalHeader.SectionAlignment;
if(dwSectionPading)dwSectionPading=ntHeader.OptionalHeader.SectionAlignment-dwSectionPading;
sectionBY.VirtualAddress +=dwSectionPading;
sectionBY.PointerToRawData+=sectionBY.SizeOfRawData + dwSectionPading;
sectionBY.SizeOfRawData =0x1000;
sectionBY.Characteristics=0x60000020;
sectionBY.NumberOfLinenumbers=0;
sectionBY.PointerToLinenumbers=0;
sectionBY.NumberOfRelocations=0;
sectionBY.PointerToRelocations =0;
file.Write(§ionBY,sizeof(IMAGE_SECTION_HEADER));
//写入Section 完了
dwitImageBase=ntHeader.OptionalHeader.ImageBase;
dwMyImageBase=ntHeader.OptionalHeader.ImageBase;
dwMySectionVirtualAddress=sectionBY.VirtualAddress;
ntHeaderBY=ntHeader;
ntHeaderBY.FileHeader.NumberOfSections+=1;
ntHeaderBY.OptionalHeader.AddressOfEntryPoint=dwMySectionVirtualAddress+0x000;
ntHeaderBY.OptionalHeader.SizeOfCode +=0x1000;
ntHeaderBY.OptionalHeader.SizeOfImage+=0x2000;
ntHeaderBY.OptionalHeader.DataDirectory[1].VirtualAddress=dwMySectionVirtualAddress+0x64C;
ntHeaderBY.OptionalHeader.DataDirectory[1].Size =0x3c;
file.Seek(dosHeader.e_lfanew,CFile::begin);
file.Write(&ntHeaderBY,sizeof(IMAGE_NT_HEADERS));
//写入文件头完了
//写入壳代码段
UCHAR codeBY[0x0C00];
UCHAR *pspading;
DWORD dwtmp;
if(!LoadSheller(codeBY))
return;
if(dwSectionPading)
{
pspading=new UCHAR[dwSectionPading];
memset(pspading,0,dwSectionPading);
file.SeekToEnd();
file.Write(pspading,dwSectionPading);
}
const INT nCodeNeedToChangeCount=59;
UINT nCodeNeedToChangeIndex[][2]=
{
{0x0008,0x3008},{0x0012,0x300C},{0x001A,0x300C},{0x0022,0x3008},
{0x0048,0x114E},{0x0072,0x10CA},{0x00F2,0x3010},{0x00F7,0x10CA},
{0x0103,0x3000},{0x010B,0x3000},{0x0116,0x3000},{0x016E,0x3032},
{0x0174,0x3004},{0x017E,0x3046},{0x0183,0x3032},{0x01A2,0x305E},
{0x01AF,0x3056},{0x01B5,0x305E},{0x01FA,0x3010},{0x01FF,0x11E0},
{0x021C,0x3066},{0x0225,0x3062},{0x022B,0x3056},{0x0230,0x3062},
{0x0254,0x3066},{0x0269,0x3062},{0x0275,0x3056},{0x0289,0x305A},
{0x028F,0x3056},{0x033C,0x3010},{0x0341,0x12BE},{0x03BC,0x135E},
{0x03C1,0x138B},{0x03EC,0x1388},{0x03F1,0x1394},{0x0400,0x3004},
{0x041E,0x136A},{0x0423,0x139B},{0x0448,0x1374},{0x044D,0x139B},
{0x0475,0x137E},{0x047A,0x139B},
{0x04CA,0x2040},{0x04D0,0x2030},{0x04D6,0x2038},{0x04DC,0x2034},
{0x04E2,0x201C},{0x04E8,0x202C},{0x04EE,0x2020},{0x04F4,0x2018},
{0x04FA,0x203C},{0x0500,0x2044},{0x0506,0x2024},{0x050C,0x2028},
{0x0512,0x200C},{0x0518,0x2008},{0x051E,0x2010},{0x0524,0x2004},
{0x052A,0x2000},
};
for(i=0;i<nCodeNeedToChangeCount;i++)
{
dwItCodeVirtualAddress=nCodeNeedToChangeIndex[i][1];
if(dwItCodeVirtualAddress>=0x3000)
dwItCodeVirtualAddress-=(0x3000-0x0a00);
else if(dwItCodeVirtualAddress>=0x2000)
dwItCodeVirtualAddress-=(0x2000-0x0600);
else
dwItCodeVirtualAddress-=0x1000;
dwtmp=dwItCodeVirtualAddress;
dwtmp+=dwMyImageBase;
dwtmp+=dwMySectionVirtualAddress;
codeBY[nCodeNeedToChangeIndex[i][0]]=LOBYTE(LOWORD(dwtmp));
codeBY[nCodeNeedToChangeIndex[i][0]+1]=HIBYTE(LOWORD(dwtmp));
codeBY[nCodeNeedToChangeIndex[i][0]+2]=LOBYTE(HIWORD(dwtmp));
codeBY[nCodeNeedToChangeIndex[i][0]+3]=HIBYTE(HIWORD(dwtmp));
}
//写入壳Import段
const UINT nImportNeedToChangeCount=40;
UINT nImportNeedToChangeIndex[]=
{
0X600,0X604,0X608,0X60C,
0X610, 0X618,0X61C,
0X620,0X624,0X628,0X62C,
0X630,0X634,0X638,0X63C,
0X640,0X644, 0X64C,
0X658,0X65C,
0X660, 0X66C,
0X670,
0X688,0X68C,
0X690,0X694,0X698,
0X6A0,0X6A4,0X6A8,0X6AC,
0X6B0,0X6B4,0X6B8,0X6BC,
0X6C0,0X6C4,0X6C8,0X6CC,
};
for(i=0;i<nImportNeedToChangeCount;i++)
{
dwtmp=MAKELONG(
MAKEWORD(codeBY[nImportNeedToChangeIndex[i]],codeBY[nImportNeedToChangeIndex[i]+1]),
MAKEWORD(codeBY[nImportNeedToChangeIndex[i]+2],codeBY[nImportNeedToChangeIndex[i]+3]));
dwtmp+=dwMySectionVirtualAddress+0x600;
dwtmp-=0x2000;
codeBY[nImportNeedToChangeIndex[i]]=LOBYTE(LOWORD(dwtmp));
codeBY[nImportNeedToChangeIndex[i]+1]=HIBYTE(LOWORD(dwtmp));
codeBY[nImportNeedToChangeIndex[i]+2]=LOBYTE(HIWORD(dwtmp));
codeBY[nImportNeedToChangeIndex[i]+3]=HIBYTE(HIWORD(dwtmp));
}
strcpy((CHAR *)&codeBY[0xA46], csPassword);
//写入原来文件的入口和import table的入口
codeBY[0xA56]=LOBYTE(LOWORD(dwitImageBase));
codeBY[0xA57]=HIBYTE(LOWORD(dwitImageBase));
codeBY[0xA58]=LOBYTE(HIWORD(dwitImageBase));
codeBY[0xA59]=HIBYTE(HIWORD(dwitImageBase));
codeBY[0xA5A]=LOBYTE(LOWORD(dwitImageEntryPoint ));
codeBY[0xA5B]=HIBYTE(LOWORD(dwitImageEntryPoint));
codeBY[0xA5C]=LOBYTE(HIWORD(dwitImageEntryPoint));
codeBY[0xA5D]=HIBYTE(HIWORD(dwitImageEntryPoint));
codeBY[0xA5E]=LOBYTE(LOWORD(dwitImportTableEntryPoint));
codeBY[0xA5F]=HIBYTE(LOWORD(dwitImportTableEntryPoint));
codeBY[0xA60]=LOBYTE(HIWORD(dwitImportTableEntryPoint));
codeBY[0xA61]=HIBYTE(HIWORD(dwitImportTableEntryPoint));
for(i=0;i<16;i++)
codeBY[0xBE0+i]=codeBY[0xA56+i];
UCHAR szMyWaterMark[9]="yangboyu";
for(i=0;i<8;i++)
codeBY[0xBF8+i]=szMyWaterMark[i];
file.SeekToEnd();
file.Write(codeBY,0x0C00);
file.Close();
}
void CExeLockDlg::OnUnlock()
{
// TODO: Add your control notification handler code here
CFile file,shellfile;
CString csFilename,csSection[8],csPassword;
CHAR szWaterMark[10],sItOriginalData[16],szItPassword[14];
GetDlgItemText(IDC_FILENAME,csFilename);
GetDlgItemText(IDC_PASSWORD,csPassword);
if(!file.Open(csFilename,CFile::modeReadWrite))
{
MessageBox("不能打开文件!",csFilename);
return;
}
file.Seek(-8,CFile::end);
file.Read(szWaterMark,8);
if(strncmp(szWaterMark,"yangboyu",8))
{
MessageBox("文件还没有加密!");
file.Close();
return;
}
file.Seek(-0x1BA,CFile::end);
file.Read(szItPassword,14);
if (strcmp(szItPassword,csPassword))
{
MessageBox("密码错误!");
file.Close();
return;
}
DWORD dwitImageBase,dwitImageEntryPoint,dwitImportTableEntryPoint;
file.Seek(-32,CFile::end);
file.Read(sItOriginalData,16);
dwitImageBase=MAKELONG(
MAKEWORD(sItOriginalData[0],sItOriginalData[1]),
MAKEWORD(sItOriginalData[2],sItOriginalData[3]));
dwitImageEntryPoint=MAKELONG(
MAKEWORD(sItOriginalData[4],sItOriginalData[5]),
MAKEWORD(sItOriginalData[6],sItOriginalData[7]));
dwitImportTableEntryPoint=MAKELONG(
MAKEWORD(sItOriginalData[8],sItOriginalData[9]),
MAKEWORD(sItOriginalData[10],sItOriginalData[11]));
INT i;
IMAGE_DOS_HEADER dosHeader;
IMAGE_NT_HEADERS ntHeader,ntHeaderBY;
IMAGE_SECTION_HEADER section,sectionBY;
file.SeekToBegin();
file.Read(&dosHeader,sizeof(IMAGE_DOS_HEADER));
file.Seek(dosHeader.e_lfanew,CFile::begin);
file.Read(&ntHeader,sizeof(IMAGE_NT_HEADERS));
ntHeaderBY=ntHeader;
ntHeaderBY.FileHeader.NumberOfSections-=1;
ntHeaderBY.OptionalHeader.AddressOfEntryPoint=dwitImageEntryPoint;
ntHeaderBY.OptionalHeader.SizeOfCode -=0x1000;
ntHeaderBY.OptionalHeader.SizeOfImage-=0x2000;
ntHeaderBY.OptionalHeader.DataDirectory[1].VirtualAddress=dwitImportTableEntryPoint;
ntHeaderBY.OptionalHeader.DataDirectory[1].Size =0x3c;
file.Seek(-sizeof(IMAGE_NT_HEADERS),CFile::current);
file.Write(&ntHeaderBY,sizeof(IMAGE_NT_HEADERS));
//清空Section
file.Seek(sizeof(IMAGE_SECTION_HEADER) *(ntHeader.FileHeader.NumberOfSections-1),CFile::current);
memset(§ionBY,0,sizeof(IMAGE_SECTION_HEADER));
file.Write(§ionBY,sizeof(IMAGE_SECTION_HEADER));
file.SetLength(file.GetLength()-0x0C00);
file.Close();
}
void CExeLockDlg::OnClose()
{
CDialog::OnOK();
}
void CExeLockDlg::OnDropFiles(HDROP hDropInfo)
{
CString dropfile="";
if(DragQueryFile(hDropInfo, -1, NULL, 0))
{
WORD wPathnameSize = DragQueryFile(hDropInfo, 0, NULL, 0);
char * npszFile = (char *) LocalAlloc(LPTR, wPathnameSize += 1);
if (npszFile == NULL) CDialog::OnDropFiles(hDropInfo);
DragQueryFile(hDropInfo, 0, npszFile, wPathnameSize);
dropfile=npszFile;
LocalFree(npszFile);
if(!dropfile.Right(4).CompareNoCase(".exe"))
SetDlgItemText(IDC_FILENAME,dropfile);
}
DragFinish(hDropInfo);
return ;
}
BOOL CExeLockDlg::LoadSheller(PUCHAR puchar)
{
HMODULE ghmodule = GetModuleHandle(NULL);
HRSRC hr = FindResource(ghmodule,MAKEINTRESOURCE(IDR_SHELLERFILE),"FILE");
if (hr==NULL)
{
return FALSE;
}
HGLOBAL hg=LoadResource(ghmodule,hr);
if(hg==NULL)
{
FreeResource(hr);
return FALSE;
}
PUCHAR pv=(PUCHAR)LockResource(hg);
if (pv==NULL)
{
FreeResource(hr);
return FALSE;
}
pv+=0x0400;
memcpy(puchar,pv,0x0C00);
return TRUE;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -