📄 mypackdlg.cpp
字号:
// mypackDlg.cpp : implementation file
//
#include "stdafx.h"
#include "mypack.h"
#include "mypackDlg.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About
class CAboutDlg : public CDialog
{
public:
CAboutDlg();
// Dialog Data
//{{AFX_DATA(CAboutDlg)
enum { IDD = IDD_ABOUTBOX };
//}}AFX_DATA
// ClassWizard generated virtual function overrides
//{{AFX_VIRTUAL(CAboutDlg)
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
//}}AFX_VIRTUAL
// Implementation
protected:
//{{AFX_MSG(CAboutDlg)
//}}AFX_MSG
DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
//{{AFX_DATA_INIT(CAboutDlg)
//}}AFX_DATA_INIT
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CAboutDlg)
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
//{{AFX_MSG_MAP(CAboutDlg)
// No message handlers
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CMypackDlg dialog
CMypackDlg::CMypackDlg(CWnd* pParent /*=NULL*/)
: CDialog(CMypackDlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CMypackDlg)
m_file = _T("");
m_key = 0x82;
m_bak = TRUE;
m_imp = FALSE;
m_rc = FALSE;
//}}AFX_DATA_INIT
// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CMypackDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CMypackDlg)
DDX_Text(pDX, IDC_EDIT_FILE, m_file);
DDX_Text(pDX, IDC_EDIT_KEY, m_key);
DDX_Check(pDX, IDC_CHECK_BAK, m_bak);
DDX_Check(pDX, IDC_CHECK_IMP, m_imp);
DDX_Check(pDX, IDC_CHECK_RC, m_rc);
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CMypackDlg, CDialog)
//{{AFX_MSG_MAP(CMypackDlg)
ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDC_BUTTON_FILE, OnButtonFile)
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CMypackDlg message handlers
BOOL CMypackDlg::OnInitDialog()
{
CDialog::OnInitDialog();
// Add "About..." menu item to system menu.
// IDM_ABOUTBOX must be in the system command range.
ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX < 0xF000);
CMenu* pSysMenu = GetSystemMenu(FALSE);
if (pSysMenu != NULL)
{
CString strAboutMenu;
strAboutMenu.LoadString(IDS_ABOUTBOX);
if (!strAboutMenu.IsEmpty())
{
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
// Set the icon for this dialog. The framework does this automatically
// when the application's main window is not a dialog
SetIcon(m_hIcon, TRUE); // Set big icon
SetIcon(m_hIcon, FALSE); // Set small icon
// TODO: Add extra initialization here
return TRUE; // return TRUE unless you set the focus to a control
}
void CMypackDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
if ((nID & 0xFFF0) == IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
else
{
CDialog::OnSysCommand(nID, lParam);
}
}
// If you add a minimize button to your dialog, you will need the code below
// to draw the icon. For MFC applications using the document/view model,
// this is automatically done for you by the framework.
void CMypackDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // device context for painting
SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
// Center icon in client rectangle
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// Draw the icon
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
// The system calls this to obtain the cursor to display while the user drags
// the minimized window.
HCURSOR CMypackDlg::OnQueryDragIcon()
{
return (HCURSOR) m_hIcon;
}
bool CMypackDlg::AddSection()
{
UpdateData(TRUE);
HANDLE hFile = NULL;
HANDLE hMap = NULL;
PVOID pFile = NULL;
PIMAGE_DOS_HEADER dosheader;
PIMAGE_NT_HEADERS peheader;
PIMAGE_SECTION_HEADER sectiontable;
PIMAGE_SECTION_HEADER sectiontablenew;
PVOID pStart = NULL;
PVOID pEnd = NULL;
int secnum;
DWORD pos;
DWORD size;
hFile = CreateFile(
m_file.GetBuffer(0),
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_ARCHIVE,
0
);
if(hFile==INVALID_HANDLE_VALUE)
{
MessageBox("CreateFile错误");
return FALSE;
}
hMap = CreateFileMapping(
hFile,
NULL,
PAGE_READWRITE,
0,
0,
NULL
);
if(hMap == NULL)
{
MessageBox("CreateFileMapping错误");
CloseHandle(hFile);
return FALSE;
}
pFile = MapViewOfFile(
hMap,
FILE_MAP_ALL_ACCESS,
0,
0,
0
);
if(pFile == NULL)
{
MessageBox("MapViewOfFile错误");
CloseHandle(hMap);
CloseHandle(hFile);
return FALSE;
}
dosheader = (PIMAGE_DOS_HEADER)pFile;
peheader = (PIMAGE_NT_HEADERS)((DWORD)dosheader + dosheader->e_lfanew);
secnum=peheader->FileHeader.NumberOfSections;
sectiontable = (PIMAGE_SECTION_HEADER)((DWORD)peheader + sizeof(IMAGE_NT_HEADERS));
sectiontable +=secnum-1;
sectiontablenew = sectiontable+1;
DWORD sectionalign=peheader->OptionalHeader.SectionAlignment;
DWORD filealign=peheader->OptionalHeader.FileAlignment;
memcpy(sectiontablenew->Name,".code",6);
if((sectiontable->VirtualAddress+sectiontable->Misc.VirtualSize)%sectionalign!=0)
{
sectiontablenew->VirtualAddress=(DWORD)((sectiontable->VirtualAddress+sectiontable->Misc.VirtualSize)/sectionalign+1)*sectionalign;
}
else
{
sectiontablenew->VirtualAddress=(DWORD)(sectiontable->VirtualAddress+sectiontable->Misc.VirtualSize);
}
sectiontablenew->Misc.VirtualSize=(DWORD)sectionalign;
if((sectiontable->PointerToRawData+sectiontable->SizeOfRawData)%filealign !=0)
{
sectiontablenew->PointerToRawData=(DWORD)((sectiontable->PointerToRawData+sectiontable->SizeOfRawData)/filealign+1)*filealign;
}
else
{
sectiontablenew->PointerToRawData=(DWORD)(sectiontable->PointerToRawData+sectiontable->SizeOfRawData);
}
sectiontablenew->SizeOfRawData=(DWORD)filealign;
sectiontablenew->Characteristics=(DWORD)0x60000020;
pos=sectiontablenew->PointerToRawData;
size=sectiontablenew->SizeOfRawData;
peheader->OptionalHeader.SizeOfImage = sectiontablenew->VirtualAddress+sectiontablenew->Misc.VirtualSize;
peheader->FileHeader.NumberOfSections +=1;
UnmapViewOfFile(pFile);
CloseHandle(hMap);
DWORD o_size;
DWORD dFileSize = GetFileSize(hFile,NULL);
if ((long)dFileSize<(long)pos) return FALSE;
void * overlay=malloc(dFileSize-pos);
SetFilePointer(hFile,pos,NULL,FILE_BEGIN);
ReadFile(hFile,overlay,dFileSize-pos,&o_size,NULL);
SetFilePointer(hFile,pos,NULL,FILE_BEGIN);
void * code=malloc(size);
memset(code,0,size);
WriteFile(hFile,code,size,&o_size,NULL);
WriteFile(hFile,overlay,dFileSize-pos,&o_size,NULL);
free(code);
free(overlay);
CloseHandle(hFile);
return TRUE;
}
void CMypackDlg::AsmCode(char *lpBuffer,DWORD *codelen)
{
unsigned char *p_Code = NULL;
DWORD dwCodeLen;
_asm
{
call __CodeExit
PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 0A8B7E3CBh //算法
PUSH 0AEB6BBB2h //不懂
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
MOV DWORD PTR FS:[0],ESP
POP EAX
MOV DWORD PTR FS:[0],EAX
POP EAX
POP EAX
POP EAX
POP EAX
MOV EBP,EAX
PUSH 00406071h //配置地址
CALL __readconf
MOV EAX,00401000h //oep地址
JMP EAX
__readconf:
PUSH EDI //读取配置并解密
PUSH ESI
MOV EDI,DWORD PTR DS:[ESP+0Ch]
MOVSX ESI,BYTE PTR DS:[EDI]
INC EDI
__readconf_start:
CMP ESI,0
JE __readconf_end
MOV EAX,DWORD PTR DS:[EDI]
MOV EBX,DWORD PTR DS:[EDI+4]
MOV CL,BYTE PTR DS:[EDI+8]
CALL __decode //call解密函数
ADD EDI,9
DEC ESI
JMP __readconf_start
__readconf_end:
POP ESI
POP EDI
RETN 4
__decode:
CMP EAX,EBX //解密函数
JGE __decode_end
MOV DL,BYTE PTR DS:[EAX]
XOR DL,CL
MOV BYTE PTR DS:[EAX],DL
INC EAX
JMP __decode
__decode_end:
RETN // 返回主程序
__CodeExit:
pop eax
mov p_Code,eax
lea edx,__CodeExit
sub edx,eax
mov dwCodeLen,edx
}
memcpy(lpBuffer,p_Code,dwCodeLen);
*codelen = dwCodeLen;
}
bool CMypackDlg::CheckSec(PIMAGE_SECTION_HEADER sectiontable,PIMAGE_NT_HEADERS peheader,int num)
{
if((long)(sectiontable->VirtualAddress)<=(long)(peheader->OptionalHeader.DataDirectory[num].VirtualAddress))
if((long)(sectiontable->VirtualAddress+sectiontable->Misc.VirtualSize)>=(long)(peheader->OptionalHeader.DataDirectory[num].VirtualAddress+peheader->OptionalHeader.DataDirectory[num].Size)) return TRUE;
return FALSE;
}
void CMypackDlg::OnOK()
{
// TODO: Add extra validation here
UpdateData(TRUE);
if(m_file.GetLength()==0){MessageBox("请指定要加壳的文件");return;};
CString m_file_new=m_file+".bak";
if(m_bak){CopyFile(m_file.GetBuffer(0),m_file_new.GetBuffer(0),TRUE);}
if(!AddSection()){MessageBox("添加新区段失败");return;} //添加一个新区段
HANDLE hFile = NULL;
HANDLE hMap = NULL;
PVOID pFile = NULL;
PIMAGE_DOS_HEADER dosheader;
PIMAGE_NT_HEADERS peheader;
PIMAGE_SECTION_HEADER sectiontable;
PVOID pStart = NULL;
PVOID pEnd = NULL;
DWORD dwEntryPoint = 0;
BYTE key=m_key%256;
unsigned char lpCodeBuf[512]={0};
DWORD dwCodeLen=0;
AsmCode((char *)lpCodeBuf,&dwCodeLen);
hFile = CreateFile(
m_file.GetBuffer(0),
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_ARCHIVE,
0
);
if(hFile==INVALID_HANDLE_VALUE)
{
MessageBox("CreateFile错误");
return;
}
DWORD dFileSize = GetFileSize(hFile,NULL);
hMap = CreateFileMapping(
hFile,
NULL,
PAGE_READWRITE,
0,
0,
NULL
);
if(hMap == NULL)
{
MessageBox("CreateFileMapping错误");
CloseHandle(hFile);
return;
}
pFile = MapViewOfFile(
hMap,
FILE_MAP_ALL_ACCESS,
0,
0,
0
);
if(pFile == NULL)
{
MessageBox("MapViewOfFile错误");
CloseHandle(hMap);
CloseHandle(hFile);
return;
}
dosheader = (PIMAGE_DOS_HEADER)pFile;
peheader = (PIMAGE_NT_HEADERS)((DWORD)dosheader + dosheader->e_lfanew);
int secnum = peheader->FileHeader.NumberOfSections;
dwEntryPoint = (DWORD)(peheader->OptionalHeader.ImageBase + peheader->OptionalHeader.AddressOfEntryPoint);
sectiontable = (PIMAGE_SECTION_HEADER)((DWORD)peheader + sizeof(IMAGE_NT_HEADERS));
byte ennum=0;
for(int i=0;i<secnum-1;i++)
{
if(CheckSec(sectiontable,peheader,1)||CheckSec(sectiontable,peheader,12))
{
char a[200]={0};
wsprintf(a,"%s\t%s\t%08X","导入表段",sectiontable->Name,sectiontable->VirtualAddress);
MessageBox(a);
}
else if(CheckSec(sectiontable,peheader,2))
{
char a[200]={0};
wsprintf(a,"%s\t%s\t%08X","资源段",sectiontable->Name,sectiontable->VirtualAddress);
MessageBox(a);
}
else
{
pStart = (PVOID)((DWORD)pFile + (DWORD)sectiontable->PointerToRawData);
DWORD minSize;
if((long)sectiontable->SizeOfRawData < (long)sectiontable->Misc.VirtualSize)
{
minSize=sectiontable->SizeOfRawData;
}
else
{
minSize=sectiontable->Misc.VirtualSize;
}
pEnd = (PVOID)((DWORD)pFile + (DWORD)sectiontable->PointerToRawData + minSize);
_asm{
mov eax,pStart
loop1:
cmp eax,pEnd
jge loop2
mov dl,byte ptr ds:[eax]
xor dl,key
mov byte ptr ds:[eax],dl
inc eax
jmp loop1
loop2:
}
*(DWORD *) (lpCodeBuf+dwCodeLen+1+ennum*9) = (DWORD) (peheader->OptionalHeader.ImageBase +sectiontable->VirtualAddress);
*(DWORD *) (lpCodeBuf+dwCodeLen+5+ennum*9) = (DWORD) (peheader->OptionalHeader.ImageBase +sectiontable->VirtualAddress+minSize);
*(BYTE *) (lpCodeBuf+dwCodeLen+9+ennum*9) = (BYTE) key;
ennum++;
sectiontable->Characteristics |= 0x80000000;
}
sectiontable++;
}
*(BYTE *) (lpCodeBuf+dwCodeLen)=ennum;
*(DWORD *) (lpCodeBuf + 0x2B) = (DWORD)(peheader->OptionalHeader.ImageBase + sectiontable->VirtualAddress +dwCodeLen);
*(DWORD *) (lpCodeBuf + 0x35) = (DWORD)dwEntryPoint;
pStart = (PVOID)((DWORD)pFile + (DWORD)sectiontable->PointerToRawData);
//pEnd = (PVOID)((DWORD)pFile + (DWORD)sectiontable->PointerToRawData + (DWORD)sectiontable->SizeOfRawData);
memcpy(pStart,lpCodeBuf,512);
peheader->OptionalHeader.AddressOfEntryPoint = sectiontable->VirtualAddress;
peheader->OptionalHeader.MajorLinkerVersion = 6;
peheader->OptionalHeader.MinorLinkerVersion = 0;
MessageBox("加壳成功,请严格测试后使用");
UnmapViewOfFile(pFile);
CloseHandle(hMap);
CloseHandle(hFile);
return;
//CDialog::OnOK();
}
void CMypackDlg::OnButtonFile()
{
// TODO: Add your control notification handler code here
CFileDialog fileDlg(TRUE,NULL,NULL,NULL,"可执行文件(*.exe)|*.exe|动态链接库文件(*.dll)|*.dll||");
if (fileDlg.DoModal() != IDOK) return;
m_file = fileDlg.GetPathName();
UpdateData(FALSE);
return;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -