prot.asm

一个简单的软件加壳程序

	add	dword ptr [ebx],eax
	mov	ebx,MapOfShell
	add	ebx,AppImpRVA1-ShellStart0
	add	dword ptr [ebx],eax
	mov	ebx,MapOfShell
	add	ebx,AppImpRVA2-ShellStart0
	add	dword ptr [ebx],eax
	mov	ebx,MapOfShell			;修改外壳输入地址表
	add	ebx,AddressFirst-ShellStart0
	add	dword ptr [ebx],eax
	mov	ebx,MapOfShell
	add	ebx,AddressSecond-ShellStart0
	add	dword ptr [ebx],eax
	mov	ebx,MapOfShell
	add	ebx,AddressThird-ShellStart0
	add	dword ptr [ebx],eax
	;*******保存外壳压缩资料,以备解压******
	mov	ebx,MapOfShell
	add	ebx,ShellBase-ShellStart0
	mov	eax,ShellEnd0-ShellStart0
	.if	IsPackRes == 1
		add	eax,MapOfPackResUsed
	.endif
	mov	dword ptr [ebx],eax
	mov	ebx,MapOfShell
	add	ebx,ShellPackSize-ShellStart0
	mov	eax,ShellSize_NoPack
	mov	dword ptr [ebx],eax
	;*******在文件头增加一个区段资料
	mov	edi,PeHeadBase
	assume	edi : ptr IMAGE_NT_HEADERS
	mov	eax,SecTableBase
	movzx	ecx,word ptr [edi].FileHeader.NumberOfSections
    ModifySectionCharact:
	or	dword ptr [eax+24h],0c0000000h
	add	eax,28h
	loop	ModifySectionCharact
	mov	esi,eax				;新块表起点
	push	edi
	mov	edi,esi
	xor	eax,eax
	mov	ecx,28h
	rep	stosb
	pop	edi
	mov	dword ptr [esi],'gcc.'
	invoke	GetIntegral,ShellSize,SectionAlignment
	mov	dword ptr [esi+08h],eax		;映象大小
	mov	eax,PeImageSize
	mov	dword ptr [esi+0ch],eax		;映象偏移
	invoke	GetIntegral,ShellSize,FileAlignment
	mov	dword ptr [esi+10h],eax		;文件大小
	mov	eax,dword ptr [esi-14h]
	add	eax,dword ptr [esi-18h]
	invoke	GetIntegral,eax,FileAlignment
	mov	dword ptr [esi+14h],eax		;文件偏移
	mov	dword ptr [esi+24h],0c0000040h
	inc	word ptr [edi].FileHeader.NumberOfSections	;区块数加一
	;*******修改文件头的一些资料
	mov	eax,PeImageSize
	mov	dword ptr [edi].OptionalHeader.AddressOfEntryPoint,eax	;修改EntryPoint
	invoke	GetIntegral,ShellSize,SectionAlignment
	add	eax,PeImageSize
	mov	dword ptr [edi].OptionalHeader.SizeOfImage,eax	;修改映象大小
	mov	eax,PeImageSize
	add	eax,ImportTable-ShellStart0			;修改输入表
	mov	dword ptr [edi].OptionalHeader.DataDirectory[SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress,eax
	mov	dword ptr [edi].OptionalHeader.DataDirectory[5*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress,0h
	mov	dword ptr [edi].OptionalHeader.DataDirectory[5*SIZEOF IMAGE_DATA_DIRECTORY].isize,0h
	mov	dword ptr [edi].OptionalHeader.DataDirectory[11*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress,0h
	mov	dword ptr [edi].OptionalHeader.DataDirectory[11*SIZEOF IMAGE_DATA_DIRECTORY].isize,0h
	mov	dword ptr [edi].OptionalHeader.DataDirectory[12*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress,0h
	mov	dword ptr [edi].OptionalHeader.DataDirectory[12*SIZEOF IMAGE_DATA_DIRECTORY].isize,0h
	mov	esi,dword ptr [edi].OptionalHeader.DataDirectory[9*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress
	.if	esi != 0
		add	esi,MapOfFile
		mov	eax,PeImageSize
		add	eax,TlsTable-ShellStart0
		mov	dword ptr [edi].OptionalHeader.DataDirectory[9*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress,eax
		mov	edi,MapOfShell
		add	edi,TlsTable-ShellStart0
		mov	ecx,18h
		rep	movsb
	.endif
	invoke	VirtualFree, ShellBufferMap, 0, MEM_RELEASE
	popad
	invoke	GetIntegral,ShellSize,FileAlignment
	ret
DisposeShell	endp
;***************清空段名**************************
ClsSectionName	PROC
	pushad
	mov	esi,PeHeadBase
	assume	esi : ptr IMAGE_NT_HEADERS
	movzx	ecx,word ptr [esi].FileHeader.NumberOfSections
	mov	edi,SecTableBase	;块表起点
     ClsNextSecName:
	push	ecx
	mov	ecx,8h
	xor	eax,eax
	rep	stosb
	add	edi,20h
	pop	ecx
	loop	ClsNextSecName
	popad
	ret
ClsSectionName	endp
;***************清除重定位数据*********************
ClsRelocation	PROC
	pushad
	mov	edx,PeHeadBase
	mov	esi,dword ptr [edx].OptionalHeader.DataDirectory[5*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress
	.if	esi == 0
		invoke	AddLine,ADDR M_NoRelocData
		popad
		ret
	.endif
	movzx	ecx,word ptr [edx].FileHeader.NumberOfSections
	mov	ebx,SecTableBase
    findRelSec:
	cmp	esi,dword ptr [ebx+0ch]
	jz	foundRelSec
	add	ebx,28h
	loop	findRelSec
	invoke	AddLine,ADDR M_NoRelocSec
	popad
	ret
    foundRelSec:
	mov	eax,dword ptr [ebx]
	.if	eax != 'ler.'
		invoke	AddLine,ADDR M_NoRelocSec
		popad
		ret
	.endif
	mov	edi,dword ptr [ebx+0ch]
	add	edi,MapOfFile
	mov	ecx,dword ptr [ebx+8h]
	xor	eax,eax
	rep	stosb
	mov	dword ptr [ebx+10h],0
	mov 	dword ptr [edx].OptionalHeader.DataDirectory[5*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress,0
	mov	dword ptr [edx].OptionalHeader.DataDirectory[5*SIZEOF IMAGE_DATA_DIRECTORY].isize,0h
	invoke	AddLine,ADDR M_RelocClsOk
	popad
	ret
ClsRelocation	endp
;***************保存设置***************************
SaveTheSet	PROC
	pushad
	.if	IsSaveSet == 1
		.if	IsSaveSet == 1
			inc	I_issaveset_D
		.endif
		.if	IsCreateBak == 1
			inc	I_iscreatebak_D
		.endif
		.if	IsMergeSection == 1
			inc	I_Ismergesection_D
		.endif
		.if	IsPackRes == 1
			inc	I_Ispackres_D
		.endif
		.if	IsSaveSData == 1
			inc	I_Issavesdata_D
		.endif
		.if	IsProtImpTable == 1
			inc	I_Isprotimptable_D
		.endif
		.if	IsCodeProt == 1
			inc	I_Iscodeprot_D
		.endif
		.if	IsClsSecName == 1
			inc	I_Clssecname_D
		.endif
		.if	IsReFileHead == 1
			inc	I_IsReFileHead_D
		.endif
		.if	IsFileAlignment200 == 1
			inc	I_IsFileAlignment200_D
		.endif
		.if	IsNoRelocation == 1
			inc	I_IsNoRelocation_D
		.endif
		invoke	WritePrivateProfileString,addr IniSectionName,addr I_issaveset,addr I_issaveset_D,addr IniFileName
		invoke	WritePrivateProfileString,addr IniSectionName,addr I_iscreatebak,addr I_iscreatebak_D,addr IniFileName
		invoke	WritePrivateProfileString,addr IniSectionName,addr I_Ispackres,addr I_Ispackres_D,addr IniFileName
		invoke	WritePrivateProfileString,addr IniSectionName,addr I_Issavesdata,addr I_Issavesdata_D,addr IniFileName
		invoke	WritePrivateProfileString,addr IniSectionName,addr I_Iscodeprot,addr I_Iscodeprot_D,addr IniFileName
		invoke	WritePrivateProfileString,addr IniSectionName,addr I_Clssecname,addr I_Clssecname_D,addr IniFileName
		invoke	WritePrivateProfileString,addr IniSectionName,addr I_Ismergesection,addr I_Ismergesection_D,addr IniFileName
		invoke	WritePrivateProfileString,addr IniSectionName,addr I_Isprotimptable,addr I_Isprotimptable_D,addr IniFileName
		invoke	WritePrivateProfileString,addr IniSectionName,addr I_IsReFileHead,addr I_IsReFileHead_D,addr IniFileName
		invoke	WritePrivateProfileString,addr IniSectionName,addr I_IsFileAlignment200,addr I_IsFileAlignment200_D,addr IniFileName
		invoke	WritePrivateProfileString,addr IniSectionName,addr I_IsNoRelocation,addr I_IsNoRelocation_D,addr IniFileName
	.endif
	popad
	ret
SaveTheSet	endp
;***************产生垃圾指令***********************
MakeFunkCode	PROC	FuncCodeBase:DWORD
  LOCAL	FunkCodeSize:DWORD
	pushad
	mov	FunkCodeSize,0h
	mov	ecx,100h
	mov	edi,FuncCodeBase
    MakeNextFunkCode:
	push	ecx
	rdtsc
	and	eax,7h
	.if	eax == 0
		lea	esi,Junk_Code_1_Start
		mov	ecx,Junk_Code_1_End-Junk_Code_1_Start
		add	FunkCodeSize,ecx
		rep	movsb
	.elseif	eax == 1
		lea	esi,Junk_Code_2_Start
		mov	ecx,Junk_Code_2_End-Junk_Code_2_Start
		add	FunkCodeSize,ecx
		rep	movsb
	.elseif	eax == 2
		lea	esi,Junk_Code_3_Start
		mov	ecx,Junk_Code_3_End-Junk_Code_3_Start
		add	FunkCodeSize,ecx
		rep	movsb
	.elseif	eax == 3
		lea	esi,Junk_Code_4_Start
		mov	ecx,Junk_Code_4_End-Junk_Code_4_Start
		add	FunkCodeSize,ecx
		rep	movsb
	.elseif	eax == 4
		lea	esi,Junk_Code_5_Start
		mov	ecx,Junk_Code_5_End-Junk_Code_5_Start
		add	FunkCodeSize,ecx
		rep	movsb
	.elseif	eax == 5
		lea	esi,Junk_Code_6_Start
		mov	ecx,Junk_Code_6_End-Junk_Code_6_Start
		add	FunkCodeSize,ecx
		rep	movsb
	.elseif	eax == 6
		lea	esi,Junk_Code_7_Start
		mov	ecx,Junk_Code_7_End-Junk_Code_7_Start
		add	FunkCodeSize,ecx
		rep	movsb
	.elseif	eax == 7
		lea	esi,Junk_Code_8_Start
		mov	ecx,Junk_Code_8_End-Junk_Code_8_Start
		add	FunkCodeSize,ecx
		rep	movsb
	.endif
	xor	eax,eax
	pop	ecx
	dec	ecx
	jnz	MakeNextFunkCode
	popad
	mov	eax,FunkCodeSize
	ret
MakeFunkCode	endp
;***************找各个资源保存地址最前的一个,以后部分可以压缩
FindFirstResADDR	PROC
  LOCAL	FirstResAddr:DWORD
	push	edi
	push	esi
	push	ecx
	mov	FirstResAddr,7fffffffh
	mov	esi,PeHeadBase
	assume	esi : ptr IMAGE_NT_HEADERS
	mov	eax,dword ptr [esi].OptionalHeader.DataDirectory[2*SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress
	mov	esi,eax				;资源起点偏移
	add	eax,MapOfFile
	mov	edi,eax				;资源起点地址
	xor	ecx,ecx
	mov	cx,word ptr [edi+0ch]
	add	cx,word ptr [edi+0eh]		;有几类资源
	add	edi,10h
    SearchNextResType:
	push	ecx
	push	edi
	mov	edi,dword ptr [edi+4h]
	and	edi,7fffffffh			;该类型目录相对于资源起点的偏移
	add	edi,esi
	add	edi,MapOfFile			;该类型目录地址
	xor	ecx,ecx
	mov	cx,word ptr [edi+0ch]
	add	cx,word ptr [edi+0eh]		;该类型中有几个项目
	add	edi,10h
	    SearchNextResObject:	
		push	edi
		mov	edi,dword ptr [edi+4h]
		and	edi,7fffffffh		;该项目目录相对于资源起点的偏移
		add	edi,esi
		add	edi,MapOfFile		;该项目目录地址
		add	edi,10h
		mov	edi,dword ptr [edi+4h]	;该项目相对于资源起点的偏移
		add	edi,esi
		add	edi,MapOfFile		;该项目地址
		mov	eax,dword ptr [edi]	;该项目存放偏移
		.if	eax > esi
			.if	eax < FirstResAddr
				mov	FirstResAddr,eax
			.endif
		.endif
		pop	edi
		add	edi,8h
		loop	SearchNextResObject
	pop	edi
	pop	ecx
	add	edi,8h
	loop	SearchNextResType
	pop	ecx
	pop	esi
	pop	edi
	mov	eax,FirstResAddr
	ret
FindFirstResADDR	endp
;***************移动字符串***************************
MoveString	PROC	SourceStringADDR:DWORD,ObjectStringADDR:DWORD
;将源地址指向的以'00'结尾的字符串复制到目标地址指向的空间,并加密
;除eax外所有寄存器都不变,输出eax的值为复制的字节数
	push	edi
	push	esi
	push	ecx
	mov	edi,ObjectStringADDR
	mov	esi,SourceStringADDR
	xor	eax,eax
	xor	ecx,ecx
    MoveNextByte:
	lodsb
	.if	eax!=0
		stosb
		inc	ecx
	.else
		jmp	AllByteMoved
	.endif
	xor	eax,eax
	jmp	MoveNextByte
    AllByteMoved:
	mov	eax,ecx
	pop	ecx
	pop	esi
	pop	edi
	ret
MoveString	endp
;********************清除一个字符串********************************
ClsString	PROC	SourceStringADDR:DWORD
;将一个以'00'结束的字符串都清为'00'
	push	esi
	push	edi
	push	ecx
	mov	esi,SourceStringADDR
	mov	edi,SourceStringADDR
	xor	eax,eax
	xor	ecx,ecx
    ClsNextByte:
	lodsb
	.if	eax!=0
		xor	al,al
		stosb
		inc	ecx
	.else
		jmp	AllByteCls
	.endif
	xor	eax,eax
	jmp	ClsNextByte
    AllByteCls:
	mov	eax,ecx
	pop	ecx
	pop	edi
	pop	esi
	ret
ClsString	endp
;********************取整*************************************************
GetIntegral	PROC	SourceValue:DWORD,AlignmentValue:DWORD
;将SourceValue根据对齐值AlignmentValue进行取整,常用于对区块长度操作
;返回的值EAX即为取整后的值.
	push	edx
	push	ecx
	mov	eax,SourceValue
	mov	ecx,AlignmentValue
	xor	edx,edx
	div	ecx
	.if   edx!=0
		inc eax	
	.endif
	xor	edx,edx
	mul	AlignmentValue
	pop	ecx
	pop	edx
	ret
GetIntegral	endp
;********************在消息框中增加一行消息输出************************************
AddLine		PROC	LineToAdd: DWORD
  LOCAL	LineLength:DWORD
	pusha
	mov	esi,LineToAdd
	xor	eax,eax
    getlinelength:
	cmp	byte ptr [esi],0
	jz	Lengthgetted
	inc	eax
	inc	esi
	jmp	getlinelength
    Lengthgetted:	
	mov	LineLength, eax
	mov	edi, MessageBufferAddr	
	add	edi, DebugMsgSize
	mov	esi, LineToAdd
	mov	ecx, LineLength
	push	ecx
	shr	ecx, 2
	cld
	rep	movsd
	pop	ecx
	and 	ecx, 3
	rep	movsb
	mov	dword ptr [edi], 00000A0Dh
	mov	eax, LineLength
	add	DebugMsgSize, eax
	add	DebugMsgSize, 2
	invoke	SetDlgItemText, hProtDlg, IDC_MESSAGEBOX_EDIT, MessageBufferAddr
	invoke	SendDlgItemMessage, hProtDlg, IDC_MESSAGEBOX_EDIT, EM_GETLINECOUNT, 0, 0
	dec 	eax
	invoke	SendDlgItemMessage, hProtDlg, IDC_MESSAGEBOX_EDIT, EM_LINESCROLL, 0, eax
	popa
	ret
AddLine		endp
;*****************************************************
end start