📄 erika.c
字号:
#include "KByS.h"
#include "Erika.h"
DWORD __stdcall packbuff(unsigned char *inBuffer,DWORD inSize);
///////////////////////////////////////////////////////////////
void mycallback(UINT a,UINT b)
{
char szShow[8];
DWORD c;
c = a*100/SizeOfPack;
szShow[0] = (c/10)+0x30;
szShow[1] = (c%10)+0x30;
szShow[2] = '%';
szShow[3] = 0;
SetDlgItemText(hWnd, IDC_KBYS, szShow);
return;
}
///////////////////////////////////////////////////////////////
void BackupSrcFile(LPBYTE szSrcFileName)
{
char szDstFileName[MAX_PATH];
strcpy(szDstFileName, szSrcFileName);
strcat(szDstFileName, ".bak");
CopyFile(szSrcFileName, szDstFileName, FALSE);
}
///////////////////////////////////////////////////////////////
BOOL IsPE(HANDLE hFile)
{
WORD temp;
DWORD dwEntryPoint;
DWORD dwRead;
DWORD dwOffset;
SetFilePointer(hFile, 0, NULL, FILE_BEGIN);
ReadFile(hFile, &temp, 2, &dwRead, NULL);
if (temp != 'ZM')
return FALSE;
SetFilePointer(hFile, 0x3C, NULL, FILE_BEGIN);
ReadFile(hFile, &dwOffset, 4, &dwRead, NULL);
SetFilePointer(hFile, dwOffset, NULL, FILE_BEGIN);
ReadFile(hFile, &temp, 2, &dwRead, NULL);
if (temp != 'EP')
return FALSE;
SetFilePointer(hFile, dwOffset+0x16, NULL, FILE_BEGIN);
ReadFile(hFile, &temp, 2, &dwRead, NULL);
SetFilePointer(hFile, dwOffset+0x28, NULL, FILE_BEGIN);
ReadFile(hFile, &dwEntryPoint, 4, &dwRead, NULL);
if (dwEntryPoint == 0)
return FALSE;
if ((temp & 0x2000) != 0)
bDLL = TRUE;
else
bDLL = FALSE;
SetFilePointer(hFile, 0, NULL, FILE_BEGIN);
return TRUE;
}
///////////////////////////////////////////////////////////////
void MapFile(HANDLE hFile)
{
DWORD dwRead;
DWORD dwOffset;
DWORD dwImageSize;
DWORD dwHeadSize;
DWORD i;
SetFilePointer(hFile, 0x3C, NULL, FILE_BEGIN);
ReadFile(hFile, &dwOffset, 4, &dwRead, NULL);
SetFilePointer(hFile, dwOffset+0x50, NULL, FILE_BEGIN);
ReadFile(hFile, &dwImageSize, 4, &dwRead, NULL);
SetFilePointer(hFile, dwOffset+0x54, NULL, FILE_BEGIN);
ReadFile(hFile, &dwHeadSize, 4, &dwRead, NULL);
MapOfFile = (LPBYTE)VirtualAlloc(0, dwImageSize, MEM_COMMIT, PAGE_READWRITE);
SetFilePointer(hFile, 0, NULL, FILE_BEGIN);
ReadFile(hFile, MapOfFile, dwHeadSize, &dwRead, NULL);
PE = (IMAGE_NT_HEADERS32 *)(MapOfFile+dwOffset);
SH = IMAGE_FIRST_SECTION32(PE);
for (i=0; i<PE->FileHeader.NumberOfSections; i++)
{
SetFilePointer(hFile, (SH+i)->PointerToRawData, NULL, FILE_BEGIN);
ReadFile(hFile, (SH+i)->VirtualAddress+MapOfFile, (SH+i)->SizeOfRawData, &dwRead, NULL);
}
}
///////////////////////////////////////////////////////////////
void OverlayFile(HANDLE hFile)
{
DWORD dwFileSize;
DWORD dwRead;
dwFileSize = GetFileSize(hFile, NULL);
dwFileSize -= (SH+PE->FileHeader.NumberOfSections-1)->SizeOfRawData + (SH+PE->FileHeader.NumberOfSections-1)->PointerToRawData;
SizeOfOverlay = dwFileSize;
if (SizeOfOverlay != 0)
{
MapOfOverlay = VirtualAlloc(NULL, SizeOfOverlay, MEM_COMMIT, PAGE_READWRITE);
ReadFile(hFile, MapOfOverlay, SizeOfOverlay, &dwRead, NULL);
}
else
{
MapOfOverlay = NULL;
SizeOfOverlay = 0;
}
return ;
}
///////////////////////////////////////////////////////////////
void FuckE8E9()
{
DWORD dwStartMap;
DWORD dwEndMap;
DWORD dwMagic;
DWORD i;
BYTE dwCode;
DWORD dwAddr;
dwStartMap = SH->VirtualAddress + (DWORD)MapOfFile;
dwEndMap = SH->Misc.VirtualSize + dwStartMap;
MagicMark = 0;
MagicNumber = 0;
i = 0;
for (dwMagic=1; dwMagic<0xFF; dwMagic++)
{
if (i == dwEndMap)
{
break ;
}
for (i=dwStartMap; i<dwEndMap; i++)
{
dwCode = *(LPBYTE)i;
if (dwCode == 0xE8 || dwCode == 0xE9)
{
dwAddr = i + 5 + *(LPDWORD)(i+1);
if (dwAddr>dwStartMap && dwAddr<dwEndMap)
{
continue ;
}
dwCode = *(LPBYTE)(i+1);
if (dwCode == dwMagic)
{
break ;
}
}
}
}
dwMagic--;
if (dwMagic == 0xFE)
{
MagicMark = dwMagic;
return ;
}
for (i=dwStartMap; i<dwEndMap; i++)
{
dwCode = *(LPBYTE)i;
if (dwCode == 0xE8 || dwCode == 0xE9)
{
dwAddr = i + 5 + *(LPDWORD)(i+1);
if (dwAddr>dwStartMap && dwAddr<dwEndMap)
{
dwAddr -= (DWORD)MapOfFile+SH->VirtualAddress+4;
__asm
{
push eax
mov eax, dwAddr
bswap eax
mov dwAddr, eax
pop eax
}
*(LPDWORD)(i+1) = dwAddr;
*(LPBYTE)(i+1) = dwMagic;
i += 4;
MagicNumber++;
}
}
}
if (MagicNumber == 0)
{
MagicMark = 0xFE;
return ;
}
MagicMark = dwMagic;
}
///////////////////////////////////////////////////////////////
void FuckReloc()
{
DWORD dwRelocAddress;
DWORD dwRelocSize;
DWORD dwBlockAddress;
DWORD dwBlockSize;
DWORD dwAddress;
LPWORD lpAddress;
DWORD dwRelocBase;
dwRelocAddress = PE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress;
dwRelocSize = PE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
if (dwRelocAddress == 0 || dwRelocSize == 0)
{
MapOfReloc = NULL;
SizeOfReloc = 0;
return ;
}
if (!bDLL)
{
memset((LPVOID)(dwRelocAddress+MapOfFile), 0, dwRelocSize);
PE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress = 0;
PE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size = 0;
return ;
}
MapOfReloc = VirtualAlloc(NULL, dwRelocSize * 2, MEM_COMMIT, PAGE_READWRITE);
SizeOfReloc = 0;
lpAddress = (LPWORD)(MapOfFile+dwRelocAddress);
dwRelocBase = PE->OptionalHeader.ImageBase + SH->VirtualAddress;
while (dwRelocSize > 0)
{
dwBlockAddress = *(LPDWORD)(lpAddress);
lpAddress++;
lpAddress++;
dwBlockSize = *(LPDWORD)(lpAddress);
lpAddress++;
lpAddress++;
dwRelocSize -= dwBlockSize;
dwBlockSize -= 8;
while (dwBlockSize > 0)
{
if ( (*lpAddress) != 0 )
{
dwAddress = (*lpAddress) & 0xFFF;
dwAddress += dwBlockAddress;
dwAddress += (DWORD)MapOfFile;
*(LPDWORD)(MapOfReloc+SizeOfReloc) = dwAddress - (DWORD)MapOfFile + PE->OptionalHeader.ImageBase;
SizeOfReloc += 4;
*(LPDWORD)(dwAddress) -= dwRelocBase;
}
lpAddress++;
dwBlockSize -= 2;
}
}
dwRelocAddress = PE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress;
dwRelocSize = PE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
memset((LPVOID)(dwRelocAddress+MapOfFile), 0, dwRelocSize);
PE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress = 0;
PE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size = 0;
return ;
}
///////////////////////////////////////////////////////////////
void MakeReloc()
{
DWORD dwSize;
DWORD temp;
DWORD dwRelocBase;
DWORD dwPrevAddress;
DWORD dwAddress;
DWORD dwDelta;
DWORD dwNewSize;
BOOL bExchange;
int i;
int j;
if (MapOfReloc == NULL || SizeOfReloc == 0)
return ;
dwSize = SizeOfReloc/4;
for (i=0; i<dwSize; i++)
{
bExchange = FALSE;
for (j=dwSize-2; j>=i; j--)
{
if (*(LPDWORD)(MapOfReloc+(j+1)*4) < *(LPDWORD)(MapOfReloc+j*4))
{
temp = *(LPDWORD)(MapOfReloc+(j+1)*4);
*(LPDWORD)(MapOfReloc+(j+1)*4) = *(LPDWORD)(MapOfReloc+j*4);
*(LPDWORD)(MapOfReloc+j*4) = temp;
bExchange = TRUE;
}
}
if (!bExchange)
break ;
}
dwRelocBase = PE->OptionalHeader.ImageBase + SH->VirtualAddress-4;
dwPrevAddress = dwRelocBase;
dwNewSize = 0;
for (i=0; i<dwSize; i++)
{
dwAddress = *(LPDWORD)(MapOfReloc+i*4);
dwDelta = dwAddress - dwPrevAddress;
dwPrevAddress = dwAddress;
if (dwDelta >= 0x100000)
{
*(LPWORD)(MapOfReloc+dwNewSize) = 0xF0;
dwNewSize += 1;
*(LPWORD)(MapOfReloc+dwNewSize) = 0x00;
dwNewSize += 2;
*(LPDWORD)(MapOfReloc+dwNewSize) = dwDelta;
dwNewSize += 4;
}
else if (dwDelta >= 0xF0)
{
*(LPWORD)(MapOfReloc+dwNewSize) = 0xF0 | (dwDelta >> 0x10);
dwNewSize += 1;
*(LPWORD)(MapOfReloc+dwNewSize) = dwDelta & 0xFFFF;
dwNewSize += 2;
}
else if (dwDelta > 0)
{
*(LPBYTE)(MapOfReloc+dwNewSize) = dwDelta;
dwNewSize += 1;
}
}
*(LPBYTE)(MapOfReloc+dwNewSize) = 0;
dwNewSize += 1;
SizeOfReloc = dwNewSize;
return ;
}
///////////////////////////////////////////////////////////////
DWORD GetSizeIAT()
{
DWORD dwFullSize;
DWORD dwThunk;
IMAGE_IMPORT_DESCRIPTOR* IID;
dwFullSize = 0;
IID = (IMAGE_IMPORT_DESCRIPTOR *)(MapOfFile + PE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
while (IID->Name != 0)
{
dwFullSize += 4;
dwFullSize += strlen((char *)MapOfFile+IID->Name) + 1;
if (IID->OriginalFirstThunk != 0)
dwThunk = (DWORD)(IID->OriginalFirstThunk+MapOfFile);
else
dwThunk = (DWORD)(IID->FirstThunk+MapOfFile);
while (*(LPDWORD)dwThunk != 0)
{
if ( ((*(LPDWORD)dwThunk)>>31 & 1) == 1)
dwFullSize += 4;
else
dwFullSize += strlen((char *)(MapOfFile + 2 + *(LPDWORD)dwThunk)) + 1;
dwThunk += 4;
}
dwFullSize += 4;
IID ++;
}
return dwFullSize;
}
///////////////////////////////////////////////////////////////
void FuckIAT()
{
DWORD dwSize;
DWORD dwThunk;
DWORD dwThunk2;
IMAGE_IMPORT_DESCRIPTOR* IID;
MapOfIAT = (LPBYTE)VirtualAlloc(NULL, SizeOfIAT, MEM_COMMIT, PAGE_READWRITE);
dwSize = 0;
IID = (IMAGE_IMPORT_DESCRIPTOR *)(MapOfFile + PE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
while (IID->Name != 0)
{
if (IID->OriginalFirstThunk != 0)
{
dwThunk = (DWORD)(IID->OriginalFirstThunk+MapOfFile);
dwThunk2 = (DWORD)(IID->FirstThunk+MapOfFile);
}
else
{
dwThunk = (DWORD)(IID->FirstThunk+MapOfFile);
dwThunk2 = dwThunk;
}
*(LPDWORD)(MapOfIAT+dwSize) = dwThunk2 - (DWORD)MapOfFile;
dwSize += 4;
strcpy(MapOfIAT+dwSize, (char *)MapOfFile+IID->Name);
dwSize += strlen((char *)MapOfFile+IID->Name) + 1;
while (*(LPDWORD)dwThunk != 0)
{
if ( ((*(LPDWORD)dwThunk)>>31 & 1) == 1)
{
*(LPDWORD)(MapOfIAT+dwSize) = *(LPDWORD)dwThunk;
dwSize += 4;
*(LPDWORD)dwThunk = 0;
}
else
{
strcpy(MapOfIAT+dwSize, (char *)(MapOfFile + 2 + *(LPDWORD)dwThunk));
dwSize += strlen((char *)(MapOfFile + 2 + *(LPDWORD)dwThunk)) + 1;
memset((char *)(MapOfFile + *(LPDWORD)dwThunk), 0, strlen((char *)(MapOfFile + 2 + *(LPDWORD)dwThunk))+2);
}
*(LPDWORD)dwThunk = 0;
*(LPDWORD)dwThunk2 = 0;
dwThunk += 4;
dwThunk2 += 4;
}
dwSize += 4;
IID->Characteristics = 0;
IID->FirstThunk = 0;
IID->ForwarderChain = 0;
IID->OriginalFirstThunk =0;
IID->TimeDateStamp = 0;
memset((char *)MapOfFile+IID->Name, 0, strlen((char *)MapOfFile+IID->Name));
IID->Name = 0;
IID ++;
}
return ;
}
///////////////////////////////////////////////////////////////
void GetIconRSRC()
{
DWORD dwRSRCAddr;
DWORD dwRSRCSize;
DWORD dwType;
DWORD dwObj;
DWORD iType;
DWORD iObj;
IMAGE_RESOURCE_DIRECTORY *IRD1;
IMAGE_RESOURCE_DIRECTORY *IRD2;
IMAGE_RESOURCE_DIRECTORY *IRD3;
IMAGE_RESOURCE_DATA_ENTRY *I_DAT_E;
IMAGE_RESOURCE_DIRECTORY_ENTRY *I_DIR_E_TYPE;
IMAGE_RESOURCE_DIRECTORY_ENTRY *I_DIR_E_OBJ;
IMAGE_RESOURCE_DIRECTORY_ENTRY *I_DIR_E;
DWORD GICONAddr = 0;
DWORD GICONSize = 0;
DWORD iIcon;
dwRSRCAddr = PE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress;
dwRSRCSize = PE->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].Size;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -