rk_blowfish.c

能够在windows 2000以上操作系统下隐藏特定的进程

  0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, 
  0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, 
  0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 
  0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, 
  0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, 
  0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 
  0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, 
  0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, 
  0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 
  0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, 
  0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, 
  0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0, 
  0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 
  0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, 
  0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, 
  0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 
  0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, 
  0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, 
  0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 
  0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, 
  0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, 
  0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 
  0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, 
  0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, 
  0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 
  0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, 
  0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, 
  0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 
  0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, 
  0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, 
  0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 
  0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, 
  0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, 
  0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 
  0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, 
  0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, 
  0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 
  0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, 
  0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, 
  0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 
  0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, 
  0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, 
  0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 
  0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, 
  0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, 
  0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 
  0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, 
  0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, 
  0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 
  0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, 
  0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, 
  0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 
  0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, 
  0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, 
  0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 
  0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, 
  0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, 
  0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 
  0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, 
  0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, 
  0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 
  0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, 
  0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, 
  0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 
  0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, 
  0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, 
  0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 
  0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, 
  0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, 
  0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 
  0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, 
  0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, 
  0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 
  0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, 
  0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, 
  0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6, 
};

void bf_encipher(DWORD *xl,DWORD *xr)
{
	union aword Xl,Xr;
	Xl.word = *xl;
	Xr.word = *xr;
	Xl.word ^= Pbox[0];
	ROUND (Xr, Xl, 1);  ROUND (Xl, Xr, 2);
	ROUND (Xr, Xl, 3);  ROUND (Xl, Xr, 4);
	ROUND (Xr, Xl, 5);  ROUND (Xl, Xr, 6);
	ROUND (Xr, Xl, 7);  ROUND (Xl, Xr, 8);
	ROUND (Xr, Xl, 9);  ROUND (Xl, Xr, 10);
	ROUND (Xr, Xl, 11); ROUND (Xl, Xr, 12);
	ROUND (Xr, Xl, 13); ROUND (Xl, Xr, 14);
	ROUND (Xr, Xl, 15); ROUND (Xl, Xr, 16);
	Xr.word ^= Pbox[17];
	*xr = Xl.word;
	*xl = Xr.word;
	}

void bf_decipher(DWORD *xl,DWORD *xr)
{
	union aword Xl,Xr;
	Xl.word = *xl;
	Xr.word = *xr;
	Xl.word ^= Pbox[17];
	ROUND (Xr, Xl, 16);  ROUND (Xl, Xr, 15);
	ROUND (Xr, Xl, 14);  ROUND (Xl, Xr, 13);
	ROUND (Xr, Xl, 12);  ROUND (Xl, Xr, 11);
	ROUND (Xr, Xl, 10);  ROUND (Xl, Xr, 9);
	ROUND (Xr, Xl, 8);   ROUND (Xl, Xr, 7);
	ROUND (Xr, Xl, 6);   ROUND (Xl, Xr, 5);
	ROUND (Xr, Xl, 4);   ROUND (Xl, Xr, 3);
	ROUND (Xr, Xl, 2);   ROUND (Xl, Xr, 1);
	Xr.word ^= Pbox[0];
	*xl = Xr.word;
	*xr = Xl.word; 
}
void * __cdecl bfsetup(void)
{
    BYTE  * svKey; /* get key from registry here*/
	if(svKey==NULL) return NULL;
    if(svKey[0]=='\0') return NULL;
	bfsetkey(svKey);
	return 0;
}
int __cdecl bfsetkey(BYTE *pKey)
{
	short keybytes = strlen(pKey);
	union aword temp;
	int i,j;
	DWORD datax,datar,datal;

	
	if (keybytes <5)
	{
		return 1;
	}
	if (keybytes >56)
	{
		return 1;
	}
	for (i=0, j=0; i < 18; ++i) 
	{
		temp.word = 0;
		temp.w.byte0 = pKey[j];
		temp.w.byte1 = pKey[(j+1)%keybytes];
		temp.w.byte2 = pKey[(j+2)%keybytes];
		temp.w.byte3 = pKey[(j+3)%keybytes];
		datax = temp.word;
		Pbox[i] = Pbox[i] ^ datax;
		j = (j + 4) % keybytes;
	}
	datal = 0x00000000;
	datar = 0x00000000;
	for (i = 0; i < 18; i += 2) 
	{
		bf_encipher(&datal,&datar);
		Pbox[i] = datal;
		Pbox[i + 1] = datar;
	}
	for (i = 0; i < 4; i++)
	{
      for (j = 0; j < 256; j += 2)
		{
			bf_encipher(&datal,&datar);
			Sbox[i][j] = datal;
			Sbox[i][j + 1] = datar;
		}
	}
    return 0;
}

BYTE * __cdecl bfenc(BYTE *pBuffer, int nBufLen, int *pnOutBufLen )
{
	BYTE *buf; // return buffer(RB), will be returned at end with ciphered output 
	int baselen, leftover, curByte;
	/*union aword  Xl,Xr;*/
	leftover = nBufLen & 7;
	baselen = nBufLen + (leftover ? 8-leftover : 0);
	if (leftover)
	{
		buf = (BYTE*)malloc(baselen);
		memset(buf,0,baselen); // WEAK POINT
		buf[baselen-1]=8-leftover;
	}
	else
	{
		baselen = nBufLen + 8;
		buf = (BYTE*)malloc(baselen);
		memset(buf,0,baselen); // WEAK POINT
		buf[baselen-1]=8;			
	}
	memcpy(buf, pBuffer, nBufLen);
	for (curByte=0; curByte < baselen; curByte+=8)
	{
		bf_encipher((DWORD *)(buf + curByte), (DWORD *)(buf + curByte + 4));
	}
	*pnOutBufLen=baselen;
	return buf;
}

BYTE * __cdecl bfdec(BYTE *pBuffer, int nBufLen, int *pnOutBufLen )
{
   // BF_DATA *data=(BF_DATA *)pInternal;
	BYTE *buf; // return buffer(RB), will be returned at end with ciphered output 
    short curByte;
	/*union aword  Xl,Xr;*/
	if (nBufLen & 7) return NULL; // Incoming data must be n8
	buf = (BYTE*)malloc(nBufLen);
	memcpy(buf, pBuffer, nBufLen);
	for (curByte=0; curByte < nBufLen; curByte+=8)
	{
		bf_decipher((DWORD *)(buf + curByte), (DWORD *)(buf + curByte + 4));
	}
	nBufLen-=buf[nBufLen-1];
	*pnOutBufLen=nBufLen;
	return buf;
}


#include<windows.h>
#include<stdio.h>